Schwarzer Bildschirm: ACHTUNG! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.

markusg · 09.02.2012, 18:11

hi,
danke.
es wird aber bitte ausschließlich nur auf den von mir genannten seiten gesurft, bis wir fertig sind.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

legte · 09.02.2012, 18:50

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-02-09.04 - McBong 09.02.2012  18:21:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2045.917 [GMT 1:00]
ausgeführt von:: c:\users\McBong\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\drv\Tuner\Yuan\Resources\_desktop.ini
C:\polaroidexe
c:\polaroidexe\config.bin
c:\program files\Automated Content Enhancer
c:\program files\Automated Content Enhancer\4.1.0.5290\ACECommon.dll
c:\program files\Automated Content Enhancer\4.1.0.5290\Data\config.md
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\chrome.manifest
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\chrome\ACEAddOn.jar
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.js
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.xul
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.dll
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.xpt
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFHelperComponent.js
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\install.rdf
c:\program files\Automated Content Enhancer\4.1.0.5290\unins000.dat
c:\program files\Content Management Wizard
c:\program files\Content Management Wizard\1.1.0.1990\cmwsh.dll
c:\program files\Content Management Wizard\1.1.0.1990\config.mx
c:\program files\Content Management Wizard\1.1.0.1990\data.mx
c:\program files\Content Management Wizard\1.1.0.1990\exclude.mx
c:\program files\Content Management Wizard\1.1.0.1990\MatchingData.zd5
c:\program files\Content Management Wizard\1.1.0.1990\pxtmpdata.mx
c:\program files\Content Management Wizard\1.1.0.1990\unins000.dat
c:\program files\Content Management Wizard\1.1.0.1990\unins000.exe
c:\program files\Customized Platform Advancer
c:\program files\Customized Platform Advancer\4.1.0.1960\CPACommon.dll
c:\program files\Customized Platform Advancer\4.1.0.1960\Data\config.md
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\chrome.manifest
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\chrome\content\CPAAddOn.js
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\chrome\content\CPAAddOn.xul
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\chrome\CPAAddOn.jar
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.dll
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.xpt
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFHelperComponent.js
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\install.rdf
c:\program files\Customized Platform Advancer\4.1.0.1960\unins000.dat
c:\program files\Internet Today
c:\program files\Internet Today\1.1.0.1260\InternetToday.ico
c:\program files\Internet Today\1.1.0.1260\InternetToday.skf
c:\program files\Internet Today\1.1.0.1260\mfc80.dll
c:\program files\Internet Today\1.1.0.1260\Microsoft.VC80.CRT.manifest
c:\program files\Internet Today\1.1.0.1260\Microsoft.VC80.MFC.manifest
c:\program files\Internet Today\1.1.0.1260\msvcr80.dll
c:\program files\Internet Today\1.1.0.1260\SkinCrafterDll.dll
c:\program files\Internet Today\1.1.0.1260\unins000.dat
c:\program files\Internet Today\1.1.0.1260\unins000.exe
c:\program files\QuestService
c:\program files\QuestService\uninstall.exe
c:\program files\Textual Content Provider
c:\program files\Textual Content Provider\1.1.0.1810\data\pxtmpdata.mx
c:\program files\Textual Content Provider\1.1.0.1810\data\TP_Config.mx
c:\program files\Textual Content Provider\1.1.0.1810\data\TP_Data.mx
c:\program files\Textual Content Provider\1.1.0.1810\data\TP_DomainExcludeList.mx
c:\program files\Textual Content Provider\1.1.0.1810\data\TP_DomainInterval.mx
c:\program files\Textual Content Provider\1.1.0.1810\data\TP_KeywordInterval.mx
c:\program files\Textual Content Provider\1.1.0.1810\TCPIe.dll
c:\program files\Textual Content Provider\1.1.0.1810\unins000.dat
c:\program files\Textual Content Provider\1.1.0.1810\unins000.exe
c:\program files\Web Search Operator
c:\program files\Web Search Operator\4.1.0.2080\Data\config.md
c:\program files\Web Search Operator\4.1.0.2080\FF\chrome.manifest
c:\program files\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.js
c:\program files\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.xul
c:\program files\Web Search Operator\4.1.0.2080\FF\chrome\WSOAddOn.jar
c:\program files\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.xpt
c:\program files\Web Search Operator\4.1.0.2080\FF\components\WSOFFHelperComponent.js
c:\program files\Web Search Operator\4.1.0.2080\FF\install.rdf
c:\program files\Web Search Operator\4.1.0.2080\unins000.dat
c:\program files\Web Search Operator\4.1.0.2080\unins000.exe
c:\program files\Web Search Operator\4.1.0.2080\WSOCommon.dll
c:\programdata\QuestService
c:\users\McBong\AppData\Local\Internet Today
c:\users\McBong\AppData\Local\Textual Content Provider
c:\users\McBong\AppData\Local\Textual Content Provider\1.1.0.1810\Data\TP_Config.mx
c:\users\McBong\AppData\Local\Textual Content Provider\1.1.0.1810\Data\TP_Data.mx
c:\users\McBong\AppData\Local\Textual Content Provider\1.1.0.1810\Data\TP_DomainExcludeList.mx
c:\users\McBong\AppData\Local\Textual Content Provider\1.1.0.1810\Data\TP_DomainInterval.mx
c:\users\McBong\AppData\Local\Textual Content Provider\1.1.0.1810\Data\TP_KeywordInterval.mx
c:\users\McBong\AppData\Roaming\805A.90A
c:\users\McBong\AppData\Roaming\AcroIEHelpe.txt
c:\users\McBong\AppData\Roaming\srvblck2.tmp
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\vjocx.dll
c:\windows\system32\uninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
-------\Service_QuestService Service
-------\Service_vvdsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-09 bis 2012-02-09  ))))))))))))))))))))))))))))))
.
.
2012-02-09 17:36 . 2012-02-09 17:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-09 16:31 . 2012-02-09 16:41	--------	d-----w-	C:\_OTL
2012-02-08 08:16 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5D32732-4DC4-4CE0-A2AD-AA1C2D9480B1}\mpengine.dll
2012-01-11 10:56 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-11 10:56 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-11 10:56 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-11 10:56 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-11 10:56 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-11 10:56 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
2012-01-11 09:20 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-01-11 09:20 . 2011-10-14 16:03	189952	----a-w-	c:\windows\system32\winmm.dll
2012-01-11 09:20 . 2011-10-14 16:00	23552	----a-w-	c:\windows\system32\mciseq.dll
2012-01-11 09:20 . 2011-11-18 20:23	1205064	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 09:20 . 2011-11-25 15:59	376320	----a-w-	c:\windows\system32\winsrv.dll
2012-01-11 09:20 . 2011-12-01 15:21	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 09:19 . 2011-10-25 15:58	1314816	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 09:19 . 2011-10-25 15:58	497152	----a-w-	c:\windows\system32\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-10-05 15:39	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-11-23 13:37 . 2011-12-14 08:12	2043904	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08	2393184	----a-w-	c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\steam\Steam.exe" [2011-08-04 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-07 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-05 266497]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-09-03 536576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-13 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Patience"="c:\windows\Patience.exe" [2010-03-23 332800]
"stsvc"="c:\windows\stsvc.exe" [2010-03-23 5120]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
.
c:\users\McBong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Miranda Fusion.lnk - c:\program files\MirandaFusion\miranda32.exe [2008-4-6 552021]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-14 535336]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-5-14 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-14 692224]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-10-27 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2944183903-2455385367-4239640993-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
vvdsvc	REG_MULTI_SZ   	vvdsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyServer = 78.49.66.2.:80
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Free YouTube to Mp3 Converter - c:\users\McBong\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: everestpoker.com\account
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE6B6425-C3F3-4BAA-9ADA-265205FA243A}: NameServer = 213.191.92.86 62.109.123.7
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\McBong\AppData\Roaming\Mozilla\Firefox\Profiles\e9u709uq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuestService: {AAF6454A-4000-4015-84C1-6CD844C06B19} - c:\program files\Mozilla Firefox\extensions\{AAF6454A-4000-4015-84C1-6CD844C06B19}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{8AB43529-97E6-4FB7-9A60-1DD00B0D475B} - c:\windows\system32\MSVjdCtl.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-VideoBarApp - c:\program files\Gameztar Toolbar\2.1.3.6670\mvbapp.exe
HKCU-Run-Canaveral - c:\windows\system32\sshnas21.dll
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe
HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
HKLM-Run-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-Internet Today Task - c:\program files\Internet Today\1.1.0.1260\InternetToday.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-bwin Poker_is1 - c:\bwinpoker\unins000.exe
AddRemove-CitiesOnline - c:\program files\Cities Online\uninstall.exe
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\10.0.648.204\Installer\setup.exe
AddRemove-QuestService - c:\program files\QuestService\uninstall.exe
AddRemove-R for Windows 2.9.2_is1 - c:\program files\R\R-2.9.2\unins000.exe
AddRemove-Rasche`s Doppelkopf 2.0 & 3.3 - c:\program files\Rasche`s Doppelkopf 2.0 & 3.3\Uninstal.exe
AddRemove-Tinn-R_is1 - c:\tinn-r\unins000.exe
AddRemove-TripleAVersion1_1_1_0 - c:\program files\TripleA\TripleA_1_1_1_0\uninstaller.exe
AddRemove-Urlaubsparadies Tycoon 2011_is1 - c:\program files\Urlaubsparadies Tycoon 2011\unins000.exe
AddRemove-UseNeXT_is1 - c:\program files\UseNeXT\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2944183903-2455385367-4239640993-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5d,fd,c9,07,84,fc,b1,d1,b5,8a,93,27,ce,07,f8,11,c8,c3,58,21,af,d8,da,
   cf,5f,5d,17,d9,54,0b,c9,a2,7a,35,78,3b,7c,5e,59,6a,4f,5b,9b,ab,6f,d2,5c,20,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18
.
[HKEY_USERS\S-1-5-21-2944183903-2455385367-4239640993-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:fb,42,99,15,ea,3c,65,72,30,54,b2,a6,88,08,d5,69,d5,c6,7e,4e,a7,
   d9,09,f0,ba,94,f3,03,56,7b,34,2c,b3,c4,93,4c,2b,1c,9c,68,c9,78,33,35,a6,26,\
"rkeysecu"=hex:62,41,a2,75,43,76,bc,39,04,53,05,01,01,95,d3,1b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4356)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\acer\ALaunch\ALaunchSvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\BBSvc.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\RtHDVCpl.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\runservice.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\windows\system32\PnkBstrA.exe
c:\users\McBong\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\program files\Mozilla Firefox\plugin-container.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-09  18:48:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-09 17:46
.
Vor Suchlauf: 16 Verzeichnis(se), 16.659.529.728 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 16.004.288.512 Bytes frei
.
- - End Of File - - 5E39B83FE0FA54F9206F8B523BBDFDC4

--- --- ---

Schwarzer Bildschirm: ACHTUNG! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.

Plagegeister aller Art und deren Bekämpfung: Schwarzer Bildschirm: ACHTUNG! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.

Schwarzer Bildschirm: ACHTUNG! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.

Schwarzer Bildschirm: ACHTUNG! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.

Ähnliche Themen: Schwarzer Bildschirm: ACHTUNG! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.