| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BUNDESPOLIZEI / Ihr Computer wurde gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
05.07.2012, 07:25
| #1 |
 |  BUNDESPOLIZEI / Ihr Computer wurde gesperrt Hallo Arne, ich habe ComboFix installiert und gestartet. Hier der Inhalt der Logdatei: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-05.01 - K&S 05.07.2012 7:43.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4026.2679 [GMT 2:00]
ausgeführt von:: c:\users\K&S\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\emachines.ico
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\2012 Remix.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Alex Clare - Too Close HDHQ Deutsche Übersetzung.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Aura Dione - Friends.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Avicii - Levels (Official Music Video) HQ.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Bück Dich Hoch.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Back in Time-Pitbull (Official Video).mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Caligola Forgive Forget Lyrics.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Carly Rae Jepsen - Call me Maybe Lyrics.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Count on me - Bruno Mars.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Cro - Easy.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Culcha Candela - Von Allein [Official Lyrics].mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Culcha Candela - Wildes Ding (Official Video).mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Deichkind - Leider Geil (Official Video).mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Die Toten Hosen - „Tage wie diese" [HQ Video].mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\DJane HouseKat feat. Rameez - My Party (Official Video).mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\FLORIDA RIGHT ROUND.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Jennifer Lopez feat. Pitbull - Dance Again [Official Lyrics Video HQHD].mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Ma Chérie-Dj Antoine.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Martin Solveig & Dragonette - Hello (Sidney Samson Remix).mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Mike Candys & Evelyn Feat. Patrick Miller - One Night In Ibiza.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Mike Candys feat. Evelyn & Patrick Miller - 2012 (If The World Would End).mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Nicki Minaj - Starships [Official Lyrics Video HDHQ].mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Olly Murs Feat. Rizzle Kicks - Heart Skips A Beat (Original Version) [HQ].mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Pitbull Feat. Chris Brown - International Love.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Sean Paul - "She Doesnt Mind" [AUDIO].mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Skrillex - WEEKENDS!!! (feat. Sirah).mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Snoop Dogg & Wiz Khalifa Feat. Bruno Mars - Young Wild & Free (Final) ( 2011)OFFICIAL VIDEO.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Somebody That I Used To Know by GotyeHQ.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Taio Cruz feat. Pitbull - There she goes Lyrics.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Taio Cruz Troublemaker.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Techno remix 2012.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Train - Drive By.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Unheilig So wie du warst.mp3
c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Wild Ones - FloRida.mp3
c:\users\Sebastian\AppData\Roaming\AcroIEHelpe.txt
c:\users\Sebastian\AppData\Roaming\srvblck5.tmp
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-05 bis 2012-07-05 ))))))))))))))))))))))))))))))
.
.
2012-07-05 05:50 . 2012-07-05 05:50 -------- d-----w- c:\users\Sebastian\AppData\Local\temp
2012-07-05 05:50 . 2012-07-05 05:50 -------- d-----w- c:\users\Kristina\AppData\Local\temp
2012-07-05 05:50 . 2012-07-05 05:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 20:07 . 2012-07-02 20:07 -------- d-----w- c:\users\Sebastian\AppData\Local\VirtualStore
2012-07-02 19:40 . 2012-07-02 19:40 -------- d-----w- C:\_OTL
2012-06-28 16:53 . 2012-06-28 16:53 -------- d-----w- c:\program files (x86)\ESET
2012-06-28 16:17 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-28 16:17 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-28 16:17 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-28 16:17 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-28 16:17 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-28 16:17 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-28 16:17 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-28 16:16 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-28 16:16 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 17:52 . 2012-06-21 17:52 -------- d-----w- c:\users\K&S\AppData\Roaming\Malwarebytes
2012-06-21 17:52 . 2012-06-24 12:23 -------- d-----w- c:\programdata\Malwarebytes
2012-06-21 17:52 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 17:52 . 2012-06-21 17:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-21 13:02 . 2012-06-21 13:02 -------- d-----w- c:\programdata\mcrpgfzsodfwmdp
2012-06-19 19:23 . 2012-06-19 19:23 -------- d-----w- c:\users\Sebastian\AppData\Roaming\01048
2012-06-19 11:41 . 2012-06-19 11:41 -------- d-----w- c:\users\Sebastian\AppData\Roaming\01047
2012-06-18 16:44 . 2012-06-18 16:44 -------- d-----w- c:\users\Sebastian\AppData\Roaming\01046
2012-06-15 17:45 . 2012-06-15 17:45 -------- d-----w- c:\users\Sebastian\AppData\Roaming\01044
2012-06-14 14:32 . 2012-06-14 14:32 -------- d-----w- c:\users\Sebastian\AppData\Roaming\01043
2012-06-13 12:45 . 2012-06-13 12:45 -------- d-----w- c:\users\Sebastian\AppData\Roaming\01042
2012-06-12 13:19 . 2012-06-12 13:19 -------- d-----w- c:\users\Sebastian\AppData\Roaming\01041
2012-06-09 19:56 . 2012-06-09 19:56 -------- d-----w- c:\program files\CCleaner
2012-06-09 15:48 . 2012-06-09 15:48 -------- d-----w- c:\users\Sebastian\AppData\Roaming\01040
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 20:13 . 2012-03-31 19:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-09 20:13 . 2011-06-12 11:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-24 39408]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-04-19 743584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
StarOffice 8.lnk - c:\program files (x86)\Sun\StarOffice 8\program\quickstart.exe [2005-6-21 122880]
.
c:\users\K&S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
StarOffice 8.lnk - c:\program files (x86)\Sun\StarOffice 8\program\quickstart.exe [2005-6-21 122880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
phase-6 Reminder.lnk - c:\program files (x86)\phase-6\phase-6\reminder\reminder.exe [2010-6-28 1032192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 135664]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;c:\windows\system32\PLCMPR5.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-04-19 1181328]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2007-02-07 34048]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 13:21]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 13:21]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4284497293-1136568860-3551687546-1002Core.job
- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 13:52]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4284497293-1136568860-3551687546-1002UA.job
- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 13:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-09-30 823840]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056]
"PLD_FrameworkRun"="c:\windows\system32\oem\_NowIntoDT.vbs" [2009-10-11 490]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.253
FF - ProfilePath - c:\users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - user.js: extensions.BabylonToolbar_i.id - 604962b5000000000000964ce51719e9
FF - user.js: extensions.BabylonToolbar_i.hardId - 604962b5000000000000964ce51719e9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15462
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.dealply.partner', 'iron');
user_pref('extensions.dealply.channel', 'iron3');
user_pref('extensions.dealply.installId', 'v23600251325532670690742012050217414912');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '2');
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-Emperors New Groove - c:\windows\IsUn0407.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-SABRINA - c:\windows\IsUn0407.exe
AddRemove-Wincore MediaBar - c:\program files (x86)\BearShare Applications\MediaBar\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\SecuROM\License information*]
"datasecu"=hex:f2,ca,1a,73,fe,5b,1e,78,84,1e,34,a1,2d,ce,8e,d1,e0,1b,6b,ed,75,
1a,e5,b5,f5,86,be,34,5a,2c,a7,c7,0f,60,42,fa,65,5a,43,f6,9f,76,ec,8c,73,7a,\
"rkeysecu"=hex:de,b6,88,f1,4a,ef,9e,a7,7b,a7,e0,ef,c4,ac,6c,b4
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-05 08:00:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-05 06:00
.
Vor Suchlauf: 16 Verzeichnis(se), 159.489.683.456 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 159.784.861.696 Bytes frei
.
- - End Of File - - 7775D59835124E6D6E30CEA36356E69B
Gruß Michael |
|
| Themen zu BUNDESPOLIZEI / Ihr Computer wurde gesperrt |
| .dll, 192.168.0.2, ad-aware, alternate, avg, babylon toolbar, babylontoolbar, bho, bildschirm, bonjour, canon, clipgrab, computer, conduit, dealply, entfernen, excel, explorer, firefox, format, gesperrt, home, infizierte, infizierte dateien, launch, logfile, mp3, plug-in, realtek, registry, scan, search the web, searchscopes, software, taskmanager, trojaner bundespolizei system gesperrt, trojaner-board, version=1.0, windows |
Hybrid-Darstellung
