BKA Trojaner Aufforderung 100EUR zu beahlen

trojanerdepp

Hallo,

jetzt hat es mich wohl auch erwischt, trotz avira, spybot, firewall.
Es erscheint nur noch der Bildschirm vom angeblichen BKA mit der Zahlungsaufforderug da angeblich terroristische oder illegale pornographische Dateien gefunden wurden. Natürlich alles Quatsch!!

Der Rechner reagiert auf keine Eingaben mehr und es funktioniert nur der abgesicherte Modus.

Dateien von dds im Anhang.

Ich wäre über Hilfe erfreut!

Danke!

Nachfolgend die dds.txt (attach.txt wie gefordert im Anhang)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_29
Run by BigRon at 16:08:14 on 2012-03-31
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.49.1033.18.4094.3388 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO: SearchRequire.SearchRequire.SearchRequire: {8a194578-81ea-4850-9911-13ba2d71efbd} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [SkypePM] C:\Users\BigRon\AppData\Local\Skype\SkypePM.exe
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\BigRon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CGS8H0~1.LNK - C:\Windows\System32\rundll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PRINTKEY2000.EXE
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\BigRon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF269~1\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{53E4C0AA-C371-4F79-A537-E57370E1734F} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{6F932D83-3712-40D4-9DD8-3DC3118D6E94} : NameServer = 172.16.2.2,172.16.20.53
TCP: Interfaces\{6F932D83-3712-40D4-9DD8-3DC3118D6E94} : DhcpNameServer = 172.16.2.2 172.16.20.53
TCP: Interfaces\{938F7E6A-D5BC-495A-B577-5FC4CB1F8852} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{9851591F-66F8-4C1E-8B03-393C3FFE68F9} : DhcpNameServer = 62.117.1.25 89.16.129.25
TCP: Interfaces\{A68C8C6E-2DBD-4E66-8091-3D889F11BFBD} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{CCFCEE76-2E53-4AA1-9811-FE403160AAB9} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{E168AF71-AA3A-4674-B6A0-2A787B88DC4E} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{F50D915A-4DB6-4F9F-BFE6-E282B03F250B} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{F7B5904D-0282-48DC-9FD2-D7194E4096C6} : DhcpNameServer = 192.168.178.1
AppInit_DLLs:
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{53707962-6F74-2D53-2644-206D7942484F}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{8a194578-81ea-4850-9911-13ba2d71efbd}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun-x64: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun-x64: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
AppInit_DLLs-X64:
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BigRon\AppData\Roaming\Mozilla\Firefox\Profiles\arvhe2j4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\np-mswmp.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npdeployJava1.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npdivx32.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npDivxPlayerPlugin.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\NpFv522.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npnul32.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\NPOFF12.DLL
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\NPOFFICE.DLL
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\nppdf32.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin2.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin3.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin4.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin5.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin6.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NpFv522.dll
FF - plugin: C:\Users\BigRon\AppData\Roaming\Mozilla\Firefox\Profiles\arvhe2j4.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: C:\Users\BigRon\AppData\Roaming\Mozilla\Firefox\Profiles\arvhe2j4.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-1-1 86224]
S2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-1-1 110032]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9892ddb159075;Google Update Service (gupdate1c9892ddb159075);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-2-7 133104]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-24 1153368]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
S3 avmeject;AVM Eject;C:\Windows\system32\drivers\avmeject.sys --> C:\Windows\system32\drivers\avmeject.sys [?]
S3 AVMUNET;AVM FRITZ!Box;C:\Windows\system32\DRIVERS\avmunet.sys --> C:\Windows\system32\DRIVERS\avmunet.sys [?]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\system32\DRIVERS\fwlanusb.sys --> C:\Windows\system32\DRIVERS\fwlanusb.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-2-7 133104]
S3 HRService;Haufe iDesk-Service in C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope;C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskservice.exe [2010-10-25 71024]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-12 93184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-29 15:02:32 85664 ----a-w- C:\Users\BigRon\0.24628373365824308.exe
2012-03-18 10:37:49 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 10:37:49 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 10:35:23 -------- d-----w- C:\Users\BigRon\AppData\Roaming\Buhl Data Service
2012-03-18 10:35:21 -------- d-----w- C:\Users\BigRon\AppData\Local\Buhl Data Service
2012-03-18 10:34:56 -------- d-----w- C:\Users\BigRon\AppData\Local\Buhl
2012-03-11 12:46:39 -------- d-----w- C:\Program Files (x86)\USM
2012-03-11 12:43:15 -------- d-----w- C:\Program Files (x86)\Steuer 2011
2012-03-11 12:42:38 -------- d-----w- C:\ProgramData\Buhl Data Service GmbH
.
==================== Find3M ====================
.
2012-03-15 14:53:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-01 14:32:14 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-01 14:32:14 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
.
============= FINISH: 16:09:21,08 ===============