Trojaner-Board - BKA Virus Blockiert Rechner und verlangt freischaltung via 100 Euro U-Kash

Combofix Logfile:
Code:
ComboFix 11-08-15.07 - XXXXX 15.08.2011  16:07:11.1.4 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.2481 [GMT 2:00]

ausgeführt von:: c:\users\XXXXX\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\hpeE47C.dll

F:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-07-15 bis 2011-08-15  ))))))))))))))))))))))))))))))

.

.

2011-08-15 14:12 . 2011-08-15 14:14        --------        d-----w-        c:\users\XXXXX\AppData\Local\temp

2011-08-15 14:12 . 2011-08-15 14:12        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2011-08-14 08:56 . 2011-07-13 04:53        8578896        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABB61767-4D63-46F3-9992-E3DDDC6D3822}\mpengine.dll

2011-08-13 11:33 . 2011-08-13 11:33        --------        d-----w-        C:\_OTL

2011-08-11 14:07 . 2011-03-08 13:05        601424        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBE68FB2-150E-48CC-9108-984E7D1029B0}\gapaengine.dll

2011-08-10 20:14 . 2011-08-10 20:14        --------        d-sh--w-        c:\windows\system32\%APPDATA%

2011-08-10 15:53 . 2011-06-06 10:59        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2011-08-10 15:53 . 2011-06-06 10:59        2409784        ----a-w-        c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-08-10 15:53 . 2011-06-17 16:16        451072        ----a-w-        c:\windows\system32\winsrv.dll

2011-08-10 15:53 . 2011-07-06 15:49        275456        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 15:53 . 2011-06-17 20:14        1424272        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-08-10 15:53 . 2011-06-17 13:56        40448        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys

2011-08-10 15:53 . 2011-06-20 08:45        4699536        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-08-07 12:46 . 2011-08-07 12:45        627600        ----a-w-        c:\windows\system32\deployJava1.dll

2011-08-07 10:11 . 2011-07-13 04:53        8578896        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-08-07 07:24 . 2011-08-07 07:24        --------        d-----w-        c:\program files (x86)\Apple Software Update

2011-08-07 06:40 . 2011-08-07 06:40        --------        d-----w-        c:\users\XXXXX\AppData\Roaming\Malwarebytes

2011-08-07 06:40 . 2011-07-06 17:52        41272        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-07 06:40 . 2011-08-07 06:40        --------        d-----w-        c:\programdata\Malwarebytes

2011-08-07 06:40 . 2011-08-07 06:40        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-07 06:40 . 2011-07-06 17:52        25912        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-07-20 17:12 . 2011-05-23 04:10        --------        d-----w-        c:\program files\teamspeak3-server_win64

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 04:53 . 2011-03-08 13:06        8578896        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-06-27 19:04 . 2011-05-23 14:40        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-02 13:50 . 2011-07-13 14:50        2764288        ----a-w-        c:\windows\system32\win32k.sys

2011-05-21 04:01 . 2011-05-21 04:01        8863336        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2011-05-21 04:01 . 2011-05-21 04:01        7123560        ----a-w-        c:\windows\system32\nvcuda.dll

2011-05-21 04:01 . 2011-05-21 04:01        67176        ----a-w-        c:\windows\system32\OpenCL.dll

2011-05-21 04:01 . 2011-05-21 04:01        6555240        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll

2011-05-21 04:01 . 2011-05-21 04:01        57960        ----a-w-        c:\windows\SysWow64\OpenCL.dll

2011-05-21 04:01 . 2011-05-21 04:01        5301352        ----a-w-        c:\windows\SysWow64\nvcuda.dll

2011-05-21 04:01 . 2011-05-21 04:01        2943592        ----a-w-        c:\windows\system32\nvcuvid.dll

2011-05-21 04:01 . 2011-05-21 04:01        2804328        ----a-w-        c:\windows\SysWow64\nvcuvid.dll

2011-05-21 04:01 . 2011-05-21 04:01        2335848        ----a-w-        c:\windows\SysWow64\nvapi.dll

2011-05-21 04:01 . 2011-05-21 04:01        22286952        ----a-w-        c:\windows\system32\nvoglv64.dll

2011-05-21 04:01 . 2011-05-21 04:01        2212968        ----a-w-        c:\windows\system32\nvcuvenc.dll

2011-05-21 04:01 . 2011-05-21 04:01        2082408        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll

2011-05-21 04:01 . 2011-05-21 04:01        18583144        ----a-w-        c:\windows\system32\nvcompiler.dll

2011-05-21 04:01 . 2011-05-21 04:01        16456296        ----a-w-        c:\windows\SysWow64\nvoglv32.dll

2011-05-21 04:01 . 2011-05-21 04:01        15223912        ----a-w-        c:\windows\system32\nvd3dumx.dll

2011-05-21 04:01 . 2011-05-21 04:01        1496168        ----a-w-        c:\windows\system32\nvdispco6420150.dll

2011-05-21 04:01 . 2011-05-21 04:01        1427048        ----a-w-        c:\windows\system32\nvgenco642090.dll

2011-05-21 04:01 . 2011-05-21 04:01        13206120        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2011-05-21 04:01 . 2011-05-21 04:01        13011560        ----a-w-        c:\windows\SysWow64\nvcompiler.dll

2011-05-21 04:01 . 2011-05-21 04:01        11992680        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2011-05-21 04:01 . 2011-04-07 21:19        2560616        ----a-w-        c:\windows\system32\nvsvcr.dll

2011-05-21 04:01 . 2011-04-07 21:19        117864        ----a-w-        c:\windows\system32\nvmctray.dll

2011-05-21 04:01 . 2011-04-07 21:19        1016936        ----a-w-        c:\windows\system32\nvvsvc.exe

2011-05-21 04:01 . 2011-04-07 21:19        739432        ----a-w-        c:\windows\system32\easyupdatusapiu64.dll

2011-05-21 04:01 . 2011-04-07 21:19        6300776        ----a-w-        c:\windows\system32\nvcpl.dll

2011-05-21 04:01 . 2011-04-07 21:18        3040872        ----a-w-        c:\windows\system32\nvsvc64.dll

2011-05-21 04:01 . 2009-05-01 00:46        61544        ----a-w-        c:\windows\system32\nvshext.dll

2011-05-21 04:01 . 2008-05-22 05:34        2644584        ----a-w-        c:\windows\system32\nvapi64.dll

2011-05-18 21:07 . 2011-05-18 21:07        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-05-18 21:07 . 2011-05-18 21:07        161792        ----a-w-        c:\windows\SysWow64\msls31.dll

2011-05-18 21:07 . 2011-05-18 21:07        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe

2011-05-18 21:07 . 2011-05-18 21:07        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll

2011-05-18 21:07 . 2011-05-18 21:07        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll

2011-05-18 21:07 . 2011-05-18 21:07        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx

2011-05-18 21:07 . 2011-05-18 21:07        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll

2011-05-18 21:07 . 2011-05-18 21:07        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll

2011-05-18 21:07 . 2011-05-18 21:07        367104        ----a-w-        c:\windows\SysWow64\html.iec

2011-05-18 21:07 . 2011-05-18 21:07        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2011-05-18 21:07 . 2011-05-18 21:07        152064        ----a-w-        c:\windows\SysWow64\wextract.exe

2011-05-18 21:07 . 2011-05-18 21:07        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe

2011-05-18 21:07 . 2011-05-18 21:07        1427456        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2011-05-18 21:07 . 2011-05-18 21:07        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll

2011-05-18 21:07 . 2011-05-18 21:07        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2011-05-18 21:07 . 2011-05-18 21:07        11776        ----a-w-        c:\windows\SysWow64\mshta.exe

2011-05-18 21:07 . 2011-05-18 21:07        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll

2011-05-18 21:07 . 2011-05-18 21:07        101888        ----a-w-        c:\windows\SysWow64\admparse.dll

2011-05-18 21:07 . 2011-05-18 21:07        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2011-05-18 21:07 . 2011-05-18 21:07        222208        ----a-w-        c:\windows\system32\msls31.dll

2011-05-18 21:07 . 2011-05-18 21:07        12288        ----a-w-        c:\windows\system32\mshta.exe

2011-05-18 21:07 . 2011-05-18 21:07        114176        ----a-w-        c:\windows\system32\admparse.dll

2011-05-18 21:07 . 2011-05-18 21:07        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2011-05-18 21:07 . 2011-05-18 21:07        76800        ----a-w-        c:\windows\system32\tdc.ocx

2011-05-18 21:07 . 2011-05-18 21:07        49664        ----a-w-        c:\windows\system32\imgutil.dll

2011-05-18 21:07 . 2011-05-18 21:07        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2011-05-18 21:07 . 2011-05-18 21:07        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll

2011-05-18 21:07 . 2011-05-18 21:07        111616        ----a-w-        c:\windows\system32\iesysprep.dll

2011-05-18 21:07 . 2011-05-18 21:07        85504        ----a-w-        c:\windows\system32\iesetup.dll

2011-05-18 21:07 . 2011-05-18 21:07        603648        ----a-w-        c:\windows\system32\vbscript.dll

2011-05-18 21:07 . 2011-05-18 21:07        448512        ----a-w-        c:\windows\system32\html.iec

2011-05-18 21:07 . 2011-05-18 21:07        30720        ----a-w-        c:\windows\system32\licmgr10.dll

2011-05-18 21:07 . 2011-05-18 21:07        165888        ----a-w-        c:\windows\system32\iexpress.exe

2011-05-18 21:07 . 2011-05-18 21:07        160256        ----a-w-        c:\windows\system32\wextract.exe

2011-05-18 21:07 . 2011-05-18 21:07        1492992        ----a-w-        c:\windows\system32\inetcpl.cpl

2011-05-18 21:07 . 2011-05-18 21:07        173056        ----a-w-        c:\windows\system32\ieUnatt.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2010-11-21 4608]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-10 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]

R4 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]

S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:19]

.

2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:19]

.

2011-08-07 c:\windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job

- c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2008-11-24 14:31]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-05-20 6296064]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = 

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: Interfaces\{1C7F18F4-66FE-49B6-B8D9-1B7B3A01D8C4}: NameServer = 192.168.2.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\g1xbimo4.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.startup.homepage - 

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe

AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3668465672-3178741497-4134219737-1000\Software\SecuROM\License information*]

"datasecu"=hex:6d,6f,8a,ad,6b,7a,4f,3f,74,09,96,a5,17,e5,e8,6c,be,31,1f,d0,ce,

   79,69,49,5a,ee,da,a2,94,67,1c,79,a2,ea,55,bd,a9,bb,15,1f,8d,55,09,c2,87,02,\

"rkeysecu"=hex:9b,fb,7d,02,84,3a,18,6d,d3,de,ba,23,1f,f4,c7,49

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\ASUS\Six Engine\SixEngine.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-08-15  16:19:31 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-08-15 14:19

.

Vor Suchlauf: 10 Verzeichnis(se), 14.717.833.216 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 14.783.586.304 Bytes frei

.

- - End Of File - - 7A03EB00D1DCF06A0F5CBA1E803D5051
--- --- ---