Fehlermeldung beim Starten: "Bitte warten Sie während die Verbindung hergestellt wird".

Allmendweg · 23.04.2012, 17:57

Schritt 1, log file

Unhide by Lawrence Abrams (Grinler)
Bleeping Computer - Computer Help and Discussion
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
Unhide.exe - A introduction as to what this program does

Program started at: 04/23/2012 06:50:52 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 191032 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 20515 files processed.

The C:\Users\CATHER~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: Unhide.exe - A introduction as to what this program does

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* HideIcons was set to 1! It was set back to 0!

Restarting Explorer.exe in order to apply changes.

Program finished at: 04/23/2012 06:53:25 PM
Execution time: 0 hours(s), 2 minute(s), and 33 seconds(s)

Schritt 2 klappt nicht. Ich habe keine desktopikons. Wenn ich das SFScript.txt im Explorer ueber das combofix.exe ziehe, dann kommt folgende fehlermeldung:
C:\Users\Catherine\Desktop\Combofix.exe
Illegal operation attempted on a registry key that has been marked for deletion.

Dieselbe Meldung kommt auch, wenn ich via taskbar unten den IE oeffnen will (hier habe ich wiederum via start - programme - rechtsklick start as administrator den IE geoeffent).
Aus Versehen habe ich den combofix.exe laufen lassen aber ich finde das log file nicht.
Frage: sind diese emulatoren immer noch ausgeschalten?

Ich habe das log vom combofix.txt gefunden:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-04-23.02 - Catherine 23.04.2012  20:05:24.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1033.18.3957.2610 [GMT 2:00]
ausgeführt von:: c:\users\Catherine\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-23 bis 2012-04-23  ))))))))))))))))))))))))))))))
.
.
2012-04-23 18:09 . 2012-04-23 18:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-22 09:36 . 2012-04-22 09:36	--------	d-----w-	c:\program files (x86)\ESET
2012-04-21 18:29 . 2012-04-21 18:29	--------	d-----w-	c:\users\Catherine\AppData\Roaming\Malwarebytes
2012-04-21 18:29 . 2012-04-21 18:29	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-21 18:29 . 2012-04-21 18:29	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-21 18:29 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-20 18:38 . 2012-04-13 08:46	8917360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C092036C-6F8E-4933-A066-382BC9CAFBAF}\mpengine.dll
2012-04-19 18:16 . 2012-04-19 18:34	--------	d-----w-	c:\programdata\B7E8586B006A51DD033B2F1DB4EB2367
2012-04-16 07:01 . 2012-04-16 08:13	--------	d-----w-	C:\FRST
2012-04-12 18:37 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-12 18:37 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-12 18:37 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-04-12 18:37 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-04-12 18:37 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-12 18:37 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-04-12 18:37 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-04-02 16:13 . 2012-04-02 16:13	--------	d-----w-	c:\users\Catherine\AppData\Roaming\Information Factory
2012-04-02 16:13 . 2012-04-02 16:13	--------	d-----w-	c:\users\Catherine\AppData\Local\Information Factory
2012-04-02 16:13 . 2012-04-02 16:13	--------	d-----w-	c:\program files (x86)\eTax.zug2011nP
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-22 19:12 . 2012-03-22 19:12	4435968	----a-w-	c:\windows\SysWow64\GPhotos.scr
2012-03-19 19:41 . 2011-12-08 18:58	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 02:03 . 2012-03-09 02:03	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-03-09 02:03 . 2012-03-09 02:03	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-03-09 02:03 . 2012-03-09 02:03	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-03-09 02:03 . 2012-03-09 02:03	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-03-09 02:03 . 2012-03-09 02:03	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-09 02:03 . 2012-03-09 02:03	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-03-09 02:03 . 2012-03-09 02:03	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-09 02:03 . 2012-03-09 02:03	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-03-09 02:03 . 2012-03-09 02:03	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-03-09 02:03 . 2012-03-09 02:03	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-03-09 02:03 . 2012-03-09 02:03	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-03-09 02:03 . 2012-03-09 02:03	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-03-09 02:03 . 2012-03-09 02:03	448512	----a-w-	c:\windows\system32\html.iec
2012-03-09 02:03 . 2012-03-09 02:03	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-03-09 02:03 . 2012-03-09 02:03	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-03-09 02:03 . 2012-03-09 02:03	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-03-09 02:03 . 2012-03-09 02:03	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-09 02:03 . 2012-03-09 02:03	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-03-09 02:03 . 2012-03-09 02:03	222208	----a-w-	c:\windows\system32\msls31.dll
2012-03-09 02:03 . 2012-03-09 02:03	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-03-09 02:03 . 2012-03-09 02:03	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-03-09 02:03 . 2012-03-09 02:03	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-03-09 02:03 . 2012-03-09 02:03	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-03-09 02:03 . 2012-03-09 02:03	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-03-09 02:03 . 2012-03-09 02:03	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-03-09 02:03 . 2012-03-09 02:03	12288	----a-w-	c:\windows\system32\mshta.exe
2012-03-09 02:03 . 2012-03-09 02:03	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-03-09 02:03 . 2012-03-09 02:03	114176	----a-w-	c:\windows\system32\admparse.dll
2012-03-09 02:03 . 2012-03-09 02:03	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-03-09 02:03 . 2012-03-09 02:03	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-03-09 02:03 . 2012-03-09 02:03	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-03-09 02:03 . 2012-03-09 02:03	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-03-09 02:03 . 2012-03-09 02:03	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-03-09 02:03 . 2012-03-09 02:03	160256	----a-w-	c:\windows\system32\wextract.exe
2012-02-23 08:18 . 2010-06-19 07:25	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 08:34	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 08:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 08:34	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 08:34	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 08:35	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 08:35	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02	1070352	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 08:35	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 08:34	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 08:34	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 08:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-04-20_18.32.45   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-20 18:32	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-23 18:10	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-20 18:32	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-23 18:10	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-20 18:32	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-23 18:10	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-04-21 18:44	28964              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-17 18:01 . 2012-04-20 19:02	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-17 18:01 . 2012-04-19 17:54	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-17 18:01 . 2012-04-20 19:02	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-17 18:01 . 2012-04-19 17:54	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-20 19:02	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-19 17:54	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-23 16:49	94000              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-05-17 19:10 . 2012-04-21 18:44	9762              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2322101068-2709546269-100987538-1001_UserData.bin
+ 2012-04-23 18:10 . 2012-04-23 18:10	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-20 18:32 . 2012-04-20 18:32	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-23 18:10 . 2012-04-23 18:10	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-20 18:32 . 2012-04-20 18:32	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-17 19:44 . 2012-04-23 16:38	223830              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-05-21 08:56 . 2012-04-22 09:28	282280              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-04-23 16:40	607190              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-20 18:25	607190              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-23 16:40	103568              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-20 18:25	103568              c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-23 18:09	307532              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-20 18:31	307532              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-23 18:09 . 2012-04-23 18:09	604300              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2322101068-2709546269-100987538-1001-12288.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2010-05-09 09:50	2517088	----a-w-	c:\program files (x86)\ZoneAlarm-Sicherheit\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Catherine\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-22 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-28 1043968]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-03 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 136176]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 136176]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-06-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-06-15 823288]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2322101068-2709546269-100987538-1001Core.job
- c:\users\Catherine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-22 10:18]
.
2012-04-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2322101068-2709546269-100987538-1001UA.job
- c:\users\Catherine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-22 10:18]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 14:16]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 14:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-06-15 1123320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://tagesanzeiger.ch/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-23  20:16:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-23 18:16
ComboFix2.txt  2012-04-20 18:37
.
Vor Suchlauf: 9'553'887'232 bytes free
Nach Suchlauf: 9'379'782'656 bytes free
.
- - End Of File - - 07C43BBEB88E4C799E05F413DB385D14

--- --- ---

Fehlermeldung beim Starten: "Bitte warten Sie während die Verbindung hergestellt wird".

Log-Analyse und Auswertung: Fehlermeldung beim Starten: "Bitte warten Sie während die Verbindung hergestellt wird".

Fehlermeldung beim Starten: "Bitte warten Sie während die Verbindung hergestellt wird".

Ähnliche Themen: Fehlermeldung beim Starten: "Bitte warten Sie während die Verbindung hergestellt wird".