Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Computer gesperrt - 100 Euro überweisen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.07.2012, 19:21   #1
kriz
 
Computer gesperrt - 100 Euro überweisen - Standard

Computer gesperrt - 100 Euro überweisen



Hi,

hab mir auch so einen Trojaner eingefangen, der den PC gesperrt hat.
Mit Malewarebytes geht es wieder, wollte jetzt auch OLT ausführen, aber da stand, dass man nicht die Scripte von anderen nehmen soll.

MfG und Danke im voraus Kriz

Anbei der Maleware-Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.23.09

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6002.18005
Jürgen :: JÜRGEN-PC [Administrator]

23.07.2012 18:24:08
mbam-log-2012-07-23 (18-24-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410985
Laufzeit: 1 Stunde(n), 4 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|recdisc (Trojan.Agent.3D) -> Daten: C:\Users\Jürgen\AppData\Local\Microsoft\Windows\2998\recdisc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll (PUP.FunWebProducts) -> Keine Aktion durchgeführt.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00OMB1YM\Everest%20Poker[1].exe (PUP.Casino) -> Keine Aktion durchgeführt.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\2998\recdisc.exe (Trojan.Agent.3D) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\TMP0000000FCF76AA0CEC833F71 (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
anbei noch der OTL Log
Code:
ATTFilter
OTL logfile created on: 23.07.2012 20:44:44 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Jürgen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,76 Mb Total Physical Memory | 378,10 Mb Available Physical Memory | 37,01% Memory free
2,26 Gb Paging File | 0,90 Gb Available in Paging File | 39,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 271,72 Gb Total Space | 162,23 Gb Free Space | 59,71% Space Free | Partition Type: NTFS
Drive D: | 26,34 Gb Total Space | 18,12 Gb Free Space | 68,80% Space Free | Partition Type: FAT32
 
Computer Name: JÜRGEN-PC | User Name: Jürgen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.23 20:11:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe
PRC - [2011.06.14 01:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.04.17 15:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.17 15:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008.04.13 19:23:22 | 000,308,552 | ---- | M] (BullGuard Software) -- C:\Programme\BullGuard Software\BullGuard\BullGuard.exe
PRC - [2008.03.10 19:14:08 | 000,718,152 | ---- | M] (BullGuard Software) -- C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.04.23 05:00:00 | 000,692,224 | ---- | M] (Logitech Inc.) -- C:\Programme\maus\SetPoint\SetPoint.exe
PRC - [2007.04.11 16:32:22 | 000,056,080 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2007.02.08 20:13:50 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Programme\Home Cinema\TV Enhance\TVEService.exe
PRC - [2007.02.04 13:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006.12.15 16:04:54 | 001,459,712 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe
PRC - [2006.12.07 02:33:56 | 000,820,736 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
PRC - [2006.12.01 14:37:50 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.23 16:10:42 | 000,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.23 17:55:12 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2011.06.14 01:52:21 | 000,329,272 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\ppgooglenaclpluginchrome.dll
MOD - [2011.06.14 01:52:20 | 003,649,592 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\pdf.dll
MOD - [2011.06.14 01:50:47 | 000,104,520 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\avutil-50.dll
MOD - [2011.06.14 01:50:45 | 000,203,848 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\avformat-52.dll
MOD - [2011.06.14 01:50:43 | 001,846,344 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\avcodec-52.dll
MOD - [2007.05.22 11:59:22 | 000,128,512 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.02.08 20:14:22 | 000,339,968 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\CLTinyDB.dll
MOD - [2007.02.08 20:14:06 | 000,237,658 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\CLCapEngine.dll
MOD - [2007.02.08 20:14:06 | 000,114,772 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\CLSchMgr.dll
MOD - [2007.02.08 20:14:06 | 000,032,768 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.23 20:12:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2008.09.20 13:05:49 | 000,107,848 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2008.04.17 15:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.03.20 12:24:58 | 000,058,696 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BsMailProxy.dll -- (BsMailProxy)
SRV - [2008.03.10 19:14:08 | 000,718,152 | ---- | M] (BullGuard Software) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe -- (BGLiveSvc)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.28 13:03:57 | 000,083,272 | ---- | M] (BullGuard, Ltd.) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BsMain.dll -- (BgMainSvc)
SRV - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2006.12.15 16:04:54 | 001,459,712 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2007.11.06 21:00:00 | 008,230,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.10.28 13:04:05 | 000,050,896 | ---- | M] (BullGuard Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BdFileSpy.sys -- (BdFileSpy)
DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007.04.11 16:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007.04.11 16:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007.04.11 16:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.04.11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007.01.27 12:06:54 | 000,016,984 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Programme\BullGuard Software\BullGuard\Reconn.sys -- (Reconn)
DRV - [2007.01.08 19:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.10.18 18:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\xfilt.sys -- (xfilt)
DRV - [2006.10.17 21:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\videX32.sys -- (videX32)
DRV - [2006.09.28 23:41:00 | 000,247,808 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SUNA_deDE235&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=Z600txG2ZrVf0P0waeNLih3vIeE?q={searchTerms}
IE - HKCU\..\SearchScopes\{895274DE-34F9-49ED-A5C6-ACA573DA0397}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{A8A86E9D-857A-4C32-ABC2-1F23F7785B1A}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2007.08.13 18:42:07 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: TelevisionFanatic Installer Plugin Stub (Enabled) = C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\bullguard.exe (BullGuard Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [InstantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe File not found
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe (BullGuard Software)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.68.161.141 217.68.161.171
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A839DD66-1EBE-4FBE-B82D-6E1E6E753820}: DhcpNameServer = 217.68.161.141 217.68.161.171
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\norway post.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\norway post.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.23 20:11:26 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe
[2012.07.23 19:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.23 18:22:25 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\AppData\Roaming\Malwarebytes
[2012.07.23 18:22:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.23 18:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2012.07.23 18:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.23 18:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.23 18:17:34 | 005,249,824 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jürgen\Desktop\malwarebytes_antimalware_1.61.exe
[2012.07.21 23:10:26 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\AppData\Roaming\hellomoto
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.23 20:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.23 20:42:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.23 20:14:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.23 20:11:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe
[2012.07.23 19:57:08 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.23 19:36:48 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job
[2012.07.23 19:31:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.23 19:31:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.23 19:31:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.23 19:31:44 | 1072,160,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.23 18:17:34 | 005,249,824 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jürgen\Desktop\malwarebytes_antimalware_1.61.exe
[2012.07.17 14:52:00 | 000,007,728 | ---- | M] () -- C:\Users\Jürgen\AppData\Local\d3d9caps.dat
[2012.07.16 11:15:42 | 000,014,848 | ---- | M] () -- C:\Users\Jürgen\Documents\Allianz-Rechtsschutzvers..wps
[2012.07.16 11:15:42 | 000,005,026 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat
[2012.07.13 09:20:21 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.13 09:20:21 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.13 09:20:21 | 000,126,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.13 09:20:21 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.12 11:28:23 | 000,395,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 11:24:42 | 000,010,752 | ---- | M] () -- C:\Users\Jürgen\Documents\Hallennutzug Do.Sportsch..xlr
[2012.07.07 22:51:09 | 006,761,472 | ---- | M] () -- C:\Users\Jürgen\Documents\Hannelore.wps
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.23 19:57:08 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.23 19:53:34 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.23 19:31:44 | 1072,160,768 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.16 11:15:42 | 000,014,848 | ---- | C] () -- C:\Users\Jürgen\Documents\Allianz-Rechtsschutzvers..wps
[2012.07.12 11:20:00 | 000,010,752 | ---- | C] () -- C:\Users\Jürgen\Documents\Hallennutzug Do.Sportsch..xlr
[2012.07.07 22:51:08 | 006,761,472 | ---- | C] () -- C:\Users\Jürgen\Documents\Hannelore.wps
[2009.12.12 22:19:18 | 000,000,234 | ---- | C] () -- C:\Users\Jürgen\Goya.ini
[2007.11.18 15:37:42 | 000,292,069 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\mdb.bin
[2007.10.02 15:45:47 | 000,852,480 | -HS- | C] () -- C:\Users\Jürgen\ehthumbs_vista.db
[2007.05.08 17:49:46 | 009,794,421 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\UserTile.png
[2007.04.17 19:35:40 | 000,000,034 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\Default.PLS
[2007.04.01 11:39:35 | 000,007,728 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\d3d9caps.dat
[2007.03.25 22:15:43 | 000,054,272 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.03.25 16:24:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2007.03.25 16:19:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Electric Clav
[2007.03.25 16:19:28 | 000,000,268 | RH-- | C] () -- C:\Users\Jürgen\AppData\Roaming\Drums
[2007.03.25 16:19:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2007.03.25 16:19:28 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Equalizer
[2007.03.25 14:35:45 | 000,005,026 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat
 
========== LOP Check ==========
 
[2009.07.12 17:00:46 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\BullGuard
[2011.08.23 17:09:26 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Canon
[2010.08.13 19:56:25 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\CD-LabelPrint
[2012.07.21 23:10:37 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\hellomoto
[2008.02.21 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\MAGIX
[2008.02.20 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\MAGIX-Fotobuch
[2007.06.03 14:31:01 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\muvee Technologies
[2007.03.25 16:25:14 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Nikon
[2007.12.05 17:53:57 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\ScanSoft
[2010.03.14 16:33:01 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Template
[2007.03.25 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\TVcentral-Core
[2007.03.25 15:49:58 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Ulead Systems
[2012.07.22 05:34:38 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.23 19:36:48 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job
 
========== Purity Check ==========
 
 

< End of report >
         
und die Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 23.07.2012 20:44:44 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Jürgen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,76 Mb Total Physical Memory | 378,10 Mb Available Physical Memory | 37,01% Memory free
2,26 Gb Paging File | 0,90 Gb Available in Paging File | 39,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 271,72 Gb Total Space | 162,23 Gb Free Space | 59,71% Space Free | Partition Type: NTFS
Drive D: | 26,34 Gb Total Space | 18,12 Gb Free Space | 68,80% Space Free | Partition Type: FAT32
 
Computer Name: JÜRGEN-PC | User Name: Jürgen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AB0C72-BA61-4ACC-8A05-E23381C67587}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{24DA8DA6-2CA6-43C5-8007-A77F2D01D229}" = lport=445 | protocol=6 | dir=in | app=system | 
"{31222795-AFE2-46C2-BDC7-1ED19B577BC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3495AA1D-0350-4212-8134-10CBEF44410D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{410204F3-A619-40B3-A9B7-1624168DE2F1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4174D69D-5CC3-4BB6-ABC5-5D6D7DA25D48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{57C95527-FD1C-433F-BF88-7D622BE65253}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{71CDE941-97F3-4BA5-B560-62E4CA8BB128}" = lport=138 | protocol=17 | dir=in | app=system | 
"{84B15899-52E2-4901-A406-AD7D8B22C52E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8BD35B35-8229-4DA9-8B94-A9B156CEE352}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8EFEA8AF-865E-44A7-B3EF-208EB8380877}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8FB94EA2-78E9-4C14-B512-00601DD2F2DE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{95045D2D-4EB6-48E3-85EE-782AE1AE883E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AAA51D81-AEAA-4D0D-8F4E-C6AFCEC640F0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AB2E8AFB-8421-40FC-980A-771A432FA2D5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D13D9073-39F1-4D24-B711-0A6208B48F80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC8284CA-D7FA-4097-AC86-B4B384627601}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F9FFEA09-8CAB-493A-87FA-BEF6E6D9EDCD}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE46932-64F5-4239-8EB5-2548D18888D9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{11E99C04-B017-438E-ABA3-D1700862C423}" = dir=in | app=c:\program files\home cinema\makedisc\makedisc.exe | 
"{1433B4E2-E8F7-4FAB-89EF-010FE1FA6B77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{29DA5EAC-E00B-473C-B77F-757E5EF88BBF}" = dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe | 
"{2C11ACCD-BE42-4F8C-9EE5-E2C7DAC1703E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{56709FD9-65B4-444E-9D68-4470A2DED044}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6F31C600-719B-48DC-8D2E-AB3F317FECAE}" = dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe | 
"{9DC8466E-A673-41F0-B2E5-551C1E2D89B1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C0117510-2CF3-4FF6-BA36-D964A291FBF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D9341E55-7242-41F1-BEF2-C6A79D665A16}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{11BC7474-4BF3-473F-BE38-3332B037E4D7}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"TCP Query User{9BE8E041-97EB-42E0-BB17-3508C947BB7D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{F4C67051-BF69-4317-BEBB-AFB0014AD6F6}C:\users\jürgen\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\jürgen\appdata\local\temp\nero web\setupxu.exe | 
"UDP Query User{BAF25AB1-DB0F-4905-8723-388284D00446}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{C7ABAC27-1D72-490E-89EF-E743892E9479}C:\users\jürgen\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\jürgen\appdata\local\temp\nero web\setupxu.exe | 
"UDP Query User{CA7320D2-D660-4B8B-A432-84C7BA5566C3}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{29CBFC23-05A7-4286-93B8-BABE29BC1031}" = Nero 7 Essentials
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo Bonavista
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}" = ArcSoft MediaConverter 2.5
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ALDI Foto Manager Free Nord D" = ALDI Foto Manager Free Nord 3.4.0.466 (D)
"ALDI Foto Service Nord D" = ALDI Foto Service Nord 1.10.0.61 (D)
"ALDI Online Druck Service (Nord)" = ALDI Online Druck Service (Nord)
"BullGuard" = BullGuard 7.0 for Vista
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CDex" = CDex extraction audio
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Everest Poker" = Everest Poker (Remove Only)
"FileZilla" = FileZilla (remove only)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"LetsTrade" = LetsTrade Komponenten
"MAGIX Fotos auf CD & DVD 7 deluxe D" = MAGIX Fotos auf CD & DVD 7 deluxe 7.0.0.19 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.22.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord 6.0.2.0 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Nikon FotoShare" = Nikon FotoShare
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"Skype_is1" = eBay.de - Skype 3.0
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"YTdetect" = Yahoo! Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.07.2012 13:37:56 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.07.2012 13:37:56 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.07.2012 13:38:55 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.07.2012 13:39:17 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.07.2012 13:39:19 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.07.2012 13:39:56 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.07.2012 13:40:07 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.07.2012 13:40:07 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.07.2012 13:40:13 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.07.2012 13:40:13 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description = 
 
[ System Events ]
Error - 23.07.2012 12:13:30 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.07.2012 12:13:39 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.07.2012 12:13:42 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.07.2012 12:14:07 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.07.2012 12:14:26 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.07.2012 12:14:32 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.07.2012 12:14:32 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.07.2012 12:34:38 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.07.2012 13:35:45 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 23.07.2012 13:42:35 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         

Alt 24.07.2012, 01:18   #2
t'john
/// Helfer-Team
 
Computer gesperrt - 100 Euro überweisen - Standard

Computer gesperrt - 100 Euro überweisen





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7SUNA_deDE235&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Z600txG2ZrVf0P0waeNLih3vIeE?q={searchTerms} 
IE - HKCU\..\SearchScopes\{895274DE-34F9-49ED-A5C6-ACA573DA0397}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKCU\..\SearchScopes\{A8A86E9D-857A-4C32-ABC2-1F23F7785B1A}: "URL" = http://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll 
O4 - HKLM..\Run: [InstantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe () 
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe () 
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe File not found 
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-1/4 File not found 
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-1/4 File not found 
O32 - HKLM CDRom: AutoRun - 1 

:Files
C:\Windows\KHALMNPR.Exe
C:\Users\Jürgen\AppData\Roaming\hellomoto
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job
C:\Windows\Tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 27.07.2012, 20:02   #3
kriz
 
Computer gesperrt - 100 Euro überweisen - Standard

Computer gesperrt - 100 Euro überweisen



fein =9 hat alles geklappt.

Hier das Logfile
Code:
ATTFilter
All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{895274DE-34F9-49ED-A5C6-ACA573DA0397}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{895274DE-34F9-49ED-A5C6-ACA573DA0397}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8A86E9D-857A-4C32-ABC2-1F23F7785B1A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8A86E9D-857A-4C32-ABC2-1F23F7785B1A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\InstantOn deleted successfully.
C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LanguageShortcut deleted successfully.
C:\Programme\Home Cinema\PowerDVD\Language\Language.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CanonSolutionMenu deleted successfully.
C:\Programme\Canon\SolutionMenu\CNSLMAIN.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Kernel and Hardware Abstraction Layer deleted successfully.
C:\Windows\KHALMNPR.Exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\toolbar_eula_launcher deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
File\Folder C:\Windows\KHALMNPR.Exe not found.
C:\Users\Jürgen\AppData\Roaming\hellomoto folder moved successfully.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job moved successfully.
File\Folder C:\Windows\Tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job not found.
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Jürgen\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jürgen
->Temp folder emptied: 1718 bytes
->Temporary Internet Files folder emptied: 2178663578 bytes
->Java cache emptied: 40750651 bytes
->Google Chrome cache emptied: 64143546 bytes
->Flash cache emptied: 131669 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1235107977 bytes
RecycleBin emptied: 947 bytes
 
Total Files Cleaned = 3.356,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Jürgen
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07272012_204018

Files\Folders moved on Reboot...
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8WB9YBX\do_z[1].htm moved successfully.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8WB9YBX\if_z[1].htm moved successfully.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8WB9YBX\index[2].htm moved successfully.
File\Folder C:\Windows\temp\JETDCF2.tmp not found!

PendingFileRenameOperations files...
File C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8WB9YBX\do_z[1].htm not found!
File C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8WB9YBX\if_z[1].htm not found!
File C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8WB9YBX\index[2].htm not found!
File C:\Windows\temp\JETDCF2.tmp not found!

Registry entries deleted on Reboot...
         
__________________

Alt 28.07.2012, 14:03   #4
t'john
/// Helfer-Team
 
Computer gesperrt - 100 Euro überweisen - Standard

Computer gesperrt - 100 Euro überweisen



Sehr gut!



1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 14.08.2012, 04:54   #5
t'john
/// Helfer-Team
 
Computer gesperrt - 100 Euro überweisen - Standard

Computer gesperrt - 100 Euro überweisen



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Computer gesperrt - 100 Euro überweisen
2.0.7, administrator, anti-malware, appdata, autostart, code, computer, dateien, ebay.de, euro, explorer, files, gelöscht, gen, gesperrt, heuristiks/extra, heuristiks/shuriken, install.exe, intranet, malwarebytes, microsoft, microsoft office word, quarantäne, scripte, searchscopes, service, service pack 2, software, speicher, tmp, trojaner, version, vista



Ähnliche Themen: Computer gesperrt - 100 Euro überweisen


  1. Computer gesperrt und 100 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (19)
  2. GVU Trojaner - Computer gesperrt - 100 Euro Paysafe
    Plagegeister aller Art und deren Bekämpfung - 10.02.2013 (11)
  3. 100 Euro Paysafe Virus / Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (13)
  4. Computer gesperrt Bundespolizei 100 Euro Trojaner
    Log-Analyse und Auswertung - 03.11.2012 (16)
  5. Computer gesperrt Bundespolizei 100 Euro Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (14)
  6. POLIZEI - Ihr Computer wurde gesperrt - 100 Euro Trojaner
    Log-Analyse und Auswertung - 06.06.2012 (3)
  7. Computer gesperrt 50 euro strafe
    Plagegeister aller Art und deren Bekämpfung - 16.04.2012 (18)
  8. Trojaner der Bundespolizei, 100 Euro, Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (3)
  9. Computer gesperrt!! GEMA verlangt 100 Euro
    Log-Analyse und Auswertung - 24.03.2012 (1)
  10. windows security center: ihr computer wurde gesperrt. zahle 100 euro
    Plagegeister aller Art und deren Bekämpfung - 15.03.2012 (6)
  11. Sicherheitscenter sperrt Windows. 100 Euro überweisen.
    Log-Analyse und Auswertung - 08.03.2012 (1)
  12. Windows wurde gesperrt soll 50€ überweisen
    Log-Analyse und Auswertung - 03.03.2012 (39)
  13. 100 Euro überweisen. (Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 23.02.2012 (8)
  14. Achtung Ihr Computer wurde gesperrt (Windows nicht authentisch -100 Euro)
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (7)
  15. windows security center : Computer ist gesperrt!100 Euro U kash
    Log-Analyse und Auswertung - 03.02.2012 (1)
  16. Security Center 100 Euro, Computer gesperrt
    Log-Analyse und Auswertung - 03.02.2012 (17)
  17. Fehlermeldung: Aus Sicherheitsgründen wird Windows Blockiert; 50 Euro überweisen
    Log-Analyse und Auswertung - 19.12.2011 (22)

Zum Thema Computer gesperrt - 100 Euro überweisen - Hi, hab mir auch so einen Trojaner eingefangen, der den PC gesperrt hat. Mit Malewarebytes geht es wieder, wollte jetzt auch OLT ausführen, aber da stand, dass man nicht die - Computer gesperrt - 100 Euro überweisen...
Archiv
Du betrachtest: Computer gesperrt - 100 Euro überweisen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.