UKash Windows Security Trojaner

markusg · 30.03.2012, 16:31

danke für die netten worte :-)
fertig sind wir aber noch nicht.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

webcollector · 31.03.2012, 14:00

hab die Anweisungen soweit durchgeführt und hier ist die ComboFix.TXT
Wurde der Rechner jetzt soweit gereinigt?

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-31.02 - install 31.03.2012  14:43:32.1.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4091.2856 [GMT 2:00]
ausgeführt von:: c:\users\install\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\install\AppData\Roaming\Microsoft\Windows\Cookies\isindex.dat
E:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-31  ))))))))))))))))))))))))))))))
.
.
2012-03-31 12:48 . 2012-03-31 12:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-30 14:44 . 2012-03-30 14:53	--------	d-----w-	C:\_OTL
2012-03-30 10:40 . 2012-03-14 03:27	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{16143528-B3E3-4164-9BBE-34D8ABCAEEA8}\mpengine.dll
2012-03-22 19:34 . 2012-03-22 19:34	--------	d-----w-	c:\program files (x86)\Microsoft Works
2012-03-22 19:33 . 2012-03-22 19:33	--------	d-----w-	c:\windows\PCHEALTH
2012-03-22 19:33 . 2012-03-22 19:33	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2012-03-18 15:42 . 2012-03-18 15:52	--------	d-----w-	c:\users\install\AppData\Roaming\DeepBurner
2012-03-14 15:04 . 2012-01-25 06:27	76288	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 15:04 . 2012-01-25 06:27	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:04 . 2012-01-25 06:20	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-10 18:56 . 2012-03-10 18:56	--------	d-----w-	c:\programdata\AVSVideoBurner
2012-03-10 18:44 . 2007-02-27 17:36	974848	----a-w-	c:\windows\SysWow64\mfc70.dll
2012-03-10 18:44 . 2007-02-27 17:36	487424	----a-w-	c:\windows\SysWow64\msvcp70.dll
2012-03-10 18:44 . 2007-02-27 17:36	344064	----a-w-	c:\windows\SysWow64\msvcr70.dll
2012-03-10 14:40 . 2012-03-10 14:40	--------	d-----w-	c:\users\install\AppData\Roaming\AVS4YOU
2012-03-10 14:39 . 2012-03-10 18:45	--------	d-----w-	c:\program files (x86)\AVS4YOU
2012-03-10 14:39 . 2012-03-10 18:45	--------	d-----w-	c:\program files (x86)\Common Files\AVSMedia
2012-03-10 14:38 . 2012-03-10 14:40	--------	d-----w-	c:\programdata\AVS4YOU
2012-03-10 14:38 . 2011-08-22 15:32	24576	----a-w-	c:\windows\SysWow64\msxml3a.dll
2012-03-10 12:40 . 2012-03-10 12:40	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2012-03-10 12:40 . 2012-03-10 12:40	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-03-10 00:33 . 2012-03-10 00:33	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2012-03-09 21:33 . 2009-09-10 06:28	311808	----a-w-	c:\windows\system32\msv1_0.dll
2012-03-09 21:33 . 2009-09-10 05:52	257024	----a-w-	c:\windows\SysWow64\msv1_0.dll
2012-03-09 21:27 . 2012-03-09 21:27	--------	d-----w-	c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-03-09 21:26 . 2009-11-25 11:47	99176	----a-w-	c:\windows\SysWow64\PresentationHostProxy.dll
2012-03-09 21:26 . 2009-11-25 11:47	49472	----a-w-	c:\windows\SysWow64\netfxperf.dll
2012-03-09 21:26 . 2009-11-25 11:47	48960	----a-w-	c:\windows\system32\netfxperf.dll
2012-03-09 21:26 . 2009-11-25 11:47	297808	----a-w-	c:\windows\SysWow64\mscoree.dll
2012-03-09 21:26 . 2009-11-25 11:47	295264	----a-w-	c:\windows\SysWow64\PresentationHost.exe
2012-03-09 21:26 . 2009-11-25 11:47	1130824	----a-w-	c:\windows\SysWow64\dfshim.dll
2012-03-09 21:26 . 2009-11-25 11:47	109912	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2012-03-09 21:26 . 2009-11-25 11:47	444752	----a-w-	c:\windows\system32\mscoree.dll
2012-03-09 21:26 . 2009-11-25 11:47	320352	----a-w-	c:\windows\system32\PresentationHost.exe
2012-03-09 21:26 . 2009-11-25 11:47	1942856	----a-w-	c:\windows\system32\dfshim.dll
2012-03-09 21:26 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-03-09 21:08 . 2011-11-17 07:10	340992	----a-w-	c:\windows\system32\schannel.dll
2012-03-09 21:07 . 2010-08-21 06:38	1024512	----a-w-	c:\windows\system32\wmpmde.dll
2012-03-09 21:02 . 2011-11-05 05:17	2048	----a-w-	c:\windows\system32\tzres.dll
2012-03-09 21:01 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2012-03-09 21:00 . 2010-03-05 07:52	84992	----a-w-	c:\windows\system32\asycfilt.dll
2012-03-09 21:00 . 2010-03-05 07:42	67584	----a-w-	c:\windows\SysWow64\asycfilt.dll
2012-03-09 21:00 . 2011-11-17 07:14	1739160	----a-w-	c:\windows\system32\ntdll.dll
2012-03-09 21:00 . 2011-11-17 05:41	1292592	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-03-09 21:00 . 2011-06-23 05:29	5507968	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-09 21:00 . 2011-06-23 04:38	3957120	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-09 21:00 . 2011-06-23 04:38	3902336	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-09 20:58 . 2011-02-23 05:15	90624	----a-w-	c:\windows\system32\drivers\bowser.sys
2012-03-09 20:57 . 2009-12-29 08:03	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-03-09 20:57 . 2009-12-29 06:55	172032	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-03-09 20:57 . 2010-01-09 07:19	139264	----a-w-	c:\windows\system32\cabview.dll
2012-03-09 20:57 . 2010-01-09 06:52	132608	----a-w-	c:\windows\SysWow64\cabview.dll
2012-03-09 20:29 . 2012-03-09 20:29	51496	----a-w-	c:\windows\system32\drivers\stflt.sys
2012-03-09 15:15 . 2012-03-09 15:15	--------	d-----w-	c:\users\install\AppData\Local\Diagnostics
2012-03-03 16:36 . 2012-03-03 16:36	--------	d-----w-	c:\users\install\AppData\Roaming\Ubisoft
2012-03-03 16:36 . 2012-03-03 16:36	--------	d-----w-	c:\programdata\Ubisoft
2012-03-03 16:31 . 2007-05-16 15:45	4496232	----a-w-	c:\windows\system32\d3dx9_34.dll
2012-03-03 14:22 . 2012-03-03 14:22	--------	d-----w-	c:\programdata\Solidshield
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2011-07-25 22:05	279656	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
2011-06-08 17:04	282656	----a-w-	c:\program files (x86)\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-26 3077528]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-07-26 438272]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"DAEMON Tools Lite"="e:\daemon tools lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"avgnt"="e:\avira\AntiVir Desktop\avgnt.exe" [2011-07-25 281768]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"MAgent"="e:\mailagent\MAgent.exe" [2011-07-25 13233856]
"Guard.Mail.ru.gui"="c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe" [2011-12-11 1768144]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LWS"="e:\logitech webcam\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
.
c:\users\install\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\install\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;e:\avira\AntiVir Desktop\sched.exe [2011-07-25 136360]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2011-12-11 1768144]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 565928]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-03-04 428640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-22 8116256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"lxbkbmgr.exe"="c:\program files (x86)\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &??????? ? Microsoft Excel - e:\office\OFFICE11\EXCEL.EXE/3000
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - e:\mailagent\magent.exe
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - e:\icq7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\install\AppData\Roaming\Mozilla\Firefox\Profiles\71zsfnsc.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-MediaGet2 - c:\users\install\AppData\Local\MediaGet2\mediaget.exe
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-Digitale Bibliothek 5 - e:\digitale bibliothek 5\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\!-*]
"7040110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
e:\avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Lexmark X1100 Series\lxbkbmon.exe
c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-31  14:54:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-31 12:54
.
Vor Suchlauf: 14 Verzeichnis(se), 16.716.795.904 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 16.570.363.904 Bytes frei
.
- - End Of File - - 1E23405E6EA629DE53DBD92F88F62EF8

--- --- ---

UKash Windows Security Trojaner

Log-Analyse und Auswertung: UKash Windows Security Trojaner

UKash Windows Security Trojaner

UKash Windows Security Trojaner

Ähnliche Themen: UKash Windows Security Trojaner