Trojaner-Board - 50€ Virus

Combofix Logfile:
Code:
ComboFix 12-02-02.01 - eX 02.02.2012  16:43:23.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2742 [GMT 1:00]

ausgeführt von:: c:\users\eX\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\eX\AppData\Local\assembly\tmp

c:\users\eX\AppData\Roaming\.#

c:\users\eX\AppData\Roaming\.#\MBX@1FC@20D2710.###

c:\users\eX\AppData\Roaming\.#\MBX@1FC@20D2740.###

c:\users\eX\AppData\Roaming\.#\MBX@68C@332710.###

c:\users\eX\AppData\Roaming\.#\MBX@68C@332740.###

c:\users\eX\AppData\Roaming\.#\MBX@D68@362710.###

c:\users\eX\AppData\Roaming\.#\MBX@D68@362740.###

c:\users\eX\AppData\Roaming\.#\MBX@F90@2202710.###

c:\users\eX\AppData\Roaming\.#\MBX@F90@2202740.###

c:\users\eX\AppData\Roaming\AcroIEHelpe.txt

c:\users\eX\AppData\Roaming\edxLabs

c:\users\eX\AppData\Roaming\edxLabs\edxSilkroadLoader5\analyzer\log\162678640.txt

c:\users\eX\AppData\Roaming\edxLabs\edxSilkroadLoader5\analyzer\log\164493812.txt

c:\users\eX\AppData\Roaming\edxLabs\edxSilkroadLoader5\analyzer\log\164501437.txt

c:\users\eX\AppData\Roaming\edxLabs\edxSilkroadLoader5\edxSilkroadLoader5.ini

c:\users\eX\AppData\Roaming\Help\ceptr.tll

c:\users\eX\AppData\Roaming\Help\comm.tll

c:\users\eX\AppData\Roaming\Help\coredb\storage

c:\users\eX\AppData\Roaming\srvblck2.tmp

c:\windows\SysWow64\drivers\hwinterface.sys

c:\windows\SysWow64\Memman.vxd

c:\windows\SysWow64\settings.ini

c:\windows\SysWow64\skinboxer43.dll

H:\desktop.exe

H:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-02 bis 2012-02-02  ))))))))))))))))))))))))))))))

.

.

2012-02-02 15:47 . 2012-02-02 15:47        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-02-02 15:47 . 2012-02-02 15:47        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-02 02:28 . 2012-02-01 23:22        16432        ----a-w-        c:\windows\system32\lsdelete.exe

2012-02-01 23:13 . 2011-12-23 06:12        69376        ----a-w-        c:\windows\system32\drivers\Lbd.sys

2012-02-01 23:13 . 2012-02-01 23:13        --------        d-----w-        c:\program files (x86)\Lavasoft

2012-02-01 22:36 . 2012-02-01 22:36        --------        d-----r-        C:\EX-PC

2012-01-31 20:23 . 2012-01-06 05:15        8602168        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{75176319-BE74-4DD1-A445-702B56F266C5}\mpengine.dll

2012-01-21 16:26 . 2012-02-01 20:38        281656        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2012-01-21 16:26 . 2012-01-21 16:26        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2012-01-10 21:16 . 2011-10-26 05:25        1572864        ----a-w-        c:\windows\system32\quartz.dll

2012-01-10 21:16 . 2011-10-26 05:25        366592        ----a-w-        c:\windows\system32\qdvd.dll

2012-01-10 21:16 . 2011-10-26 04:32        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll

2012-01-10 21:16 . 2011-10-26 04:32        1328128        ----a-w-        c:\windows\SysWow64\quartz.dll

2012-01-10 21:16 . 2011-11-17 06:41        1731920        ----a-w-        c:\windows\system32\ntdll.dll

2012-01-10 21:16 . 2011-11-17 05:38        1292080        ----a-w-        c:\windows\SysWow64\ntdll.dll

2012-01-10 21:15 . 2011-11-19 14:58        77312        ----a-w-        c:\windows\system32\packager.dll

2012-01-10 21:15 . 2011-11-19 14:01        67072        ----a-w-        c:\windows\SysWow64\packager.dll

2012-01-05 02:42 . 2012-02-02 08:59        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-05 02:42 . 2012-02-02 08:59        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-05 02:42 . 2012-02-02 08:59        45016        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll

2012-01-05 02:42 . 2012-02-02 08:59        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-03 21:50 . 2012-01-03 21:50        --------        d-----w-        c:\program files\Oracle

2012-01-03 21:49 . 2011-11-08 18:40        750488        ----a-w-        c:\windows\system32\npdeployJava1.dll

2012-01-03 21:49 . 2011-11-08 18:40        660368        ----a-w-        c:\windows\system32\deployJava1.dll

2012-01-03 21:48 . 2012-01-03 21:49        --------        d-----w-        c:\program files\Java

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-01 20:38 . 2010-03-15 16:16        281656        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2012-02-01 20:37 . 2010-03-15 15:28        281200        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2011-12-07 09:39 . 2010-03-06 15:13        279096        ------w-        c:\windows\system32\MpSigStub.exe

2011-12-04 23:34 . 2011-12-04 23:34        158056        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin

2011-11-24 04:52 . 2011-12-13 19:53        3145216        ----a-w-        c:\windows\system32\win32k.sys

2011-11-05 05:41 . 2011-12-13 19:54        1188864        ----a-w-        c:\windows\system32\wininet.dll

2011-11-05 05:32 . 2011-12-13 19:53        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-11-05 04:35 . 2011-12-13 19:54        981504        ----a-w-        c:\windows\SysWow64\wininet.dll

2011-11-05 04:26 . 2011-12-13 19:53        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2011-11-05 03:32 . 2011-12-13 19:54        1638912        ----a-w-        c:\windows\system32\mshtml.tlb

2011-11-05 02:48 . 2011-12-13 19:54        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2006-05-03 09:06        163328        --sha-r-        c:\windows\SysWOW64\flvDX.dll

2007-02-21 10:47        31232        --sh--r-        c:\windows\SysWOW64\msfDX.dll

2008-03-16 12:30        216064        --sh--r-        c:\windows\SysWOW64\nbDX.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files (x86)\CCleaner\CCleaner.exe" [2009-03-24 1488112]

"Akamai NetSession Interface"="c:\users\eX\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 136176]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-02-01 2152152]

R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]

R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET_AMD64.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 23:21]

.

2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 16:39]

.

2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 16:39]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-09 8151040]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;192.168.*.*

IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: Free YouTube Download - c:\users\eX\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\eX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\eX\AppData\Roaming\Mozilla\Firefox\Profiles\vb9kum56.default\

FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=8e00407100000000000000d0d7000000&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=

FF - prefs.js: network.proxy.ftp - 93.189.5.138

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.http - 93.189.5.138

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - 93.189.5.138

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - 93.189.5.138

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.homepage.dontask - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-DVBViewer TE2_is1 - c:\program files (x86)\DVBViewer TE2\unins000.exe

AddRemove-GamersFirst LIVE! - c:\program files (x86)\GamersFirst\LIVE!\uninstall.exe

AddRemove-SilkroadR - h:\silkroadr\SilkroadR\Remove.Exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-440812787-3872929628-1068270990-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:6f,71,94,a1,9b,46,94,d7,ae,a2,ac,0e,2c,c9,a5,a5,40,8d,7a,69,a4,95,c8,

   ba,a5,79,c6,a6,71,46,7f,37,7e,d5,3e,a3,6a,59,0f,ac,37,84,19,bf,ad,a4,17,fe,\

"??"=hex:80,84,fb,00,e4,cd,05,6e,31,62,11,2a,a2,64,4c,f9

.

[HKEY_USERS\S-1-5-21-440812787-3872929628-1068270990-1001\Software\SecuROM\License information*]

"datasecu"=hex:97,5d,7d,2b,1d,dd,37,1a,60,3a,9d,3d,55,62,06,7f,4d,c0,9e,ab,af,

   28,5b,21,08,4b,ff,75,fc,07,1a,d7,21,18,2b,89,04,7a,39,7f,d8,ec,90,ab,b8,b6,\

"rkeysecu"=hex:48,5c,28,96,07,f8,0d,02,b2,67,ab,a5,97,91,dd,3b

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Blaze Media Pro\NMSAccess32.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

c:\windows\SysWOW64\rundll32.exe

c:\windows\system\Cm106eye.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-02-02  16:52:32 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-02-02 15:52

.

Vor Suchlauf: 3.979.399.168 Bytes frei

Nach Suchlauf: 3.827.466.240 Bytes frei

.

- - End Of File - - 09C46D57FA3959D3134ABA3FB74E6D40
--- --- ---