Google: unerwünschte Weiterleitung

markusg · 09.12.2011, 15:43

ja so lange der scan läuft kann uns die norton meldung wurscht sein.

DarkAlb · 09.12.2011, 16:17

Der Scan hat funktioniert. Nach dem Neustart ersheint auch wie erwartet das Log. Allerding kommt nun bei dem Versuch einen Browser zu öffnen folgende meldung:
C:\Program Files (x86)\Internet Explorer\iexplore.exe

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum löschen makiert wurde.

Der Brower lässt sich nicht öffnen. Das selbe auch bei firefox

DarkAlb · 09.12.2011, 16:22

Supi! Hat gefunzt. hier das log

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-12-09.02 - Andi 09.12.2011  15:40:09.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8140.6464 [GMT 1:00]
ausgeführt von:: c:\users\Andi\Downloads\23456.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-09 bis 2011-12-09  ))))))))))))))))))))))))))))))
.
.
2011-12-09 14:43 . 2011-12-09 14:43	--------	d-----w-	c:\users\Eva\AppData\Local\temp
2011-12-09 14:43 . 2011-12-09 14:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-08 20:42 . 2011-12-08 20:42	--------	d-----w-	c:\program files\CCleaner
2011-12-08 18:49 . 2011-12-08 18:49	25160	----a-w-	c:\windows\system32\drivers\hitmanpro36.sys
2011-12-08 18:48 . 2011-12-08 18:49	--------	d-----w-	c:\programdata\HitmanPro
2011-12-08 17:47 . 2011-12-08 17:47	--------	d-----w-	c:\users\Andi\AppData\Roaming\Malwarebytes
2011-12-08 17:47 . 2011-12-08 17:47	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-08 17:47 . 2011-12-08 17:47	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-08 17:47 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-07 18:35 . 2011-12-07 18:46	--------	d-----w-	C:\_OTL
2011-12-06 15:33 . 2011-12-06 15:34	--------	d-----w-	c:\users\Andi\AppData\Local\Deployment
2011-12-06 15:33 . 2011-12-06 15:33	--------	d-----w-	c:\users\Andi\AppData\Local\Apps
2011-12-06 13:22 . 2011-12-08 17:32	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-12-06 13:22 . 2009-01-25 12:14	17272	----a-w-	c:\windows\system32\sdnclean64.exe
2011-12-06 13:22 . 2011-12-08 17:33	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2011-12-05 11:31 . 2011-12-05 11:31	--------	d-----w-	c:\users\Andi\AppData\Local\Windows Live
2011-12-02 22:03 . 2011-12-02 22:03	--------	d-----w-	c:\users\Andi\AppData\Roaming\Tific
2011-12-02 22:03 . 2011-12-02 22:03	--------	d-----w-	c:\users\Andi\AppData\Local\Symantec
2011-12-02 18:54 . 2011-09-27 04:57	374272	----a-w-	c:\windows\SysWow64\mss32.dll
2011-12-02 17:46 . 2011-12-02 17:46	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2011-12-02 17:45 . 2011-12-02 17:45	--------	d-----w-	c:\program files (x86)\DAMN NFO Viewer
2011-12-02 17:45 . 2011-12-04 18:00	--------	dc-h--w-	c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-02 17:45 . 2011-12-02 17:45	--------	d-----w-	c:\users\Andi\AppData\Local\PackageAware
2011-12-02 17:34 . 2011-12-08 16:00	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2011-11-22 19:34 . 2011-11-22 19:34	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-11-22 18:56 . 2011-11-22 18:56	--------	d-----w-	c:\program files\iPod
2011-11-22 18:56 . 2011-11-22 18:56	--------	d-----w-	c:\program files\iTunes
2011-11-22 18:56 . 2011-11-22 18:56	--------	d-----w-	c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 17:42 . 2011-10-11 12:03	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2011-10-03 03:06 . 2011-06-21 10:16	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-09-29 16:29 . 2011-11-09 13:27	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 13:27	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-09-14 09:47 . 2011-09-14 09:47	60416	----a-w-	c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47	53760	----a-w-	c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47	51200	----a-w-	c:\windows\system32\OpenCL.dll
2011-09-14 09:47 . 2011-09-14 09:47	43520	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-09-14 09:47 . 2011-09-14 09:47	16652288	----a-w-	c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46	13625856	----a-w-	c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38	44032	----a-w-	c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38	37376	----a-w-	c:\windows\SysWow64\amdoclcl.dll
2011-09-13 14:12 . 2011-09-13 14:12	951680	----a-w-	c:\windows\system32\drivers\ndis.sys
2011-09-13 04:35 . 2011-09-13 04:35	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll
2011-09-13 04:35 . 2011-02-02 13:31	505128	----a-w-	c:\windows\SysWow64\msvcp71.dll
2011-09-13 04:35 . 2011-02-02 13:31	353576	----a-w-	c:\windows\SysWow64\msvcr71.dll
2011-09-13 04:26 . 2011-09-13 04:26	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-09-13 04:26 . 2011-09-13 04:26	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-09-13 04:26 . 2011-09-13 04:26	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-09-13 04:26 . 2011-09-13 04:26	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-09-13 04:26 . 2011-09-13 04:26	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-13 04:26 . 2011-09-13 04:26	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-09-13 04:26 . 2011-09-13 04:26	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-13 04:26 . 2011-09-13 04:26	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-09-13 04:26 . 2011-09-13 04:26	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-09-13 04:26 . 2011-09-13 04:26	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-09-13 04:26 . 2011-09-13 04:26	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-09-13 04:26 . 2011-09-13 04:26	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-09-13 04:26 . 2011-09-13 04:26	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-09-13 04:26 . 2011-09-13 04:26	448512	----a-w-	c:\windows\system32\html.iec
2011-09-13 04:26 . 2011-09-13 04:26	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-09-13 04:26 . 2011-09-13 04:26	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-09-13 04:26 . 2011-09-13 04:26	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-09-13 04:26 . 2011-09-13 04:26	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-09-13 04:26 . 2011-09-13 04:26	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-09-13 04:26 . 2011-09-13 04:26	222208	----a-w-	c:\windows\system32\msls31.dll
2011-09-13 04:26 . 2011-09-13 04:26	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-09-13 04:26 . 2011-09-13 04:26	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-09-13 04:26 . 2011-09-13 04:26	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-09-13 04:26 . 2011-09-13 04:26	160256	----a-w-	c:\windows\system32\wextract.exe
2011-09-13 04:26 . 2011-09-13 04:26	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-09-13 04:26 . 2011-09-13 04:26	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-09-13 04:26 . 2011-09-13 04:26	1492992	----a-w-	c:\windows\system32\inetcpl.cpl
2011-09-13 04:26 . 2011-09-13 04:26	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-09-13 04:26 . 2011-09-13 04:26	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-09-13 04:26 . 2011-09-13 04:26	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-09-13 04:26 . 2011-09-13 04:26	12288	----a-w-	c:\windows\system32\mshta.exe
2011-09-13 04:26 . 2011-09-13 04:26	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-09-13 04:26 . 2011-09-13 04:26	114176	----a-w-	c:\windows\system32\admparse.dll
2011-09-13 04:26 . 2011-09-13 04:26	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-09-13 04:26 . 2011-09-13 04:26	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-09-13 04:26 . 2011-09-13 04:26	101888	----a-w-	c:\windows\SysWow64\admparse.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2011-02-28 1189968]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2011-02-15 680016]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2011-02-08 4151376]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-13 1028096]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-08 c:\windows\Tasks\HPCeeScheduleForAndi.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\23456\CF31803.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\j41qrvqc.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-09  15:48:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-09 14:48
ComboFix2.txt  2011-12-08 07:19
.
Vor Suchlauf: 13 Verzeichnis(se), 649.037.271.040 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 648.331.550.720 Bytes frei
.
- - End Of File - - DE9A9FBF280982E2B0BC10280A65017E

--- --- ---

09.12.2011, 15:43	#1
markusg /// Malware-holic	Google: unerwünschte Weiterleitung ja so lange der scan läuft kann uns die norton meldung wurscht sein. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Google: unerwünschte Weiterleitung

Log-Analyse und Auswertung: Google: unerwünschte Weiterleitung