| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Polizei (Österreich) Control Department "Ihr Computer ist gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
29.01.2013, 17:10
| #1 |
| |  Polizei (Österreich) Control Department "Ihr Computer ist gesperrt bekomme folgende Fehlermeldung wenn ich combofix starten möchte Die Version dieser Datei ist nicht mit der ausgeführten Windows Version kompatible...... |
|
29.01.2013, 19:01
| #2 |
| | Polizei (Österreich) Control Department "Ihr Computer ist gesperrt Sorry habe Combofix vor den Updates gemacht
__________________als combofix ausgeführd wurde kam Windows meldung (PEV.exe funktioniert nicht mehr) habe combofix weiterlaufen lassen und hir die combofix.txt Combofix Logfile: Code:
ATTFilter ComboFix 12-11-08.01 - Muvi 29.01.2013 18:39:24.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.43.1031.18.4055.2367 [GMT 1:00]
ausgeführt von:: c:\users\Muvi\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\jQBjASj.pad
c:\programdata\nud0repor.pad
c:\users\Muvi\0.5713385894937175.exe
c:\users\Muvi\AppData\Local\Temp\roper0dun.exe
c:\users\Muvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\windows\SysWow64\DEBUG.log
E:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-28 bis 2013-01-29 ))))))))))))))))))))))))))))))
.
.
2013-01-29 17:47 . 2013-01-29 17:47 -------- d-----w- c:\users\Muvi\AppData\Local\temp
2013-01-29 17:47 . 2013-01-29 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-29 16:46 . 2013-01-29 16:46 -------- d-----w- c:\users\Muvi\AppData\Local\Mozilla
2013-01-29 16:46 . 2013-01-29 16:46 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-29 16:36 . 2013-01-15 01:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BF3A653-FB4B-4D10-BF2D-1E7DAA7228CB}\mpengine.dll
2013-01-29 16:36 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2013-01-29 14:55 . 2013-01-29 14:55 -------- d-----w- c:\programdata\Malwarebytes
2013-01-29 14:55 . 2013-01-29 14:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-29 14:55 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-29 01:31 . 2013-01-29 01:31 -------- d-----w- C:\_OTL
2013-01-25 21:46 . 2013-01-25 21:46 -------- d-----w- C:\found.000
2012-12-31 17:03 . 2012-09-14 13:32 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-12-31 17:03 . 2012-09-14 13:32 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-12-31 17:03 . 2012-09-14 13:32 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-12-31 17:03 . 2012-12-31 17:03 -------- d-----w- c:\users\Muvi\AppData\Roaming\TuneUp Software
2012-12-31 17:03 . 2012-12-31 17:03 -------- d-----w- c:\users\Muvi\AppData\Local\CRE
2012-12-31 17:03 . 2012-12-31 17:03 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2013
2012-12-31 17:03 . 2012-12-31 17:03 -------- d-----w- c:\programdata\TuneUp Software
2012-12-31 17:03 . 2012-12-31 17:03 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-31 17:03 . 2012-12-31 17:03 -------- d--h--w- c:\programdata\Common Files
2012-12-31 17:02 . 2013-01-29 17:37 -------- d-----w- c:\users\AppData
2012-12-31 17:02 . 2012-12-31 17:02 -------- d-----w- c:\program files (x86)\Conduit
2012-12-31 17:02 . 2012-12-31 17:02 -------- d-----w- c:\users\Muvi\AppData\Local\Conduit
2012-12-31 16:59 . 2012-12-31 16:59 -------- d-----w- c:\users\Muvi\AppData\Roaming\DVDVideoSoft
2012-12-31 16:59 . 2012-12-31 16:59 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-31 16:59 . 2012-12-31 16:59 -------- d-----w- c:\users\Muvi\AppData\Roaming\OpenCandy
2012-12-31 16:59 . 2012-12-31 16:59 -------- d-----w- c:\program files (x86)\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-26 39408]
"OnlineFestplatte"="c:\program files (x86)\aon\Onlinefestplatte\OnlineFestplatte.exe" [2008-01-25 253976]
"Facebook Update"="c:\users\Muvi\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-06 138096]
"GoogleChromeAutoLaunch_2A1CC6DADFC64963A4A78FFFED6EB9A5"="c:\users\Muvi\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-01-18 1248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-09-10 148888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Muvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
Facebook Messenger.lnk - c:\users\Muvi\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-18 1066536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe,c:\progra~3\jQBjASj.bat"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-03-31 89600]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1986120185-4001335992-4024508805-1000Core.job
- c:\users\Muvi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-04 15:30]
.
2013-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1986120185-4001335992-4024508805-1000UA.job
- c:\users\Muvi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-04 15:30]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 15:42]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 15:42]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986120185-4001335992-4024508805-1000Core.job
- c:\users\Muvi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 19:25]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986120185-4001335992-4024508805-1000UA.job
- c:\users\Muvi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 19:25]
.
2013-01-28 c:\windows\Tasks\User_Feed_Synchronization-{4930C2E8-A5D5-4884-8477-872A9F3F948C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 305664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 202264]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Muvi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Muvi\AppData\Roaming\Mozilla\Firefox\Profiles\463l34sb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1986120185-4001335992-4024508805-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*^**%$%]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1986120185-4001335992-4024508805-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*^**%$%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1986120185-4001335992-4024508805-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%$%¸*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1986120185-4001335992-4024508805-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%$%¸*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1986120185-4001335992-4024508805-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*^**%$%]
"0"=hex:0b,00,62,00,c6,00,b5,00,e4,00,12,00,65,00,63,25,2e,00,5e,00,00,25,24,
25,00,00,72,00,36,00,00,00,00,00,00,00,00,00,00,00,62,00,c6,00,b5,00,e4,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-01-29 18:50:03
ComboFix-quarantined-files.txt 2013-01-29 17:50
.
Vor Suchlauf: 12 Verzeichnis(se), 410.469.068.800 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 410.788.294.656 Bytes frei
.
- - End Of File - - 7B7249939C9995C1FBDEC8485EF0BF90
So habe nun alle Updates gemacht und servicepack 2 instaliert Soll ich Combofix erneut ausführen? Geändert von pauuu (29.01.2013 um 19:19 Uhr) |
|
| Themen zu Polizei (Österreich) Control Department "Ihr Computer ist gesperrt |
| compu, computer, control, department, folge, folgendes, gesperrt, ihr computer ist gesperrt, otl.txt, otlpe, polizei, problem, scan, windows, Österreich |
Hybrid-Darstellung
