Trojaner-Board - Neuer fake Bundestrojaner 2.0

also mich hat es zum 2. mal erwischt und nun helfen die übrigen wege auch nicht mehr wie beim vorgänger z.b. Shell da zeile löschen aber dort steht explorer.exe

naja da brauch ich nun bitte eure hilfe

des weiteren kann ich obwohl der screen mit bundesbildschirm kommt in meinen bibliothek ordner und so überall auf dem pc zugreifen und bin nicht im abgesichterten modus

vllt ist das gut xDDD

also ich hab erst mal mit Combofix gearbeitet und hier die text datei mal gepostet vllt hilfts ja

danke im vorraus

ComboFix 11-12-01.03 - mauza 01.12.2011 21:20:06.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4094.2155 [GMT 1:00]
ausgeführt von:: c:\users\mauza\Downloads\Neuer Ordner\ComboFix-1.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mauza\AppData\Local\Temp\0.837970031559333.exe
c:\users\mauza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.837970031559333.exe.lnk
c:\windows\IsUn0407.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-01 bis 2011-12-01 ))))))))))))))))))))))))))))))
.
.
2011-12-01 20:25 . 2011-12-01 20:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-01 19:13 . 2011-12-01 19:13 -------- d-----w- c:\users\Addi
2011-11-30 16:19 . 2011-11-30 16:19 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-11-11 10:29 . 2011-11-11 10:29 -------- d-----w- c:\users\mauza\AppData\Local\Skyrim
2011-11-10 14:56 . 2011-11-18 12:08 -------- d-----w- c:\users\mauza\AppData\Local\Akamai
2011-11-06 19:13 . 2011-08-10 09:26 348968 ----a-w- c:\windows\SysWow64\msvcr70.dll
2011-11-06 19:13 . 2011-08-10 09:26 353064 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-06 19:13 . 2011-08-10 09:26 631592 ----a-w- c:\windows\SysWow64\msvcr80.dll
2011-11-06 19:13 . 2011-08-10 09:27 979752 ----a-w- c:\windows\SysWow64\mfc70.dll
2011-11-06 19:13 . 2011-08-10 09:27 1106728 ----a-w- c:\windows\SysWow64\mfc80.dll
2011-11-06 19:13 . 2011-08-10 09:27 1097512 ----a-w- c:\windows\SysWow64\mfc80u.dll
2011-11-06 19:13 . 2011-08-10 09:26 484136 ----a-w- c:\windows\SysWow64\msvcm80.dll
2011-11-06 19:13 . 2011-08-10 09:26 492328 ----a-w- c:\windows\SysWow64\msvcp70.dll
2011-11-06 19:13 . 2011-08-10 09:26 553768 ----a-w- c:\windows\SysWow64\msvcp80.dll
2011-11-06 19:13 . 2011-08-10 09:26 504616 ----a-w- c:\windows\SysWow64\MSVCP71.DLL
2011-11-06 19:12 . 2011-11-06 19:14 -------- d-----w- c:\program files (x86)\Common Files\Dlubal
2011-11-06 19:11 . 2011-11-06 19:11 -------- d-----w- c:\windows\MSAgent
2011-11-01 20:47 . 2011-11-30 21:11 -------- d-----w- c:\users\mauza\AppData\Local\Paint.NET
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-06 11:18 . 2011-08-09 18:24 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2011-10-06 11:18 . 2011-08-09 18:24 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2011-09-05 14:03 . 2011-09-05 14:03 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-09-05 13:03 . 2011-09-05 13:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-05 13:03 . 2011-09-05 13:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-05 13:03 . 2011-09-05 13:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-05 13:03 . 2011-09-05 13:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-05 13:03 . 2011-09-05 13:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-05 13:03 . 2011-09-05 13:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-05 13:03 . 2011-09-05 13:03 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-05 13:03 . 2011-09-05 13:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-05 13:03 . 2011-09-05 13:03 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-05 13:03 . 2011-09-05 13:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-05 13:03 . 2011-09-05 13:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-05 13:03 . 2011-09-05 13:03 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-05 13:03 . 2011-09-05 13:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-05 13:03 . 2011-09-05 13:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-05 13:03 . 2011-09-05 13:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-05 13:03 . 2011-09-05 13:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-05 13:03 . 2011-09-05 13:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-05 13:03 . 2011-09-05 13:03 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-05 13:03 . 2011-09-05 13:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-05 13:03 . 2011-09-05 13:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-05 13:03 . 2011-09-05 13:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-05 13:03 . 2011-09-05 13:03 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:03 . 2011-09-05 13:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-05 13:03 . 2011-09-05 13:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-05 13:03 . 2011-09-05 13:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-05 13:03 . 2011-09-05 13:03 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-05 13:03 . 2011-09-05 13:03 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:03 . 2011-09-05 13:03 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-05 13:03 . 2011-09-05 13:03 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-05 13:03 . 2011-09-05 13:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-05 13:03 . 2011-09-05 13:03 448512 ----a-w- c:\windows\system32\html.iec
2011-09-05 13:03 . 2011-09-05 13:03 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-05 13:03 . 2011-09-05 13:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-05 13:03 . 2011-09-05 13:03 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-09-05 13:03 . 2011-09-05 13:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-05 13:03 . 2011-09-05 13:03 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-05 13:03 . 2011-09-05 13:03 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-05 13:03 . 2011-09-05 13:03 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-05 13:03 . 2011-09-05 13:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-05 13:03 . 2011-09-05 13:03 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-05 13:03 . 2011-09-05 13:03 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-05 13:03 . 2011-09-05 13:03 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-05 13:02 . 2011-09-05 13:02 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-09-05 13:02 . 2011-09-05 13:02 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-09-05 13:02 . 2011-09-05 13:02 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-09-05 13:02 . 2011-09-05 13:02 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-09-05 13:02 . 2011-09-05 13:02 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-09-05 13:02 . 2011-09-05 13:02 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-09-05 13:02 . 2011-09-05 13:02 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-09-05 13:02 . 2011-09-05 13:02 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-09-05 13:02 . 2011-09-05 13:02 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-09-05 13:02 . 2011-09-05 13:02 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-09-05 13:02 . 2011-09-05 13:02 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-09-05 13:02 . 2011-09-05 13:02 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-09-05 13:02 . 2011-09-05 13:02 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-09-05 13:02 . 2011-09-05 13:02 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-09-05 13:02 . 2011-09-05 13:02 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-09-05 13:02 . 2011-09-05 13:02 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-09-05 13:02 . 2011-09-05 13:02 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-09-05 13:02 . 2011-09-05 13:02 144384 ----a-w- c:\windows\system32\cdd.dll
2011-09-05 13:02 . 2011-09-05 13:02 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-09-05 13:02 . 2011-09-05 13:02 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-09-05 13:02 . 2011-09-05 13:02 1133568 ----a-w- c:\windows\system32\FntCache.dll
2011-09-05 13:02 . 2011-09-05 13:02 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuz1.dll" [2011-03-16 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-16 11:59 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-03-16 11:59 3911776 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuz1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuz1.dll" [2011-03-16 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngin0.dll" [2011-03-16 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\games\steam\steam.exe" [2011-08-02 1242448]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-09 3077528]
"Akamai NetSession Interface"="c:\users\mauza\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"GrooveMonitor"="d:\programme\office 2007\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"starter4g"="c:\windows\starter4g.exe" [2009-06-17 157968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-08-11 117888]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-09-05 21712]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-09 1436424]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 X6va003;X6va003;c:\users\mauza\AppData\Local\Temp\0035E76.tmp [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;d:\programme\HWiNFO32\HWiNFO64A.SYS [2011-05-22 28032]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirMailService;Avira AntiVir MailGuard;d:\programme\Avira\AntiVir Desktop\avmailc.exe [2010-03-16 337064]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;d:\programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-02-24 405672]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-07 369256]
S2 WTGService;WTGService;d:\programme\mobilcomUSBstick\WTGService.exe [2009-06-22 304592]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2009-06-17 125200]
S3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-908123831-3800961127-2179969678-1000Core.job
- c:\users\mauza\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 19:09]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-908123831-3800961127-2179969678-1000UA.job
- c:\users\mauza\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 19:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - d:\progra~1\OFFICE~1\Office12\EXCEL.EXE/3000
LSP: d:\programme\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: mobafire.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\mauza\AppData\Roaming\Mozilla\Firefox\Profiles\2bslmr98.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-LogitechVideoRepair - d:\programme\webcam labtec\ISStart.exe
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Atlantica - c:\nexon\Atlantica\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va003]
"ImagePath"="\??\c:\users\mauza\AppData\Local\Temp\0035E76.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-908123831-3800961127-2179969678-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-908123831-3800961127-2179969678-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-908123831-3800961127-2179969678-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-908123831-3800961127-2179969678-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-908123831-3800961127-2179969678-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-908123831-3800961127-2179969678-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-908123831-3800961127-2179969678-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-908123831-3800961127-2179969678-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-908123831-3800961127-2179969678-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-908123831-3800961127-2179969678-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-908123831-3800961127-2179969678-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-908123831-3800961127-2179969678-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-908123831-3800961127-2179969678-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-908123831-3800961127-2179969678-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-908123831-3800961127-2179969678-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-01 21:27:40
ComboFix-quarantined-files.txt 2011-12-01 20:27
.
Vor Suchlauf: 10 Verzeichnis(se), 70.156.644.352 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 73.045.229.568 Bytes frei
.
- - End Of File - - 56EEA2A32DC6CD58B8F29AC5D3B37DA9