|
Log-Analyse und Auswertung: Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und HerunterladenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.04.2012, 20:08 | #1 | |
| Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und Herunterladen Hallo ich habe ein Problem wenn ich meinen PC normal starte kommt die Meldung das mein Windows blockiert ist. Ich habe bereits im abgesicherten modus einen Quick Scan mit OTL ausgeführt das sind die txt. dateien die ich erhalten habe Hier die OTL.txt Zitat:
|
23.04.2012, 20:11 | #2 |
| Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und Herunterladen Ich konnte es nicht als anghang Posten da es zu groß ist Hier ist die Extras.txt OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 4/23/2012 8:43:58 PM - Run 1 OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Pascal\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7.98 Gb Total Physical Memory | 7.23 Gb Available Physical Memory | 90.58% Memory free 15.96 Gb Paging File | 15.25 Gb Available in Paging File | 95.53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1849.86 Gb Total Space | 1576.46 Gb Free Space | 85.22% Space Free | Partition Type: NTFS Drive D: | 13.06 Gb Total Space | 1.61 Gb Free Space | 12.30% Space Free | Partition Type: NTFS Computer Name: PC-PASCAL-PC | User Name: Pascal | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit) "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 5.1 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}" = hppFaxUtilityCM1312 "{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}" = hppCLJCM1312 "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run "{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 30 "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}" = hppSendFaxCM1312 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB36284-71BC-4FAA-931C-6641DE3F4472}" = MAGIX Goya burnR (MSI) "{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{580A2212-7116-46E6-9229-472E23F1DCC8}" = Ace of Spades "{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312 "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7985C7FA-B151-4BA7-B19E-1577A7B527F1}" = hppFaxDrvCM1312 "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4 "{80304C76-723D-4472-B0E8-4094624566A3}_is1" = Counter-Strike Source 4426 "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts "{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}" = Crashday "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2 "{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B06DEEF2-9F64-4C04-84E7-D56CD9BF85BE}" = MAGIX Music Maker MX Download-Version "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1670D58-7C99-4A86-8030-5D0514802911}" = MAGIX Music Maker MX Download-Version (Instrumenten-Paket 2) "{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}" = hppScanToCM1312 "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT "{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6A5B908-426D-4F00-B7DE-D59DFD51E0E8}" = MAGIX Screenshare "{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}" = hppManualsCM1312 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin "5513-1208-7298-9440" = JDownloader 0.9 "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Any Video Converter_is1" = Any Video Converter 3.3.0 "Audacity_is1" = Audacity 2.0 "Avira AntiVir Desktop" = Avira Free Antivirus "Battlelog Web Plugins" = Battlelog Web Plugins "BitTorrent" = BitTorrent "BrickForce" = BrickForce 1.4.40 "Call of Duty: Black Ops_is1" = Call of Duty: Black Ops "CamStudio" = CamStudio "Combat Arms EU" = Combat Arms EU "DealPly" = DealPly "Dll-Files.com Fixer_is1" = Dll-Files.com Fixer "EasyBits Magic Desktop" = Magic Desktop "ESN Sonar-0.70.4" = ESN Sonar "facemoods" = Facemoods Toolbar "Fraps" = Fraps (remove only) "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "LogMeIn Hamachi" = LogMeIn Hamachi "MAGIX_MSI_mm18" = MAGIX Music Maker MX Download-Version "NIS" = Norton Internet Security "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Origin" = Origin "Palringo" = Palringo "PDF Complete" = PDF Complete Special Edition "PunkBusterSvc" = PunkBuster Services "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 105600" = Terraria "Steam App 201230" = EverQuest II "Steam App 201870" = Assassin's Creed Revelations "Steam App 203970" = Kingdoms of Amalur: Reckoning Demo "Steam App 33460" = From Dust "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server "Steam App 440" = Team Fortress 2 "Steam App 57310" = Amnesia: The Dark Descent Demo "Steam App 65800" = Dungeon Defenders "Steam App 72850" = The Elder Scrolls V: Skyrim "TeamSpeak 3 Client" = TeamSpeak 3 Client "uTorrent" = µTorrent "VIP Access SDK" = VIP Access SDK (1.0.1.4) "Vuze_Remote Toolbar" = Vuze Remote Toolbar "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) "Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free "WTA-1e118ec0-556c-416d-9868-4fd5a24a2694" = Bejeweled 3 "WTA-30e4350f-259f-4485-9bf7-d9c00dd9c2cb" = Zuma Deluxe "WTA-350a4e81-1555-479d-94a0-bcd3b182bdc7" = Plants vs. Zombies - Game of the Year "WTA-3c2ddb66-7006-4720-bab8-627f722a8bad" = Polar Bowler "WTA-4102c57c-4115-4d52-99cf-792960238254" = Cradle of Rome 2 "WTA-439ee240-e73d-4fe9-93d3-7f64a8e1f847" = Vacation Quest - The Hawaiian Islands "WTA-7428c968-a1fb-496d-9e24-b9896af41e53" = Farm Frenzy "WTA-7a996800-5623-44c4-bce3-8d4fa6512307" = Virtual Villagers - The Secret City "WTA-7f64ff5d-d3c9-4b35-95eb-4bd1b4e98894" = Cake Mania "WTA-96a60e1f-6133-45e4-bd9f-45a16b66dc90" = Penguins! "WTA-985c9d01-029a-4208-8814-99657cceb954" = Bounce Symphony "WTA-a294e0b0-9189-4ccd-a068-30aa021997b2" = Blasterball 3 "WTA-a541cd86-d8a8-46e9-904e-c9ffe92484f4" = Governor of Poker 2 Premium Edition "WTA-b70eca29-3792-47bc-b4c9-6d0bbbc43ccc" = Slingo Deluxe "WTA-ba735516-5d33-4cdf-b66e-a8ab5cc5c6e0" = Jewel Quest: The Sleepless Star - Collector's Edition "WTA-d5bb2eec-faad-4b99-9960-4f19e675ddf4" = Mah Jong Medley "WTA-e15e0168-bf1a-4ec4-aa35-b9cc9192938f" = Agatha Christie - Peril at End House "WTA-e65bf26d-6bf4-4d92-a1fa-0757b214a5f7" = Chuzzle Deluxe "WTA-e726a594-51ee-4a48-a6e2-d8dd048d2bf0" = Jewel Quest Solitaire "WTA-ebf1ff2f-e84d-4a7d-9c5f-7d96ab310ba9" = Namco All-Stars: PAC-MAN "WTA-f46972a2-e8cf-4046-9a5a-bb94900fc825" = Mystery of Mortlake Mansion "WTA-f477d6dc-8750-4064-981f-2b4959879936" = Chronicles of Albian "WTA-f5daa00e-62a0-467c-9273-97beb67a1131" = FATE "ZinioReader4" = Zinio Reader 4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free "Akamai" = Akamai NetSession Interface "Google Chrome" = Google Chrome "TeamSpeak 3 Client" = TeamSpeak 3 Client "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/30/2012 7:24:08 AM | Computer Name = PC-Pascal-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 3/30/2012 7:24:08 AM | Computer Name = PC-Pascal-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 11325 Error - 3/30/2012 7:24:08 AM | Computer Name = PC-Pascal-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 11325 Error - 3/30/2012 7:24:09 AM | Computer Name = PC-Pascal-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 3/30/2012 7:24:09 AM | Computer Name = PC-Pascal-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 12324 Error - 3/30/2012 7:24:09 AM | Computer Name = PC-Pascal-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 12324 Error - 3/30/2012 7:24:10 AM | Computer Name = PC-Pascal-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 3/30/2012 7:24:10 AM | Computer Name = PC-Pascal-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13338 Error - 3/30/2012 7:24:10 AM | Computer Name = PC-Pascal-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13338 Error - 3/30/2012 11:37:10 AM | Computer Name = PC-Pascal-PC | Source = Application Hang | ID = 1002 Description = Programm javaw.exe, Version 7.0.20.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ac8 Startzeit: 01cd0e8ada7d0f57 Endzeit: 30 Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe Berichts-ID: 34afde9e-7a7e-11e1-8685-3cd92b5b2a06 [ System Events ] Error - 2/9/2012 11:17:18 AM | Computer Name = PC-Pascal-PC | Source = DCOM | ID = 10016 Description = Error - 2/9/2012 11:17:40 AM | Computer Name = PC-Pascal-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet. Error - 2/9/2012 11:18:36 AM | Computer Name = PC-Pascal-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 2/9/2012 11:18:36 AM | Computer Name = PC-Pascal-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 2/9/2012 11:20:42 AM | Computer Name = PC-Pascal-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 2/9/2012 11:20:42 AM | Computer Name = PC-Pascal-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht. Error - 2/9/2012 11:20:42 AM | Computer Name = PC-Pascal-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 2/9/2012 11:22:47 AM | Computer Name = PC-Pascal-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?09.?02.?2012 um 16:20:54 unerwartet heruntergefahren. Error - 2/9/2012 11:24:16 AM | Computer Name = PC-Pascal-PC | Source = DCOM | ID = 10016 Description = Error - 2/9/2012 11:24:50 AM | Computer Name = PC-Pascal-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet. < End of report > |
23.04.2012, 20:34 | #3 |
/// Malware-holic | Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und Herunterladen hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL O4 - HKCU..\Run: [SkypePM] C:\Users\Pascal\AppData\Local\Skype\SkypePM.exe () O4 - HKCU..\Run: [Adobe Update] C:\Users\Pascal\AppData\Local\Temp\Adobeupdate.exe () O4 - HKCU..\Run: [{6C9AD89E-8202-2F4F-55EC-A37164C25639}] C:\Users\Pascal\AppData\Roaming\Woxei\guihic.exe () :Files C:\Users\Pascal\AppData\Local\Skype C:\Users\Pascal\AppData\Local\Temp\Adobeupdate.exe C:\Users\Pascal\AppData\Roaming\Woxei c:\Users\Pascal\AppData\LocalLow\Sun\Java\Deployment\cache :Commands [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ |
23.04.2012, 20:53 | #4 |
| Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und Herunterladen Alles hat Super geklappt ich danke dir vielmals. |
24.04.2012, 13:21 | #5 | |
/// Malware-holic | Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und Herunterladen danke für den upload. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
24.04.2012, 19:12 | #6 |
| Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und Herunterladen Wie kann ich denn Avira komplett deaktivieren ? Kann ich Combofix auch einfach im Abgesicherten modus ausführen da müssten ja alle antivir programme deaktiviert sein oder ? |
24.04.2012, 19:19 | #7 |
/// Malware-holic | Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und Herunterladen hi einfach rechtsklick auf aviras schirm, deaktivieren, dann, falls cf noch meckert, die meldung bestätigen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
24.04.2012, 19:57 | #8 |
| Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und Herunterladen Ich verstehs nich ganz also als die log datei erstellt war hat sie sich geöffnet dann kam aber die von dir genannante Fehlermeldung als ich meinen Browser öffnen wollte also hab ich den PC neu gestartet und jetzt finde ich die log datei nicht. |
24.04.2012, 19:58 | #9 |
/// Malware-holic | Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und Herunterladen sie müsste direkt auf c: als combofix oder log.txt liegen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
24.04.2012, 20:00 | #10 |
| Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und Herunterladen Hab sie gefunden hier ist das ergebnis:Combofix Logfile: Code:
ATTFilter ComboFix 12-04-24.02 - Pascal 24.04.2012 20:24:50.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8173.5975 [GMT 2:00] ausgeführt von:: c:\users\Pascal\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\prefs.js c:\program files (x86)\facemoods.com c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe c:\users\Pascal\AppData\Roaming\786A.exe c:\users\Pascal\AppData\Roaming\DF19.tmp . . ((((((((((((((((((((((( Dateien erstellt von 2012-03-24 bis 2012-04-24 )))))))))))))))))))))))))))))) . . 2012-04-24 18:31 . 2012-04-24 18:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-04-24 18:31 . 2012-04-24 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-24 15:12 . 2012-04-24 15:12 -------- d-----w- c:\windows\system32\drivers\NISx64\1307000.009 2012-04-23 19:39 . 2012-04-23 19:50 -------- d-----w- C:\_OTL 2012-04-23 19:18 . 2012-04-23 19:18 -------- d-----w- c:\users\Pascal\AppData\Local\ElevatedDiagnostics 2012-04-23 18:29 . 2012-04-23 18:29 -------- d-----w- C:\found.001 2012-04-22 17:06 . 2012-04-22 17:06 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-22 16:34 . 2012-04-22 17:07 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-22 14:46 . 2012-04-22 14:46 -------- d-----w- c:\users\Pascal\AppData\Roaming\OpenOffice.org 2012-04-22 14:43 . 2012-04-22 14:43 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 2012-04-22 14:23 . 2012-04-23 15:48 -------- d-----w- c:\users\Pascal\AppData\Roaming\Audacity 2012-04-22 14:23 . 2012-04-22 14:23 -------- d-----w- c:\program files (x86)\Audacity 2012-04-22 13:06 . 2012-04-22 13:21 -------- d-----w- c:\users\Pascal\AppData\Roaming\MAGIX 2012-04-22 13:05 . 2012-04-22 13:05 -------- d-----w- c:\program files (x86)\MAGIX 2012-04-22 13:05 . 2012-04-22 13:06 -------- d-----w- c:\programdata\MAGIX 2012-04-22 13:05 . 2012-04-22 13:05 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services 2012-04-13 22:03 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-13 22:03 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-04-13 22:03 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-13 22:03 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-13 22:03 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-13 22:03 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-13 22:03 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-13 22:03 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-13 22:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-13 22:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-03-25 20:09 . 2012-03-25 20:09 0 ----a-w- c:\windows\SysWow64\sho42B6.tmp . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-22 17:07 . 2011-09-12 17:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 16:37 . 2011-12-03 14:51 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-04-19 16:37 . 2011-12-03 14:42 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-04-19 16:37 . 2011-12-03 14:42 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-03-27 20:26 . 2011-09-12 17:51 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-03-17 15:23 . 2012-03-17 15:23 0 ----a-w- c:\windows\SysWow64\sho3FB0.tmp 2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-22 15:59 . 2011-12-03 14:42 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-02-17 06:38 . 2012-03-13 20:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-13 20:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-13 20:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-13 20:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 18:27 . 2011-12-21 21:20 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-02-12 03:31 . 2012-02-12 03:31 0 ----a-w- c:\windows\SysWow64\sho45DB.tmp 2012-02-10 06:36 . 2012-03-13 21:00 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-13 21:00 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-08 07:13 . 2012-03-20 15:59 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2642EDB8-41AD-4DF5-B96F-58F7AF4F163B}\mpengine.dll 2012-02-03 04:34 . 2012-03-13 21:00 3145728 ----a-w- c:\windows\system32\win32k.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{DCA971EE-CB86-4592-AE52-A45B2E257A12}] 2011-11-03 14:25 269824 ----a-w- c:\users\Pascal\AppData\LocalLow\AdobeAir\IE\AdobeAir.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2011-08-24 17:21 1299248 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-11-11 641400] "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-11-11 5960560] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-15 1242448] "Facebook Update"="c:\users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-22 137536] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-01 39408] "Akamai NetSession Interface"="c:\users\Pascal\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-05 658424] "SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992] "HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 136176] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 253088] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 136176] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 X6va007;X6va007;c:\users\Pascal\AppData\Local\Temp\007A9A7.tmp [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-11-14 1156216] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20111220.001\IDSvia64.sys [2011-10-21 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeAirUpdater;AdobeAir Updater;c:\users\Pascal\AppData\LocalLow\AdobeAir\IE\AdobeAirUpdater.exe [2011-11-03 18432] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 2343816] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-05 1128952] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-21 138360] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . Inhalt des "geplante Tasks" Ordners . 2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 17:07] . 2012-04-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1405482524-3408140575-691551603-1000Core.job - c:\users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-22 17:22] . 2012-04-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1405482524-3408140575-691551603-1000UA.job - c:\users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-22 17:22] . 2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 14:53] . 2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 14:53] . 2012-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1405482524-3408140575-691551603-1000Core.job - c:\users\Pascal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-12 18:09] . 2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1405482524-3408140575-691551603-1000UA.job - c:\users\Pascal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-12 18:09] . 2012-04-23 c:\windows\Tasks\HPCeeScheduleForPascal.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568] "HP Color LaserJet CM1312 MFP Series Fax"="c:\program files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-22 3700736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uStart Page = https://www.google.de/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://home.sweetim.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> IE: Free YouTube to MP3 Converter - c:\users\Pascal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html TCP: DhcpNameServer = 192.168.2.254 0.0.0.0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe Wow6432Node-HKCU-Run-RDReminder - (no file) Wow6432Node-HKCU-Run-Xxhkhh - c:\users\Pascal\AppData\Roaming\Xxhkhh.exe Wow6432Node-HKCU-Run-Vyhkhf - c:\users\Pascal\AppData\Roaming\Vyhkhf.exe Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) AddRemove-CamStudio - c:\program files (x86)\CamStudio\uninstall.exe AddRemove-Dll-Files.com Fixer_is1 - c:\program files (x86)\Dll-Files.com Fixer\unins000.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe AddRemove-TeamSpeak 3 Client - c:\program files (x86)\TeamSpeak 3 Client\uninstall.exe AddRemove-{80304C76-723D-4472-B0E8-4094624566A3}_is1 - c:\program files (x86)\Counter-Strike Source\unins000.exe AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe AddRemove-{87686C21-8A15-4b4d-A3F1-11141D9BE094} - c:\program files (x86)\EA Games\Battlefield Play4Free\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007] "ImagePath"="\??\c:\users\Pascal\AppData\Local\Temp\007A9A7.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\0b\06\0c\08!0?" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\ezSharedSvcHost.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-04-24 20:41:06 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-04-24 18:41 . Vor Suchlauf: 16 Verzeichnis(se), 1.693.963.288.576 Bytes frei Nach Suchlauf: 24 Verzeichnis(se), 1.695.784.980.480 Bytes frei . - - End Of File - - 60CEDA832307895B64C0110E708B78E0 |
24.04.2012, 20:09 | #11 |
/// Malware-holic | Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und Herunterladen malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Schwarzer Bildschirm Rote SChrift Ihr Windows ist blockiert Bezahlne und Herunterladen |
100€ bezahlen, antivir, avira, bho, bildschirm, bingbar, black screen rote schrift, blockiert, bonjour, conduit, converter, dealply, downloader, error, firefox, helper, home, index, launch, limited.com/facebook, logfile, mp3, nvstor.sys, object, pc normal, plug-in, problem, realtek, registry, required, scan, schwarzer bildschirm, searchscopes, security, software, symantec, trojaner, version=1.0, virus, wildtangent games, windows, windows blockiert, yontoo |