| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer gesperrt - 100 Euro überweisenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.07.2012, 19:21
| #1 |
| |  Computer gesperrt - 100 Euro überweisen Hi, hab mir auch so einen Trojaner eingefangen, der den PC gesperrt hat. Mit Malewarebytes geht es wieder, wollte jetzt auch OLT ausführen, aber da stand, dass man nicht die Scripte von anderen nehmen soll. MfG und Danke im voraus Kriz Anbei der Maleware-Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.23.09 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6002.18005 Jürgen :: JÜRGEN-PC [Administrator] 23.07.2012 18:24:08 mbam-log-2012-07-23 (18-24-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 410985 Laufzeit: 1 Stunde(n), 4 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|recdisc (Trojan.Agent.3D) -> Daten: C:\Users\Jürgen\AppData\Local\Microsoft\Windows\2998\recdisc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Program Files\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll (PUP.FunWebProducts) -> Keine Aktion durchgeführt. C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00OMB1YM\Everest%20Poker[1].exe (PUP.Casino) -> Keine Aktion durchgeführt. C:\Users\Jürgen\AppData\Local\Microsoft\Windows\2998\recdisc.exe (Trojan.Agent.3D) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Temp\TMP0000000FCF76AA0CEC833F71 (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 23.07.2012 20:44:44 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jürgen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1021,76 Mb Total Physical Memory | 378,10 Mb Available Physical Memory | 37,01% Memory free 2,26 Gb Paging File | 0,90 Gb Available in Paging File | 39,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 271,72 Gb Total Space | 162,23 Gb Free Space | 59,71% Space Free | Partition Type: NTFS Drive D: | 26,34 Gb Total Space | 18,12 Gb Free Space | 68,80% Space Free | Partition Type: FAT32 Computer Name: JÜRGEN-PC | User Name: Jürgen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.23 20:11:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe PRC - [2011.06.14 01:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.04.17 15:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.04.17 15:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2008.04.13 19:23:22 | 000,308,552 | ---- | M] (BullGuard Software) -- C:\Programme\BullGuard Software\BullGuard\BullGuard.exe PRC - [2008.03.10 19:14:08 | 000,718,152 | ---- | M] (BullGuard Software) -- C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.04.23 05:00:00 | 000,692,224 | ---- | M] (Logitech Inc.) -- C:\Programme\maus\SetPoint\SetPoint.exe PRC - [2007.04.11 16:32:22 | 000,056,080 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\KhalShared\KHALMNPR.exe PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe PRC - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe PRC - [2007.02.08 20:13:50 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Programme\Home Cinema\TV Enhance\TVEService.exe PRC - [2007.02.04 13:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe PRC - [2006.12.15 16:04:54 | 001,459,712 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe PRC - [2006.12.07 02:33:56 | 000,820,736 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe PRC - [2006.12.01 14:37:50 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.11.23 16:10:42 | 000,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011.08.23 17:55:12 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll MOD - [2011.06.14 01:52:21 | 000,329,272 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\ppgooglenaclpluginchrome.dll MOD - [2011.06.14 01:52:20 | 003,649,592 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\pdf.dll MOD - [2011.06.14 01:50:47 | 000,104,520 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\avutil-50.dll MOD - [2011.06.14 01:50:45 | 000,203,848 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\avformat-52.dll MOD - [2011.06.14 01:50:43 | 001,846,344 | ---- | M] () -- C:\Programme\Google\Chrome\Application\12.0.742.100\avcodec-52.dll MOD - [2007.05.22 11:59:22 | 000,128,512 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.02.08 20:14:22 | 000,339,968 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\CLTinyDB.dll MOD - [2007.02.08 20:14:06 | 000,237,658 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\CLCapEngine.dll MOD - [2007.02.08 20:14:06 | 000,114,772 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\CLSchMgr.dll MOD - [2007.02.08 20:14:06 | 000,032,768 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\CLCapSvcps.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.23 20:12:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2008.09.20 13:05:49 | 000,107,848 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BsFileScan.dll -- (BsFileScan) SRV - [2008.04.17 15:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008.03.20 12:24:58 | 000,058,696 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BsMailProxy.dll -- (BsMailProxy) SRV - [2008.03.10 19:14:08 | 000,718,152 | ---- | M] (BullGuard Software) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe -- (BGLiveSvc) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.10.28 13:03:57 | 000,083,272 | ---- | M] (BullGuard, Ltd.) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BsMain.dll -- (BgMainSvc) SRV - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS) SRV - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS)) SRV - [2006.12.15 16:04:54 | 001,459,712 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2007.11.06 21:00:00 | 008,230,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.10.28 13:04:05 | 000,050,896 | ---- | M] (BullGuard Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BdFileSpy.sys -- (BdFileSpy) DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.04.11 16:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2007.04.11 16:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2007.04.11 16:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.04.11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2007.01.27 12:06:54 | 000,016,984 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Programme\BullGuard Software\BullGuard\Reconn.sys -- (Reconn) DRV - [2007.01.08 19:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.10.18 18:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\xfilt.sys -- (xfilt) DRV - [2006.10.17 21:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\videX32.sys -- (videX32) DRV - [2006.09.28 23:41:00 | 000,247,808 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SUNA_deDE235&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=Z600txG2ZrVf0P0waeNLih3vIeE?q={searchTerms} IE - HKCU\..\SearchScopes\{895274DE-34F9-49ED-A5C6-ACA573DA0397}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{A8A86E9D-857A-4C32-ABC2-1F23F7785B1A}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2007.08.13 18:42:07 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: TelevisionFanatic Installer Plugin Stub (Enabled) = C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\bullguard.exe (BullGuard Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [InstantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe File not found O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [TVEService] C:\Program Files\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe (BullGuard Software) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.68.161.141 217.68.161.171 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A839DD66-1EBE-4FBE-B82D-6E1E6E753820}: DhcpNameServer = 217.68.161.141 217.68.161.171 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\norway post.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\norway post.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.23 20:11:26 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe [2012.07.23 19:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.07.23 18:22:25 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\AppData\Roaming\Malwarebytes [2012.07.23 18:22:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.23 18:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [2012.07.23 18:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.23 18:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.23 18:17:34 | 005,249,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jürgen\Desktop\malwarebytes_antimalware_1.61.exe [2012.07.21 23:10:26 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\AppData\Roaming\hellomoto [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.23 20:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.23 20:42:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.23 20:14:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.23 20:11:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe [2012.07.23 19:57:08 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.23 19:36:48 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job [2012.07.23 19:31:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.23 19:31:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.23 19:31:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.23 19:31:44 | 1072,160,768 | -HS- | M] () -- C:\hiberfil.sys [2012.07.23 18:17:34 | 005,249,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jürgen\Desktop\malwarebytes_antimalware_1.61.exe [2012.07.17 14:52:00 | 000,007,728 | ---- | M] () -- C:\Users\Jürgen\AppData\Local\d3d9caps.dat [2012.07.16 11:15:42 | 000,014,848 | ---- | M] () -- C:\Users\Jürgen\Documents\Allianz-Rechtsschutzvers..wps [2012.07.16 11:15:42 | 000,005,026 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat [2012.07.13 09:20:21 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.13 09:20:21 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.13 09:20:21 | 000,126,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.13 09:20:21 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.12 11:28:23 | 000,395,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.12 11:24:42 | 000,010,752 | ---- | M] () -- C:\Users\Jürgen\Documents\Hallennutzug Do.Sportsch..xlr [2012.07.07 22:51:09 | 006,761,472 | ---- | M] () -- C:\Users\Jürgen\Documents\Hannelore.wps [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.23 19:57:08 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.23 19:53:34 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.23 19:31:44 | 1072,160,768 | -HS- | C] () -- C:\hiberfil.sys [2012.07.16 11:15:42 | 000,014,848 | ---- | C] () -- C:\Users\Jürgen\Documents\Allianz-Rechtsschutzvers..wps [2012.07.12 11:20:00 | 000,010,752 | ---- | C] () -- C:\Users\Jürgen\Documents\Hallennutzug Do.Sportsch..xlr [2012.07.07 22:51:08 | 006,761,472 | ---- | C] () -- C:\Users\Jürgen\Documents\Hannelore.wps [2009.12.12 22:19:18 | 000,000,234 | ---- | C] () -- C:\Users\Jürgen\Goya.ini [2007.11.18 15:37:42 | 000,292,069 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\mdb.bin [2007.10.02 15:45:47 | 000,852,480 | -HS- | C] () -- C:\Users\Jürgen\ehthumbs_vista.db [2007.05.08 17:49:46 | 009,794,421 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\UserTile.png [2007.04.17 19:35:40 | 000,000,034 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\Default.PLS [2007.04.01 11:39:35 | 000,007,728 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\d3d9caps.dat [2007.03.25 22:15:43 | 000,054,272 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.03.25 16:24:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT [2007.03.25 16:19:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Electric Clav [2007.03.25 16:19:28 | 000,000,268 | RH-- | C] () -- C:\Users\Jürgen\AppData\Roaming\Drums [2007.03.25 16:19:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT [2007.03.25 16:19:28 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Equalizer [2007.03.25 14:35:45 | 000,005,026 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2009.07.12 17:00:46 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\BullGuard [2011.08.23 17:09:26 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Canon [2010.08.13 19:56:25 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\CD-LabelPrint [2012.07.21 23:10:37 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\hellomoto [2008.02.21 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\MAGIX [2008.02.20 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\MAGIX-Fotobuch [2007.06.03 14:31:01 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\muvee Technologies [2007.03.25 16:25:14 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Nikon [2007.12.05 17:53:57 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\ScanSoft [2010.03.14 16:33:01 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Template [2007.03.25 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\TVcentral-Core [2007.03.25 15:49:58 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Ulead Systems [2012.07.22 05:34:38 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.23 19:36:48 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.07.2012 20:44:44 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jürgen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1021,76 Mb Total Physical Memory | 378,10 Mb Available Physical Memory | 37,01% Memory free
2,26 Gb Paging File | 0,90 Gb Available in Paging File | 39,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 271,72 Gb Total Space | 162,23 Gb Free Space | 59,71% Space Free | Partition Type: NTFS
Drive D: | 26,34 Gb Total Space | 18,12 Gb Free Space | 68,80% Space Free | Partition Type: FAT32
Computer Name: JÜRGEN-PC | User Name: Jürgen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AB0C72-BA61-4ACC-8A05-E23381C67587}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{24DA8DA6-2CA6-43C5-8007-A77F2D01D229}" = lport=445 | protocol=6 | dir=in | app=system |
"{31222795-AFE2-46C2-BDC7-1ED19B577BC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3495AA1D-0350-4212-8134-10CBEF44410D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{410204F3-A619-40B3-A9B7-1624168DE2F1}" = rport=139 | protocol=6 | dir=out | app=system |
"{4174D69D-5CC3-4BB6-ABC5-5D6D7DA25D48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57C95527-FD1C-433F-BF88-7D622BE65253}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71CDE941-97F3-4BA5-B560-62E4CA8BB128}" = lport=138 | protocol=17 | dir=in | app=system |
"{84B15899-52E2-4901-A406-AD7D8B22C52E}" = lport=139 | protocol=6 | dir=in | app=system |
"{8BD35B35-8229-4DA9-8B94-A9B156CEE352}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8EFEA8AF-865E-44A7-B3EF-208EB8380877}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8FB94EA2-78E9-4C14-B512-00601DD2F2DE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{95045D2D-4EB6-48E3-85EE-782AE1AE883E}" = rport=445 | protocol=6 | dir=out | app=system |
"{AAA51D81-AEAA-4D0D-8F4E-C6AFCEC640F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB2E8AFB-8421-40FC-980A-771A432FA2D5}" = rport=137 | protocol=17 | dir=out | app=system |
"{D13D9073-39F1-4D24-B711-0A6208B48F80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC8284CA-D7FA-4097-AC86-B4B384627601}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F9FFEA09-8CAB-493A-87FA-BEF6E6D9EDCD}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE46932-64F5-4239-8EB5-2548D18888D9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{11E99C04-B017-438E-ABA3-D1700862C423}" = dir=in | app=c:\program files\home cinema\makedisc\makedisc.exe |
"{1433B4E2-E8F7-4FAB-89EF-010FE1FA6B77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{29DA5EAC-E00B-473C-B77F-757E5EF88BBF}" = dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe |
"{2C11ACCD-BE42-4F8C-9EE5-E2C7DAC1703E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{56709FD9-65B4-444E-9D68-4470A2DED044}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6F31C600-719B-48DC-8D2E-AB3F317FECAE}" = dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe |
"{9DC8466E-A673-41F0-B2E5-551C1E2D89B1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C0117510-2CF3-4FF6-BA36-D964A291FBF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D9341E55-7242-41F1-BEF2-C6A79D665A16}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{11BC7474-4BF3-473F-BE38-3332B037E4D7}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{9BE8E041-97EB-42E0-BB17-3508C947BB7D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F4C67051-BF69-4317-BEBB-AFB0014AD6F6}C:\users\jürgen\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\jürgen\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{BAF25AB1-DB0F-4905-8723-388284D00446}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C7ABAC27-1D72-490E-89EF-E743892E9479}C:\users\jürgen\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\jürgen\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{CA7320D2-D660-4B8B-A432-84C7BA5566C3}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{29CBFC23-05A7-4286-93B8-BABE29BC1031}" = Nero 7 Essentials
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo Bonavista
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}" = ArcSoft MediaConverter 2.5
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ALDI Foto Manager Free Nord D" = ALDI Foto Manager Free Nord 3.4.0.466 (D)
"ALDI Foto Service Nord D" = ALDI Foto Service Nord 1.10.0.61 (D)
"ALDI Online Druck Service (Nord)" = ALDI Online Druck Service (Nord)
"BullGuard" = BullGuard 7.0 for Vista
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CDex" = CDex extraction audio
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Everest Poker" = Everest Poker (Remove Only)
"FileZilla" = FileZilla (remove only)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"LetsTrade" = LetsTrade Komponenten
"MAGIX Fotos auf CD & DVD 7 deluxe D" = MAGIX Fotos auf CD & DVD 7 deluxe 7.0.0.19 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.22.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord 6.0.2.0 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Nikon FotoShare" = Nikon FotoShare
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"Skype_is1" = eBay.de - Skype 3.0
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2012 13:37:56 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:37:56 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:38:55 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:39:17 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:39:19 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:39:56 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:40:07 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:40:07 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:40:13 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.07.2012 13:40:13 | Computer Name = Jürgen-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 23.07.2012 12:13:30 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description =
Error - 23.07.2012 12:13:39 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description =
Error - 23.07.2012 12:13:42 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description =
Error - 23.07.2012 12:14:07 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description =
Error - 23.07.2012 12:14:26 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description =
Error - 23.07.2012 12:14:32 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.07.2012 12:14:32 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.07.2012 12:34:38 | Computer Name = Jürgen-PC | Source = DCOM | ID = 10005
Description =
Error - 23.07.2012 13:35:45 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 23.07.2012 13:42:35 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
|
|
24.07.2012, 01:18
| #2 |
| /// Helfer-Team  | Computer gesperrt - 100 Euro überweisen Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7SUNA_deDE235&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Z600txG2ZrVf0P0waeNLih3vIeE?q={searchTerms}
IE - HKCU\..\SearchScopes\{895274DE-34F9-49ED-A5C6-ACA573DA0397}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{A8A86E9D-857A-4C32-ABC2-1F23F7785B1A}: "URL" = http://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
O4 - HKLM..\Run: [InstantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-1/4 File not found
O32 - HKLM CDRom: AutoRun - 1
:Files
C:\Windows\KHALMNPR.Exe
C:\Users\Jürgen\AppData\Roaming\hellomoto
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job
C:\Windows\Tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
27.07.2012, 20:02
| #3 |
| | Computer gesperrt - 100 Euro überweisen fein =9 hat alles geklappt.
__________________Hier das Logfile Code:
ATTFilter All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{895274DE-34F9-49ED-A5C6-ACA573DA0397}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{895274DE-34F9-49ED-A5C6-ACA573DA0397}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8A86E9D-857A-4C32-ABC2-1F23F7785B1A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8A86E9D-857A-4C32-ABC2-1F23F7785B1A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\InstantOn deleted successfully.
C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LanguageShortcut deleted successfully.
C:\Programme\Home Cinema\PowerDVD\Language\Language.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CanonSolutionMenu deleted successfully.
C:\Programme\Canon\SolutionMenu\CNSLMAIN.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Kernel and Hardware Abstraction Layer deleted successfully.
C:\Windows\KHALMNPR.Exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\toolbar_eula_launcher deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
File\Folder C:\Windows\KHALMNPR.Exe not found.
C:\Users\Jürgen\AppData\Roaming\hellomoto folder moved successfully.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job moved successfully.
File\Folder C:\Windows\Tasks\User_Feed_Synchronization-{E80C4D94-00B5-4D23-B7AC-1F8602163360}.job not found.
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Jürgen\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jürgen
->Temp folder emptied: 1718 bytes
->Temporary Internet Files folder emptied: 2178663578 bytes
->Java cache emptied: 40750651 bytes
->Google Chrome cache emptied: 64143546 bytes
->Flash cache emptied: 131669 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1235107977 bytes
RecycleBin emptied: 947 bytes
Total Files Cleaned = 3.356,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Jürgen
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07272012_204018
Files\Folders moved on Reboot...
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8WB9YBX\do_z[1].htm moved successfully.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8WB9YBX\if_z[1].htm moved successfully.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8WB9YBX\index[2].htm moved successfully.
File\Folder C:\Windows\temp\JETDCF2.tmp not found!
PendingFileRenameOperations files...
File C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8WB9YBX\do_z[1].htm not found!
File C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8WB9YBX\if_z[1].htm not found!
File C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8WB9YBX\index[2].htm not found!
File C:\Windows\temp\JETDCF2.tmp not found!
Registry entries deleted on Reboot...
|
|
28.07.2012, 14:03
| #4 |
| /// Helfer-Team | Computer gesperrt - 100 Euro überweisen Sehr gut!  1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
14.08.2012, 04:54
| #5 |
| /// Helfer-Team | Computer gesperrt - 100 Euro überweisen Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Computer gesperrt - 100 Euro überweisen |
| 2.0.7, administrator, anti-malware, appdata, autostart, canon, code, computer, dateien, ebay.de, euro, explorer, files, gelöscht, gen, gesperrt, heuristiks/extra, heuristiks/shuriken, install.exe, intranet, malwarebytes, microsoft, microsoft office word, plug-in, quarantäne, scripte, searchscopes, service, service pack 2, software, speicher, tmp, trojaner, version, vista |
Linear-Darstellung
