| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows wurde aus Sicherheitsgründen gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.03.2012, 17:06
| #1 |
| |  Windows wurde aus Sicherheitsgründen gesperrt Hallo, ich habe auch das Problem das ich den Virus/Trojaner habe, durch den der schwarze Bildschirm erscheint mit der Aufforderung Geld zu zahlen. Ich habe Combofix schon durchlaufen lassen und kann das infizierte Windows 7 nun auch wieder benutzen. Aber Malwarebytes sowie Antivir lassen sich nicht updaten. Error 732 (0,0). Habe die Firewall ausgestellt und die Lan Einstellungen überprüft (Automatische Suche der Einstellungen), es geht trotzdem nicht. Hier der Combofix Log Code:
ATTFilter ComboFix 12-03-27.03 - Speed-PC 28.03.2012 17:39:50.3.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4095.2532 [GMT 2:00]
ausgeführt von:: e:\users\Speed-PC\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-28 ))))))))))))))))))))))))))))))
.
.
2012-03-28 15:44 . 2012-03-28 15:44 -------- d-----w- e:\users\Default\AppData\Local\temp
2012-03-28 15:33 . 2012-03-28 15:33 -------- d-----w- e:\program files\CCleaner
2012-03-27 23:18 . 2012-03-14 03:27 8669240 ----a-w- e:\programdata\Microsoft\Windows Defender\Definition Updates\{FAE734C0-4642-4045-BD07-D30281991C34}\mpengine.dll
2012-03-27 23:12 . 2012-03-27 23:12 -------- d-----w- e:\users\Speed-PC\AppData\Roaming\Malwarebytes
2012-03-27 23:12 . 2009-09-10 12:54 38224 ----a-w- e:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-03-27 23:12 . 2012-03-27 23:12 -------- d-----w- e:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-27 23:12 . 2012-03-27 23:12 -------- d-----w- e:\programdata\Malwarebytes
2012-03-27 23:12 . 2009-09-10 12:53 22104 ----a-w- e:\windows\system32\drivers\mbam.sys
2012-03-26 17:16 . 2012-03-26 17:16 -------- d-----w- e:\users\Speed-PC\AppData\Roaming\Internet Exprorer Add-on
2012-03-19 18:29 . 2012-03-19 18:29 592824 ----a-w- e:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 18:29 . 2012-03-19 18:29 44472 ----a-w- e:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 10:15 . 2011-11-19 18:30 5504880 ----a-w- e:\windows\system32\ntoskrnl.exe
2012-03-14 10:15 . 2011-11-19 14:25 3957616 ----a-w- e:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:15 . 2011-11-19 14:25 3902320 ----a-w- e:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:44 . 2012-02-15 06:27 1031680 ----a-w- e:\windows\system32\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 05:44 826368 ----a-w- e:\windows\SysWow64\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 04:47 204800 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:44 . 2012-02-15 04:46 23552 ----a-w- e:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-03-02 17:52 279656 ------w- e:\windows\system32\MpSigStub.exe
2012-02-21 10:26 . 2012-02-21 10:26 86528 ----a-w- e:\windows\SysWow64\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26 76800 ----a-w- e:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26 74752 ----a-w- e:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26 63488 ----a-w- e:\windows\SysWow64\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26 48640 ----a-w- e:\windows\SysWow64\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26 367104 ----a-w- e:\windows\SysWow64\html.iec
2012-02-21 10:26 . 2012-02-21 10:26 1798656 ----a-w- e:\windows\SysWow64\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26 161792 ----a-w- e:\windows\SysWow64\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26 1127424 ----a-w- e:\windows\SysWow64\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26 110592 ----a-w- e:\windows\SysWow64\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26 74752 ----a-w- e:\windows\SysWow64\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26 89088 ----a-w- e:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26 420864 ----a-w- e:\windows\SysWow64\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26 35840 ----a-w- e:\windows\SysWow64\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26 2382848 ----a-w- e:\windows\SysWow64\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26 2382848 ----a-w- e:\windows\system32\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26 23552 ----a-w- e:\windows\SysWow64\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26 222208 ----a-w- e:\windows\system32\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26 173056 ----a-w- e:\windows\system32\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26 152064 ----a-w- e:\windows\SysWow64\wextract.exe
2012-02-21 10:26 . 2012-02-21 10:26 150528 ----a-w- e:\windows\SysWow64\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26 142848 ----a-w- e:\windows\SysWow64\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26 1427456 ----a-w- e:\windows\SysWow64\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26 1390080 ----a-w- e:\windows\system32\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26 11776 ----a-w- e:\windows\SysWow64\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26 101888 ----a-w- e:\windows\SysWow64\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26 91648 ----a-w- e:\windows\system32\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26 85504 ----a-w- e:\windows\system32\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26 76800 ----a-w- e:\windows\system32\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26 49664 ----a-w- e:\windows\system32\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26 48640 ----a-w- e:\windows\system32\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26 448512 ----a-w- e:\windows\system32\html.iec
2012-02-21 10:26 . 2012-02-21 10:26 30720 ----a-w- e:\windows\system32\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26 2308096 ----a-w- e:\windows\system32\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26 1493504 ----a-w- e:\windows\system32\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26 135168 ----a-w- e:\windows\system32\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26 12288 ----a-w- e:\windows\system32\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26 114176 ----a-w- e:\windows\system32\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26 111616 ----a-w- e:\windows\system32\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26 603648 ----a-w- e:\windows\system32\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26 165888 ----a-w- e:\windows\system32\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26 160256 ----a-w- e:\windows\system32\wextract.exe
2012-02-04 10:04 . 2012-02-04 10:04 67584 ----a-w- e:\windows\system32\drivers\vrtaucbl.sys
2012-02-04 00:17 . 2012-02-04 00:17 419840 ----a-w- e:\windows\system32\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17 413696 ----a-w- e:\windows\SysWow64\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17 133632 ----a-w- e:\windows\system32\OpenAL32.dll
2012-02-04 00:17 . 2012-02-04 00:17 110592 ----a-w- e:\windows\SysWow64\OpenAL32.dll
2012-02-03 21:45 . 2011-11-15 10:37 414368 ----a-w- e:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 21:36 . 2012-02-03 21:36 335288 ----a-w- e:\windows\system32\drivers\acedrv11.sys
2012-01-04 09:58 . 2012-02-16 10:13 509952 ----a-w- e:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-16 10:13 442880 ----a-w- e:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-16 10:13 515584 ----a-w- e:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-16 10:13 478208 ----a-w- e:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_23.07.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-03 21:47 . 2012-03-28 13:46 48886 e:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-28 13:46 32548 e:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-03 09:29 . 2012-03-28 13:46 14766 e:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3023865418-1405554827-2073565710-1001_UserData.bin
- 2010-03-02 17:32 . 2012-03-23 23:30 16384 e:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 17:32 . 2012-03-28 15:33 16384 e:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 17:32 . 2012-03-28 15:33 32768 e:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 17:32 . 2012-03-23 23:30 32768 e:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-28 15:33 16384 e:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-23 23:30 16384 e:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-28 13:27 93624 e:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-03-27 23:06 . 2012-03-27 23:06 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-28 15:46 . 2012-03-28 15:46 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-28 15:46 . 2012-03-28 15:46 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-27 23:06 . 2012-03-27 23:06 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-27 22:57 616032 e:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-28 13:48 616032 e:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2012-03-28 13:48 654150 e:\windows\system32\perfh007.dat
- 2009-07-14 17:58 . 2012-03-27 22:57 654150 e:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-03-28 13:48 106412 e:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-27 22:57 106412 e:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2012-03-27 22:57 130022 e:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2012-03-28 13:48 130022 e:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-03-27 23:05 325052 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-28 15:45 325052 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-11 23:38 . 2012-03-27 23:05 2351488 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-11 23:38 . 2012-03-28 13:42 2351488 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-03 14:42 . 2012-03-28 15:45 1659077 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3023865418-1405554827-2073565710-1001-12288.dat
- 2011-11-03 14:42 . 2012-02-04 00:18 1659077 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3023865418-1405554827-2073565710-1001-12288.dat
+ 2009-07-14 02:34 . 2012-03-28 14:30 10485760 e:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-03-26 17:16 10485760 e:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-10-12 01:11 . 2012-03-28 15:45 17088044 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3023865418-1405554827-2073565710-1001-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- e:\program files (x86)\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29 241872 ----a-w- e:\program files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "e:\program files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Akamai NetSession Interface"="e:\users\Speed-PC\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="e:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SoundMAXPnP"="e:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"LifeCam"="e:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - e:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;e:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);e:\windows\system32\DRIVERS\vrtaucbl.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;e:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-08 1436424]
R3 McComponentHostService;McAfee Security Scan Component Host Service;e:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;e:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;e:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 sptd;sptd;e:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;e:\windows\system32\drivers\acedrv11.sys [x]
S2 Akamai;Akamai NetSession Interface;e:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager;e:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdW76.sys [x]
S3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);e:\windows\system32\DRIVERS\HPMo4DE3.sys [x]
S3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);e:\windows\system32\Drivers\HPub4DE3.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;e:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-28 e:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- d:\programme win7\bin\win64\MATLABStartupAccelerator.exe [2011-11-02 14:34]
.
.
--------- x86-64 -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = e:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=drive
mLocal Page = e:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Free YouTube Download - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - e:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - e:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 83.169.185.161 83.169.185.225
FF - ProfilePath - e:\users\Speed-PC\AppData\Roaming\Mozilla\Firefox\Profiles\691qcyz4.default\
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 84cbead70000000000007a7905a871f7
FF - user.js: extensions.softonic_i.instlDay - 15373
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.522:34
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00015
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="e:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
e:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
e:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
e:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-28 17:50:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-28 15:50
ComboFix2.txt 2012-03-28 13:53
ComboFix3.txt 2012-03-27 23:11
.
Vor Suchlauf: 18 Verzeichnis(se), 23.087.230.976 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 23.413.313.536 Bytes frei
.
- - End Of File - - A9AF9F24F596276D2241C7F1DD4E97EA
Würde mich sehr über Hilfe freuen. |
| Themen zu Windows wurde aus Sicherheitsgründen gesperrt |
| akamai, antivir, avgnt, avira, bildschirm, browser, combofix, converter, desktop, error, firefox, geld, helper, internet, internet explorer, mozilla, mp3, problem, scan, schwarze bildschirm, security, security scan, softonic, svchost.exe, system, updates, virus/trojaner, vista, win64, windows |
Baum-Darstellung