Polizei-Startseite DZ3RO.JS Virus - fast nichts geht mehr

ploxxyz · 29.06.2013, 20:35

Vielen Dank für die Hilfe und Anleitung!

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-06-28.02 - ubor 29.06.2013  21:32:12.1.4 - x64 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8173.7491 [GMT 2:00]
ausgeführt von:: H:\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dz3ro.bat
c:\programdata\dz3ro.pad
c:\programdata\or3zd.dat
c:\programdata\rundll32.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-28 bis 2013-06-29  ))))))))))))))))))))))))))))))
.
.
2013-06-29 19:33 . 2013-06-29 19:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-29 19:21 . 2013-06-29 19:21	--------	d-----w-	C:\FRST
2013-06-29 17:49 . 2013-06-29 17:49	2609	----a-w-	c:\programdata\dz3ro.js
2013-06-29 16:37 . 2013-06-29 16:37	151	----a-w-	c:\programdata\dz3ro.reg
2013-06-22 09:54 . 2013-06-22 09:54	--------	d-----w-	c:\users\ubor\AppData\Roaming\DVDVideoSoft
2013-06-22 09:54 . 2013-06-22 09:54	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2013-06-16 09:23 . 2013-06-16 09:23	--------	d-----w-	c:\users\ubor\AppData\Local\Diagnostics
2013-06-08 00:37 . 2013-05-12 21:42	925648	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-06-08 00:33 . 2013-06-08 00:33	--------	d-----w-	c:\users\UpdatusUser
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 11:21 . 2013-05-07 11:16	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-06-13 12:22 . 2013-01-04 08:27	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-12 23:27 . 2013-01-03 21:32	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 23:27 . 2013-01-03 21:32	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-12 21:42 . 2013-01-08 09:42	27775776	----a-w-	c:\windows\system32\nvoglv64.dll
2013-05-12 21:42 . 2013-01-03 21:33	1059560	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-05-12 21:42 . 2013-01-03 20:28	12426216	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-05-12 21:42 . 2013-01-03 20:28	2935696	----a-w-	c:\windows\system32\nvapi64.dll
2013-05-12 21:42 . 2013-01-03 20:28	2597344	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-05-12 20:34 . 2010-10-08 01:22	6491936	----a-w-	c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2010-10-08 01:21	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2010-10-08 01:20	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2010-10-08 01:20	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2010-10-08 01:20	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-05-12 20:34 . 2010-10-08 01:20	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-05-12 13:43 . 2013-05-12 13:43	566048	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-05-08 14:13 . 2013-01-03 21:34	3165737	----a-w-	c:\windows\system32\nvcoproc.bin
2013-04-24 16:53 . 2013-04-24 16:53	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-24 16:53 . 2013-04-24 16:53	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-24 16:53 . 2013-04-24 16:53	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-24 16:53 . 2013-04-24 16:53	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-24 16:53 . 2013-04-24 16:53	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-04-24 16:53 . 2013-04-24 16:53	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-24 16:53 . 2013-04-24 16:53	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-24 16:53 . 2013-04-24 16:53	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-24 16:53 . 2013-04-24 16:53	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-24 16:53 . 2013-04-24 16:53	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-24 16:53 . 2013-04-24 16:53	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-24 16:53 . 2013-04-24 16:53	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-24 16:53 . 2013-04-24 16:53	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-24 16:53 . 2013-04-24 16:53	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-24 16:53 . 2013-04-24 16:53	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-24 16:53 . 2013-04-24 16:53	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-24 16:53 . 2013-04-24 16:53	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-24 16:53 . 2013-04-24 16:53	441856	----a-w-	c:\windows\system32\html.iec
2013-04-24 16:53 . 2013-04-24 16:53	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-24 16:53 . 2013-04-24 16:53	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-24 16:53 . 2013-04-24 16:53	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-24 16:53 . 2013-04-24 16:53	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-24 16:53 . 2013-04-24 16:53	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-24 16:53 . 2013-04-24 16:53	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-24 16:53 . 2013-04-24 16:53	235008	----a-w-	c:\windows\system32\url.dll
2013-04-24 16:53 . 2013-04-24 16:53	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-24 16:53 . 2013-04-24 16:53	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-24 16:53 . 2013-04-24 16:53	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-24 16:53 . 2013-04-24 16:53	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-24 16:53 . 2013-04-24 16:53	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-24 16:53 . 2013-04-24 16:53	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-24 16:53 . 2013-04-24 16:53	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-24 16:53 . 2013-04-24 16:53	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-24 16:53 . 2013-04-24 16:53	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-24 16:53 . 2013-04-24 16:53	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-24 16:53 . 2013-04-24 16:53	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-24 16:53 . 2013-04-24 16:53	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-24 16:53 . 2013-04-24 16:53	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-24 16:53 . 2013-04-24 16:53	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-24 16:53 . 2013-04-24 16:53	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-24 16:53 . 2013-04-24 16:53	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-24 16:53 . 2013-04-24 16:53	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-24 16:53 . 2013-04-24 16:53	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-24 16:53 . 2013-04-24 16:53	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-24 16:53 . 2013-04-24 16:53	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-24 16:53 . 2013-04-24 16:53	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-04-24 16:53 . 2013-04-24 16:53	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-24 16:53 . 2013-04-24 16:53	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-24 16:53 . 2013-04-24 16:53	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-24 16:53 . 2013-04-24 16:53	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-04-24 16:53 . 2013-04-24 16:53	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-04-24 16:53 . 2013-04-24 16:53	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-04-24 16:53 . 2013-04-24 16:53	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-04-24 16:53 . 2013-04-24 16:53	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-04-24 16:53 . 2013-04-24 16:53	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-04-24 16:53 . 2013-04-24 16:53	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-24 16:53 . 2013-04-24 16:53	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-04-24 16:53 . 2013-04-24 16:53	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-04-24 16:53 . 2013-04-24 16:53	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-04-24 16:53 . 2013-04-24 16:53	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-04-24 16:53 . 2013-04-24 16:53	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-04-24 16:53 . 2013-04-24 16:53	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-04-24 16:53 . 2013-04-24 16:53	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-04-24 16:53 . 2013-04-24 16:53	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-24 16:53 . 2013-04-24 16:53	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-04-24 16:53 . 2013-04-24 16:53	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-04-24 16:53 . 2013-04-24 16:53	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-24 16:53 . 2013-04-24 16:53	221184	----a-w-	c:\windows\system32\UIAnimation.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-02-15 19:59	197920	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2010-09-02 2158592]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"Yontoo Desktop"="c:\users\ubor\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-02-15 42784]
"DAEMON Tools Lite"="f:\programme\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"Logitech G35"="c:\program files\Logitech Gaming Software\Logitech\G35\G35.exe" [2010-10-05 1811800]
.
c:\users\ubor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
msconfig.lnk - c:\windows\System32\rundll32.exe c:\progra~3\or3zd.dat,FG00 [2009-7-14 45568]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-03 23:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.2.254
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Planescape - Torment - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-29  21:34:48
ComboFix-quarantined-files.txt  2013-06-29 19:34
.
Vor Suchlauf: 11 Verzeichnis(se), 42.698.723.328 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 42.798.116.864 Bytes frei
.
- - End Of File - - 83D028E7847AF606F25247A49F41F497
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

Polizei-Startseite DZ3RO.JS Virus - fast nichts geht mehr

Plagegeister aller Art und deren Bekämpfung: Polizei-Startseite DZ3RO.JS Virus - fast nichts geht mehr

Polizei-Startseite DZ3RO.JS Virus - fast nichts geht mehr

Ähnliche Themen: Polizei-Startseite DZ3RO.JS Virus - fast nichts geht mehr