Trojaner-Board - Bundestrojaner

Jetzt die Combofix.txt

Combofix Logfile:

Code:

ComboFix 13-05-16.02 - Paul 17.05.2013  21:40:24.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.6430 [GMT 2:00]

ausgeführt von:: c:\users\Netz\Desktop\ComboFix.exe

AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee  Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Im Speicher befindliches AV aktiv.

.

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\prefs.js

c:\users\Netz\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk

c:\users\Netz\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk

c:\users\Paul\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk

c:\users\Paul\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-04-17 bis 2013-05-17  ))))))))))))))))))))))))))))))

.

.

2013-05-17 19:49 . 2013-05-17 19:49        --------        d-----w-        c:\users\Paul\AppData\Local\temp

2013-05-17 19:49 . 2013-05-17 19:49        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-05-16 15:42 . 2013-05-16 15:42        --------        d-----w-        c:\program files (x86)\Common Files\Java

2013-05-16 15:41 . 2013-05-16 15:41        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-16 15:37 . 2013-05-16 15:37        --------        d-----w-        c:\program files (x86)\Common Files\Adobe

2013-05-15 15:12 . 2013-05-15 15:12        --------        d-----w-        c:\programdata\DeviceVm

2013-05-15 15:09 . 2013-05-15 15:10        99        ----a-w-        c:\windows\DeleteOnReboot.bat

2013-05-14 19:24 . 2013-05-14 19:24        --------        d-----w-        C:\_OTL

2013-05-13 13:42 . 2013-05-13 14:02        --------        d-----w-        c:\programdata\HitmanPro

2013-05-12 15:28 . 2013-05-12 15:28        --------        d-----w-        c:\users\Paul\AppData\Roaming\Malwarebytes

2013-05-12 15:28 . 2013-05-12 15:28        --------        d-----w-        c:\programdata\Malwarebytes

2013-05-12 15:27 . 2013-05-12 15:27        --------        d-----w-        c:\users\Paul\AppData\Local\Programs

2013-05-12 11:51 . 2013-05-12 11:51        --------        d-----w-        c:\users\Netz

2013-05-08 19:59 . 2013-05-08 19:59        --------        d-----w-        c:\users\Paul\AppData\Local\Arktos

2013-05-08 19:59 . 2013-05-08 19:59        --------        d-----w-        c:\users\Paul\AppData\Local\CrashRpt

2013-05-08 19:57 . 2010-02-04 08:01        24920        ----a-w-        c:\windows\system32\X3DAudio1_7.dll

2013-05-08 19:20 . 2013-05-09 18:59        --------        d-----w-        c:\program files (x86)\Common Files\Steam

2013-05-08 19:20 . 2013-05-12 10:50        --------        d-----w-        c:\program files (x86)\Steam

2013-04-26 15:54 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-16 15:41 . 2012-05-22 17:19        866720        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2013-05-16 15:41 . 2012-05-22 17:19        788896        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2013-05-14 19:37 . 2012-05-21 15:05        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-14 19:37 . 2012-05-21 15:05        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-09 19:14 . 2011-09-24 18:48        72702784        ----a-w-        c:\windows\system32\MRT.exe

2013-04-07 08:54 . 2012-09-01 21:14        1455408        ----a-w-        c:\windows\system32\dmwu.exe

2013-04-07 08:53 . 2012-09-01 21:14        33792        ----a-w-        c:\windows\system32\ImHttpComm.dll

2013-04-03 19:33 . 2013-01-26 16:32        963488        ----a-w-        c:\windows\system32\deployJava1.dll

2013-04-03 19:33 . 2013-01-26 16:32        1085344        ----a-w-        c:\windows\system32\npDeployJava1.dll

2013-03-19 06:04 . 2013-04-09 19:08        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-09 19:08        43520        ----a-w-        c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-09 19:08        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-09 19:08        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-09 19:08        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-09 19:08        112640        ----a-w-        c:\windows\system32\smss.exe

2013-03-01 03:36 . 2013-04-09 19:08        3153408        ----a-w-        c:\windows\system32\win32k.sys

2013-02-22 06:57 . 2013-04-09 19:13        17817088        ----a-w-        c:\windows\system32\mshtml.dll

2013-02-22 06:29 . 2013-04-09 19:13        10925568        ----a-w-        c:\windows\system32\ieframe.dll

2013-02-22 06:27 . 2013-04-09 19:13        2312704        ----a-w-        c:\windows\system32\jscript9.dll

2013-02-22 06:21 . 2013-04-09 19:13        1346560        ----a-w-        c:\windows\system32\urlmon.dll

2013-02-22 06:20 . 2013-04-09 19:13        1392128        ----a-w-        c:\windows\system32\wininet.dll

2013-02-22 06:19 . 2013-04-09 19:13        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl

2013-02-22 06:18 . 2013-04-09 19:13        237056        ----a-w-        c:\windows\system32\url.dll

2013-02-22 06:17 . 2013-04-09 19:13        85504        ----a-w-        c:\windows\system32\jsproxy.dll

2013-02-22 06:15 . 2013-04-09 19:13        173056        ----a-w-        c:\windows\system32\ieUnatt.exe

2013-02-22 06:15 . 2013-04-09 19:13        599040        ----a-w-        c:\windows\system32\vbscript.dll

2013-02-22 06:15 . 2013-04-09 19:13        816640        ----a-w-        c:\windows\system32\jscript.dll

2013-02-22 06:14 . 2013-04-09 19:13        729088        ----a-w-        c:\windows\system32\msfeeds.dll

2013-02-22 06:13 . 2013-04-09 19:13        2147840        ----a-w-        c:\windows\system32\iertutil.dll

2013-02-22 06:13 . 2013-04-09 19:13        96768        ----a-w-        c:\windows\system32\mshtmled.dll

2013-02-22 06:12 . 2013-04-09 19:13        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2013-02-22 06:09 . 2013-04-09 19:13        248320        ----a-w-        c:\windows\system32\ieui.dll

2013-02-22 03:46 . 2013-04-09 19:13        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll

2013-02-22 03:38 . 2013-04-09 19:13        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll

2013-02-22 03:37 . 2013-04-09 19:13        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2013-02-22 03:34 . 2013-04-09 19:13        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2013-02-22 03:34 . 2013-04-09 19:13        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll

2013-02-22 03:31 . 2013-04-09 19:13        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2013-02-19 12:59 . 2012-05-21 14:59        70112        ----a-w-        c:\windows\system32\drivers\cfwids.sys

2013-02-19 12:56 . 2012-05-21 14:59        340216        ----a-w-        c:\windows\system32\drivers\mfewfpk.sys

2013-02-19 12:56 . 2012-05-21 14:53        182752        ----a-w-        c:\windows\system32\mfevtps.exe

2013-02-19 12:55 . 2012-05-21 15:00        10728        ----a-w-        c:\windows\system32\drivers\mfeclnk.sys

2013-02-19 12:55 . 2012-05-21 14:59        106552        ----a-w-        c:\windows\system32\drivers\mferkdet.sys

2013-02-19 12:54 . 2012-02-22 11:29        771536        ----a-w-        c:\windows\system32\drivers\mfehidk.sys

2013-02-19 12:53 . 2012-05-21 14:59        515968        ----a-w-        c:\windows\system32\drivers\mfefirek.sys

2013-02-19 12:53 . 2012-05-21 14:59        309840        ----a-w-        c:\windows\system32\drivers\mfeavfk.sys

2013-02-19 12:52 . 2012-02-22 11:29        179280        ----a-w-        c:\windows\system32\drivers\mfeapfk.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE" [2011-04-25 239488]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-07-07 393216]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

maxdome Download Manager.lnk - c:\program files (x86)\maxdome\DCBin\DCTrayApp.exe [2009-5-1 88808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]

S2 Prosieben;maxdome Download Manager;c:\program files (x86)\maxdome\DCBin\DCService.exe [2009-05-01 77032]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]

S3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\DRIVERS\PciPPorts.sys [2009-07-23 96768]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - mfeavfk01

.

Inhalt des "geplante Tasks" Ordners

.

2013-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 19:37]

.

2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-26 16:17]

.

2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-26 16:17]

.

2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1515978161-3659540630-241544126-1000Core.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 15:07]

.

2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1515978161-3659540630-241544126-1000UA.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 15:07]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"*Restore"="c:\windows\System32\rstrui.exe" [2010-11-21 296960]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.de/

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearchAssistant = hxxp://www.google.com

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-OSM Map of Germany - c:\garmin\Maps\OSM Map of Germany\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Prosieben]

"ImagePath"="\"c:\program files (x86)\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-05-17  22:00:25

ComboFix-quarantined-files.txt  2013-05-17 20:00

.

Vor Suchlauf: 14 Verzeichnis(se), 543.267.692.544 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 543.281.856.512 Bytes frei

.

- - End Of File - - C1D75AA9E5A1345F46E147771586962A

--- --- ---

So, ComboFix ist durchgelaufen

Code:

Combofix Logfile:
 

        Code:


        
ComboFix 13-05-18.04 - Paul 20.05.2013  10:04:17.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.6504 [GMT 2:00]

ausgeführt von:: c:\users\Paul\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Paul\Desktop\CFScript.txt

AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee  Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-04-20 bis 2013-05-20  ))))))))))))))))))))))))))))))

.

.

2013-05-20 08:13 . 2013-05-20 08:13        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-05-19 15:49 . 2013-05-05 21:36        17818624        ----a-w-        c:\windows\system32\mshtml.dll

2013-05-19 15:49 . 2013-05-05 21:16        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2013-05-19 15:49 . 2013-05-05 19:12        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2013-05-19 15:46 . 2013-02-27 05:52        14172672        ----a-w-        c:\windows\system32\shell32.dll

2013-05-17 20:00 . 2013-05-20 08:13        --------        d-----w-        c:\users\Paul\AppData\Local\temp

2013-05-16 15:42 . 2013-05-16 15:42        --------        d-----w-        c:\program files (x86)\Common Files\Java

2013-05-16 15:41 . 2013-05-16 15:41        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-16 15:37 . 2013-05-16 15:37        --------        d-----w-        c:\program files (x86)\Common Files\Adobe

2013-05-15 15:12 . 2013-05-15 15:12        --------        d-----w-        c:\programdata\DeviceVm

2013-05-15 15:09 . 2013-05-15 15:10        99        ----a-w-        c:\windows\DeleteOnReboot.bat

2013-05-14 19:24 . 2013-05-14 19:24        --------        d-----w-        C:\_OTL

2013-05-13 13:42 . 2013-05-13 14:02        --------        d-----w-        c:\programdata\HitmanPro

2013-05-12 15:28 . 2013-05-12 15:28        --------        d-----w-        c:\users\Paul\AppData\Roaming\Malwarebytes

2013-05-12 15:28 . 2013-05-12 15:28        --------        d-----w-        c:\programdata\Malwarebytes

2013-05-12 15:27 . 2013-05-12 15:27        --------        d-----w-        c:\users\Paul\AppData\Local\Programs

2013-05-12 11:51 . 2013-05-12 11:51        --------        d-----w-        c:\users\Netz

2013-05-08 19:59 . 2013-05-08 19:59        --------        d-----w-        c:\users\Paul\AppData\Local\Arktos

2013-05-08 19:59 . 2013-05-08 19:59        --------        d-----w-        c:\users\Paul\AppData\Local\CrashRpt

2013-05-08 19:57 . 2010-02-04 08:01        24920        ----a-w-        c:\windows\system32\X3DAudio1_7.dll

2013-05-08 19:20 . 2013-05-09 18:59        --------        d-----w-        c:\program files (x86)\Common Files\Steam

2013-05-08 19:20 . 2013-05-20 07:55        --------        d-----w-        c:\program files (x86)\Steam

2013-04-26 15:54 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-19 15:53 . 2011-09-24 18:48        75016696        ----a-w-        c:\windows\system32\MRT.exe

2013-05-16 15:41 . 2012-05-22 17:19        866720        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2013-05-16 15:41 . 2012-05-22 17:19        788896        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2013-05-14 19:37 . 2012-05-21 15:05        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-14 19:37 . 2012-05-21 15:05        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-13 05:49 . 2013-05-19 15:46        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-19 15:46        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-19 15:46        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-19 15:46        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-19 15:46        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-19 15:46        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll

2013-04-07 08:54 . 2012-09-01 21:14        1455408        ----a-w-        c:\windows\system32\dmwu.exe

2013-04-07 08:53 . 2012-09-01 21:14        33792        ----a-w-        c:\windows\system32\ImHttpComm.dll

2013-04-03 19:33 . 2013-01-26 16:32        963488        ----a-w-        c:\windows\system32\deployJava1.dll

2013-04-03 19:33 . 2013-01-26 16:32        1085344        ----a-w-        c:\windows\system32\npDeployJava1.dll

2013-03-19 06:04 . 2013-04-09 19:08        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-09 19:08        43520        ----a-w-        c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-09 19:08        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-09 19:08        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-09 19:08        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-09 19:08        112640        ----a-w-        c:\windows\system32\smss.exe

2013-02-19 12:59 . 2012-05-21 14:59        70112        ----a-w-        c:\windows\system32\drivers\cfwids.sys

2013-02-19 12:56 . 2012-05-21 14:59        340216        ----a-w-        c:\windows\system32\drivers\mfewfpk.sys

2013-02-19 12:56 . 2012-05-21 14:53        182752        ----a-w-        c:\windows\system32\mfevtps.exe

2013-02-19 12:55 . 2012-05-21 15:00        10728        ----a-w-        c:\windows\system32\drivers\mfeclnk.sys

2013-02-19 12:55 . 2012-05-21 14:59        106552        ----a-w-        c:\windows\system32\drivers\mferkdet.sys

2013-02-19 12:54 . 2012-02-22 11:29        771536        ----a-w-        c:\windows\system32\drivers\mfehidk.sys

2013-02-19 12:53 . 2012-05-21 14:59        515968        ----a-w-        c:\windows\system32\drivers\mfefirek.sys

2013-02-19 12:53 . 2012-05-21 14:59        309840        ----a-w-        c:\windows\system32\drivers\mfeavfk.sys

2013-02-19 12:52 . 2012-02-22 11:29        179280        ----a-w-        c:\windows\system32\drivers\mfeapfk.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE" [2011-04-25 239488]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-07-07 393216]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

maxdome Download Manager.lnk - c:\program files (x86)\maxdome\DCBin\DCTrayApp.exe [2009-5-1 88808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]

S2 Prosieben;maxdome Download Manager;c:\program files (x86)\maxdome\DCBin\DCService.exe [2009-05-01 77032]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]

S3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\DRIVERS\PciPPorts.sys [2009-07-23 96768]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - mfeavfk01

.

Inhalt des "geplante Tasks" Ordners

.

2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 19:37]

.

2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-26 16:17]

.

2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-26 16:17]

.

2013-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1515978161-3659540630-241544126-1000Core.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 15:07]

.

2013-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1515978161-3659540630-241544126-1000UA.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 15:07]

.

.

--------- X64 Entries -----------

.

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.de/

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearchAssistant = hxxp://www.google.com

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-OSM Map of Germany - c:\garmin\Maps\OSM Map of Germany\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Prosieben]

"ImagePath"="\"c:\program files (x86)\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-05-20  10:25:51

ComboFix-quarantined-files.txt  2013-05-20 08:25

ComboFix2.txt  2013-05-17 20:00

.

Vor Suchlauf: 20 Verzeichnis(se), 550.768.607.232 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 550.477.692.928 Bytes frei

.

- - End Of File - - 00DA672D170D261C380BA42DC745BA8D

 
--- --- ---