Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Trojaner (mit Webcamfenster)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 17.07.2012, 16:04   #1
teuki
 
BKA Trojaner (mit Webcamfenster) - Standard

BKA Trojaner (mit Webcamfenster)



Hallo habe einen Trojaner eingefangen.

Comfix sagt folgendes:

ComboFix 12-07-16.01 - Christian 17.07.2012 6:54.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4076.2986 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-17 bis 2012-07-17 ))))))))))))))))))))))))))))))
.
.
2012-07-17 05:07 . 2012-07-17 05:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 04:56 . 2012-07-17 04:56 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDA8F79E-3A98-4AB6-824C-A216A50A4F36}\offreg.dll
2012-07-17 01:49 . 2010-11-17 23:45 67072 ----a-w- c:\windows\system32\Ssdevm64.dll
2012-07-17 01:49 . 2010-01-19 20:58 160272 ----a-w- c:\windows\system32\TWAINDSM.dll
2012-07-17 01:49 . 2009-10-28 19:06 43520 ----a-w- c:\windows\system32\Ssusbp64.dll
2012-07-17 01:49 . 2010-10-21 21:46 207872 ----a-w- c:\windows\system32\SNWIAUI.dll
2012-07-17 01:49 . 2010-10-21 18:22 709632 ----a-w- c:\windows\system32\SnMinDrv.dll
2012-07-17 01:49 . 2010-10-21 18:22 163840 ----a-w- c:\windows\system32\SnImgFlt.dll
2012-07-17 01:49 . 2010-10-21 18:22 103424 ----a-w- c:\windows\system32\SnErHdlr.dll
2012-07-17 01:49 . 2010-05-20 22:08 280064 ----a-w- c:\windows\system32\snWIAMUI.dll
2012-07-17 01:49 . 2009-06-10 20:31 123256 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-07-17 01:49 . 2009-06-10 20:31 1165664 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-07-17 01:49 . 2009-06-10 20:30 8016 ----a-w- c:\windows\system32\icardres.dll
2012-07-17 01:49 . 2009-06-10 20:30 170328 ----a-w- c:\windows\system32\infocardapi.dll
2012-07-14 16:28 . 2012-07-14 16:28 -------- d-----w- c:\programdata\Ant.com
2012-07-14 16:28 . 2012-07-14 16:28 -------- d-----w- c:\program files (x86)\Ant.com
2012-07-13 13:15 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDA8F79E-3A98-4AB6-824C-A216A50A4F36}\mpengine.dll
2012-07-12 18:48 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 18:17 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-12 18:17 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-12 18:17 . 2012-06-02 12:52 174200 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-12 18:17 . 2012-06-02 09:08 140920 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-07-06 16:09 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-06-29 20:48 . 2012-06-29 20:48 -------- d-----w- c:\windows\de
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\en
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\ar
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\bg
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\cs
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\da
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\el
2012-06-29 20:44 . 2012-06-29 20:44 -------- d-----w- c:\windows\es
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\fi
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\fr
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\he
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\hr
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\hu
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\it
2012-06-29 20:43 . 2012-06-29 20:43 -------- d-----w- c:\windows\ko
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\lt
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\lv
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\nl
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\no
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\pl
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\pt-br
2012-06-29 20:42 . 2012-06-29 20:42 -------- d-----w- c:\windows\pt-pt
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\ro
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\ru
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\sk
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\sl
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\sr-latn-cs
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\sv
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\th
2012-06-29 20:41 . 2012-06-29 20:41 -------- d-----w- c:\windows\tr
2012-06-29 20:40 . 2012-06-29 20:40 -------- d-----w- c:\windows\zh-cn
2012-06-29 20:40 . 2012-06-29 20:40 -------- d-----w- c:\windows\zh-tw
2012-06-29 20:20 . 2012-06-29 20:20 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a240c65d1cd563402\MeshBetaRemover.exe
2012-06-29 20:20 . 2012-06-29 20:20 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a1c1f8c51cd563401\DSETUP.dll
2012-06-29 20:20 . 2012-06-29 20:20 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a1c1f8c51cd563401\DXSETUP.exe
2012-06-29 20:20 . 2012-06-29 20:20 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a1c1f8c51cd563401\dsetup32.dll
2012-06-22 18:20 . 2012-06-22 18:20 -------- d-----w- c:\users\Christian\AppData\Local\Mozilla
2012-06-22 17:52 . 2012-07-05 00:01 -------- d-----w- c:\users\Christian\AppData\Roaming\Imqyt
2012-06-22 17:52 . 2012-07-04 23:52 -------- d-----w- c:\users\Christian\AppData\Roaming\Evyws
2012-06-22 17:52 . 2012-06-22 17:52 -------- d-----w- c:\users\Christian\AppData\Roaming\Ybem
2012-06-22 17:20 . 2012-06-22 17:20 -------- d-----w- c:\users\Christian\AppData\Roaming\Avira
2012-06-22 17:13 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-22 17:13 . 2012-04-27 08:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-22 17:13 . 2012-04-24 22:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-22 17:13 . 2012-06-22 17:14 -------- d-----w- c:\programdata\Avira
2012-06-22 17:13 . 2012-06-22 17:13 -------- d-----w- c:\program files (x86)\Avira
2012-06-22 16:55 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-22 16:55 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-22 16:23 . 2012-06-22 16:23 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-22 16:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 16:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 16:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 16:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 16:15 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 16:15 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 16:15 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 16:15 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 16:15 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 15:25 . 2010-04-30 11:56 312488 ----a-r- c:\windows\updater4g.exe
2012-06-21 15:25 . 2010-04-30 11:56 160424 ----a-r- c:\windows\starter4g.exe
2012-06-21 15:25 . 2012-07-09 12:25 -------- d-----w- c:\users\Christian\AppData\Roaming\XSManager
2012-06-21 15:25 . 2012-06-21 17:57 -------- d-----w- c:\program files (x86)\XSManager
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 11:14 . 2012-04-08 21:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 11:14 . 2011-09-17 18:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 15:25 . 2011-11-22 13:14 118272 ----a-w- c:\windows\system32\drivers\cm_seramd.sys
2012-06-21 15:25 . 2011-11-22 13:14 112640 ----a-w- c:\windows\system32\drivers\cm_net32.sys
2012-06-21 15:25 . 2011-11-22 13:14 103680 ----a-w- c:\windows\system32\drivers\cm_ser32.sys
2012-06-21 15:25 . 2011-11-22 13:14 63648 ----a-w- c:\windows\system32\drivers\smsbda.sys
2012-06-21 15:25 . 2011-11-22 13:14 133120 ----a-w- c:\windows\system32\drivers\cm_netamd.sys
2012-06-21 15:25 . 2011-11-22 13:13 117888 ----a-w- c:\windows\system32\drivers\cmnsusbser.sys
2012-05-04 11:06 . 2012-06-13 13:23 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 13:23 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 13:23 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 13:23 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 13:22 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 13:29 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 13:29 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 13:29 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 14:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 14:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 14:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-18 11:49 . 2012-05-18 15:07 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"starter4g"="c:\windows\starter4g.exe" [2010-04-30 160424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ctfmon.lnk - c:\windows\System32\rundll32.exe [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2012-06-21 117888]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe [2009-10-16 1044136]
R4 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-27 203776]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntUpdaterService;Ant Toolbar updater service;c:\program files (x86)\Ant.com\IE add-on\AntUpdaterService.exe [2011-06-29 520216]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-30 145064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-27 9079808]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-27 299520]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-18 115216]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 11:14]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1233034886-2771921467-1450124296-1001Core.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 15:15]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1233034886-2771921467-1450124296-1001UA.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 15:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
"lxdwmon.exe"="c:\program files (x86)\Lexmark 7600 Series\lxdwmon.exe" [2010-02-10 676520]
"EzPrint"="c:\program files (x86)\Lexmark 7600 Series\ezprint.exe" [2010-02-10 131752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-17 07:15:44
ComboFix-quarantined-files.txt 2012-07-17 05:15
.
Vor Suchlauf: 6 Verzeichnis(se), 167.666.171.904 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 167.575.261.184 Bytes frei
.
- - End Of File - - 58EFD207FE8317593758F82055F5D55E

 

Themen zu BKA Trojaner (mit Webcamfenster)
acrobat update, adapter, adobe, adobe flash player, antivir, avg, dateien, defender, desktop, explorer, flash player, generic, home, internet, internet explorer, object, port, realtek, rundll, software, stick, system, system32, trojaner, updates, virtualbox, windows




Ähnliche Themen: BKA Trojaner (mit Webcamfenster)


  1. Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (6)
  2. GVU Trojaner mit Webcamfenster
    Log-Analyse und Auswertung - 04.09.2012 (5)
  3. Bundestrojaner aber mit Webcamfenster
    Plagegeister aller Art und deren Bekämpfung - 25.08.2012 (24)
  4. GVU Trojaner (Version mit Webcamfenster) eingefangen
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (2)
  5. BKA Trojaner (mit Webcamfenster) hat mich erwischt :(
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (5)
  6. GVU - Trojaner entfernen - ähnlich wie 2.04 nur mit Webcamfenster !
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (9)
  7. GVU - Trojaner mit Webcamfenster
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (13)
  8. GVU-Trojaner mit Webcamfenster (C:\Users\***\Appdata\Local\Temp\0_0u-I.exe)
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (9)
  9. GVU Trojaner ähnlich 2.04 mit zusätzlichem Webcamfenster
    Log-Analyse und Auswertung - 09.07.2012 (4)
  10. GVU Trojaner mit Webcamfenster beseitgen
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (17)

Zum Thema BKA Trojaner (mit Webcamfenster) - Hallo habe einen Trojaner eingefangen. Comfix sagt folgendes: ComboFix 12-07-16.01 - Christian 17.07.2012 6:54.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4076.2986 [GMT 2:00] ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe SP: Windows Defender - BKA Trojaner (mit Webcamfenster)...
Archiv
Du betrachtest: BKA Trojaner (mit Webcamfenster) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.