BKA Trojaner (mit Webcamfenster)
 

Hallo habe einen Trojaner eingefangen.

Comfix sagt folgendes:

ComboFix 12-07-16.01 - Christian 17.07.2012 6:54.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4076.2986 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-17 bis 2012-07-17 ))))))))))))))))))))))))))))))
.
.
2012-07-17 05:07 . 2012-07-17 05:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 04:56 . 2012-07-17 04:56 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDA8F79E-3A98-4AB6-824C-A216A50A4F36}\offreg.dll
2012-07-17 01:49 . 2010-11-17 23:45 67072 ----a-w- c:\windows\system32\Ssdevm64.dll
2012-07-17 01:49 . 2010-01-19 20:58 160272 ----a-w- c:\windows\system32\TWAINDSM.dll
2012-07-17 01:49 . 2009-10-28 19:06 43520 ----a-w- c:\windows\system32\Ssusbp64.dll
2012-07-17 01:49 . 2010-10-21 21:46 207872 ----a-w- c:\windows\system32\SNWIAUI.dll
2012-07-17 01:49 . 2010-10-21 18:22 709632 ----a-w- c:\windows\system32\SnMinDrv.dll
2012-07-17 01:49 . 2010-10-21 18:22 163840 ----a-w- c:\windows\system32\SnImgFlt.dll
2012-07-17 01:49 . 2010-10-21 18:22 103424 ----a-w- c:\windows\system32\SnErHdlr.dll
2012-07-17 01:49 . 2010-05-20 22:08 280064 ----a-w- c:\windows\system32\snWIAMUI.dll
2012-07-17 01:49 . 2009-06-10 20:31 123256 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-07-17 01:49 . 2009-06-10 20:31 1165664 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-07-17 01:49 . 2009-06-10 20:30 8016 ----a-w- c:\windows\system32\icardres.dll
2012-07-17 01:49 . 2009-06-10 20:30 170328 ----a-w- c:\windows\system32\infocardapi.dll
2012-07-14 16:28 . 2012-07-14 16:28 -------- d-----w- c:\programdata\Ant.com
2012-07-14 16:28 . 2012-07-14 16:28 -------- d-----w- c:\program files (x86)\Ant.com
2012-07-13 13:15 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDA8F79E-3A98-4AB6-824C-A216A50A4F36}\mpengine.dll
2012-07-12 18:48 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 18:17 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-12 18:17 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-12 18:17 . 2012-06-02 12:52 174200 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-12 18:17 . 2012-06-02 09:08 140920 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-07-06 16:09 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-06-29 20:48 . 2012-06-29 20:48 -------- d-----w- c:\windows\de
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\en
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\ar
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\bg
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\cs
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\da
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\el
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\es
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\fi
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\fr
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\he
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\hr
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\hu
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\it
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\ko
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\lt
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\lv
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\nl
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\no
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\pl
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\pt-br
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\pt-pt
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\ro
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\ru
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\sk
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\sl
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\sr-latn-cs
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\sv
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\th
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\tr
2012-06-29 20:40 . 2012-06-29 20:40 -------- d-----w- c:\windows\zh-cn
2012-06-29 20:40 . 2012-06-29 20:40 -------- d-----w- c:\windows\zh-tw
2012-06-29 20:20 . 2012-06-29 20:20 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a240c65d1cd563402\MeshBetaRemover.exe
2012-06-29 20:20 . 2012-06-29 20:20 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a1c1f8c51cd563401\DSETUP.dll
2012-06-29 20:20 . 2012-06-29 20:20 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a1c1f8c51cd563401\DXSETUP.exe
2012-06-29 20:20 . 2012-06-29 20:20 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a1c1f8c51cd563401\dsetup32.dll
2012-06-22 18:20 . 2012-06-22 18:20 -------- d-----w- c:\users\Christian\AppData\Local\Mozilla
2012-06-22 17:52 . 2012-07-05 00:01 -------- d-----w- c:\users\Christian\AppData\Roaming\Imqyt
2012-06-22 17:52 . 2012-07-04 23:52 -------- d-----w- c:\users\Christian\AppData\Roaming\Evyws
2012-06-22 17:52 . 2012-06-22 17:52 -------- d-----w- c:\users\Christian\AppData\Roaming\Ybem
2012-06-22 17:20 . 2012-06-22 17:20 -------- d-----w- c:\users\Christian\AppData\Roaming\Avira
2012-06-22 17:13 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-22 17:13 . 2012-04-27 08:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-22 17:13 . 2012-04-24 22:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-22 17:13 . 2012-06-22 17:14 -------- d-----w- c:\programdata\Avira
2012-06-22 17:13 . 2012-06-22 17:13 -------- d-----w- c:\program files (x86)\Avira
2012-06-22 16:55 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-22 16:55 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-22 16:23 . 2012-06-22 16:23 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-22 16:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 16:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 16:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 16:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 16:15 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 16:15 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 16:15 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 16:15 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 16:15 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 15:25 . 2010-04-30 11:56 312488 ----a-r- c:\windows\updater4g.exe
2012-06-21 15:25 . 2010-04-30 11:56 160424 ----a-r- c:\windows\starter4g.exe
2012-06-21 15:25 . 2012-07-09 12:25 -------- d-----w- c:\users\Christian\AppData\Roaming\XSManager
2012-06-21 15:25 . 2012-06-21 17:57 -------- d-----w- c:\program files (x86)\XSManager
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 11:14 . 2012-04-08 21:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 11:14 . 2011-09-17 18:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 15:25 . 2011-11-22 13:14 118272 ----a-w- c:\windows\system32\drivers\cm_seramd.sys
2012-06-21 15:25 . 2011-11-22 13:14 112640 ----a-w- c:\windows\system32\drivers\cm_net32.sys
2012-06-21 15:25 . 2011-11-22 13:14 103680 ----a-w- c:\windows\system32\drivers\cm_ser32.sys
2012-06-21 15:25 . 2011-11-22 13:14 63648 ----a-w- c:\windows\system32\drivers\smsbda.sys
2012-06-21 15:25 . 2011-11-22 13:14 133120 ----a-w- c:\windows\system32\drivers\cm_netamd.sys
2012-06-21 15:25 . 2011-11-22 13:13 117888 ----a-w- c:\windows\system32\drivers\cmnsusbser.sys
2012-05-04 11:06 . 2012-06-13 13:23 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 13:23 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 13:23 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 13:23 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 13:22 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 13:29 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 13:29 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 13:29 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 14:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 14:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 14:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-18 11:49 . 2012-05-18 15:07 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"starter4g"="c:\windows\starter4g.exe" [2010-04-30 160424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ctfmon.lnk - c:\windows\System32\rundll32.exe [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2012-06-21 117888]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe [2009-10-16 1044136]
R4 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-27 203776]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntUpdaterService;Ant Toolbar updater service;c:\program files (x86)\Ant.com\IE add-on\AntUpdaterService.exe [2011-06-29 520216]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-30 145064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-27 9079808]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-27 299520]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-18 115216]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 11:14]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1233034886-2771921467-1450124296-1001Core.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 15:15]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1233034886-2771921467-1450124296-1001UA.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 15:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
"lxdwmon.exe"="c:\program files (x86)\Lexmark 7600 Series\lxdwmon.exe" [2010-02-10 676520]
"EzPrint"="c:\program files (x86)\Lexmark 7600 Series\ezprint.exe" [2010-02-10 131752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-17 07:15:44
ComboFix-quarantined-files.txt 2012-07-17 05:15
.
Vor Suchlauf: 6 Verzeichnis(se), 167.666.171.904 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 167.575.261.184 Bytes frei
.
- - End Of File - - 58EFD207FE8317593758F82055F5D55E

Wer hat dich angewiesen Combofix auszufuehren?


CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
• Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.