| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ransomware entfernen, Der Computer ist für die Verletzung...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.08.2012, 01:14
| #1 |
| |  Ransomware entfernen, Der Computer ist für die Verletzung... Hallo! ich habe mir den Trojaner eingefangen mit dem Titel: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert." Ich habe Malwarebytes runtergeladen und durchlaufen lassen, ohne Ergebnis. Die Datenbank war seit 33 Tagen veraltet (im abgesicherten Modus funktioniert das Internet nicht). Ich habe auch versucht über msconfig den Trojaner in der Autostartliste ausfindig zu machen und zu deaktivieren. Hat nichts gebracht. Jetzt weiß ich nicht mehr weiter. Ich hoffe, ich habe mit den txt-dateien alles richtig gemacht. Bitte helft mir! [QUOTE=OTL.txt]OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.08.2012 00:43:18 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\Administrator.MARCUS\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,96 Gb Available Physical Memory | 84,57% Memory free 5,34 Gb Paging File | 5,01 Gb Available in Paging File | 93,85% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 97,66 Gb Total Space | 45,25 Gb Free Space | 46,33% Space Free | Partition Type: NTFS Drive E: | 600,98 Gb Total Space | 134,47 Gb Free Space | 22,38% Space Free | Partition Type: NTFS Drive G: | 7,45 Gb Total Space | 4,92 Gb Free Space | 66,03% Space Free | Partition Type: FAT32 Computer Name: MARCUS | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.06 00:34:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Desktop\OTL.exe PRC - [2004.08.04 01:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.03.26 21:47:33 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.01.31 12:33:24 | 000,032,768 | ---- | M] () -- C:\Programme\Vtune\TBPanelExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012.08.03 00:13:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.11 10:08:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 18:23:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.02.11 17:54:16 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2010.02.11 17:54:15 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2007.06.01 11:21:30 | 000,271,920 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.11 10:08:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.11 10:08:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.08.31 11:28:56 | 000,147,040 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2009.12.04 03:00:00 | 000,273,760 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0640Vid.sys -- (V0640Vid) DRV - [2009.09.03 07:13:24 | 000,160,256 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0640Afx.sys -- (V0640Afx) DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.08 12:22:28 | 001,358,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.08.18 12:54:24 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts) DRV - [2008.03.25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008.03.25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008.02.14 15:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt) DRV - [2007.04.16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2003.09.08 17:06:00 | 000,255,360 | ---- | M] (D-Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AIRPLUS.sys -- (AIRPLUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.18 20:04:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.18 20:04:05 | 000,000,000 | ---D | M] [2012.06.08 20:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.04 19:16:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.19 10:44:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.06.08 20:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012.05.17 23:09:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012.02.15 21:09:39 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.15 21:09:40 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 21:09:40 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.15 21:09:40 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 21:09:40 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.23 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Live! Central 3] C:\Programme\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Creative Technology Ltd) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [sppcomapi] C:\Dokumente und Einstellungen\Sebatian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\2977\sppcomapi.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\D-Link AirPlus.lnk = C:\Programme\D-Link AirPlus\AIRPLUS.EXE (D-Link) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C597B413-E66D-46DC-931C-7910474043E5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.06 17:40:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.06 00:43:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Desktop\OTL.exe [2012.08.06 00:14:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Lokale Einstellungen\Anwendungsdaten\Adobe [2012.08.06 00:14:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Anwendungsdaten\Adobe [2012.08.05 23:55:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012.08.05 23:16:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Anwendungsdaten\TuneUp Software [2012.08.05 23:09:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Eigene Dateien [2012.08.05 22:58:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Anwendungsdaten\Malwarebytes [2012.08.05 22:58:10 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Anwendungsdaten\Microsoft [2012.08.05 22:58:10 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Cookies [2012.08.05 22:58:10 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\SendTo [2012.08.05 22:58:10 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Anwendungsdaten [2012.08.05 22:58:10 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Startmenü\Programme\Zubehör [2012.08.05 22:58:10 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Startmenü [2012.08.05 22:58:10 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Startmenü\Programme\Autostart [2012.08.05 22:58:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Vorlagen [2012.08.05 22:58:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Recent [2012.08.05 22:58:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Netzwerkumgebung [2012.08.05 22:58:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Lokale Einstellungen [2012.08.05 22:58:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Druckumgebung [2012.08.05 22:58:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Lokale Einstellungen\Anwendungsdaten\Microsoft [2012.08.05 22:58:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Favoriten [2012.08.05 22:58:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Desktop [2012.08.05 13:40:53 | 000,000,000 | ---D | C] -- C:\Programme\FrostWire 5 [2012.08.01 18:31:12 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot [2012.08.01 18:31:12 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar [2012.08.01 18:31:12 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater [2012.07.24 22:25:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.16 22:33:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe [2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.06 00:41:42 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.MARCUS\defogger_reenable [2012.08.06 00:34:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Desktop\OTL.exe [2012.08.06 00:32:20 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Desktop\Defogger.exe [2012.08.06 00:28:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.06 00:15:11 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.06 00:10:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.06 00:08:13 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.08.06 00:06:43 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2012.08.06 00:06:21 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2012.08.06 00:06:20 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.08.06 00:05:19 | 000,000,321 | RHS- | M] () -- C:\boot.ini [2012.08.05 22:20:19 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.08.05 22:13:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.07.18 13:30:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.06 00:42:52 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Desktop\Defogger.exe [2012.08.06 00:41:42 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.MARCUS\defogger_reenable [2012.08.05 22:58:10 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Startmenü\Programme\Remoteunterstützung.lnk [2012.08.05 22:58:10 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Startmenü\Programme\Windows Media Player.lnk [2012.08.02 00:31:05 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.24 10:17:27 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2011.10.11 14:46:10 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe [2011.07.02 16:17:20 | 000,001,204 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.07.02 16:10:15 | 000,000,291 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2011.03.05 00:10:38 | 000,000,036 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2011.01.01 20:29:48 | 000,016,797 | ---- | C] () -- C:\WINDOWS\War3Unin.dat [2010.11.20 14:45:20 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe [2010.11.20 14:45:20 | 000,010,956 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-Jardinains!.dat [2010.10.15 19:45:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.08.20 16:30:46 | 142,534,369 | ---- | C] () -- C:\Programme\openofficeorg1.cab [2009.08.20 16:29:58 | 009,818,624 | ---- | C] () -- C:\Programme\openofficeorg31.msi [2009.08.19 10:07:26 | 000,000,336 | ---- | C] () -- C:\Programme\setup.ini [2009.03.26 12:36:32 | 000,451,928 | ---- | C] () -- C:\Programme\setup.exe ========== LOP Check ========== [2012.08.05 23:16:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.MARCUS\Anwendungsdaten\TuneUp Software [2011.07.23 18:02:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Big Fish Games [2012.03.19 14:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios [2010.01.15 21:33:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MakeMusic [2012.04.29 21:08:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound [2010.01.09 01:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2010.03.14 18:08:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuickMediaConverter [2010.02.11 17:47:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2012.08.06 00:06:43 | 000,000,498 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job ========== Purity Check ========== < End of report > [QUOTE=Extra.txt]OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.08.2012 00:43:18 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\Administrator.MARCUS\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,96 Gb Available Physical Memory | 84,57% Memory free
5,34 Gb Paging File | 5,01 Gb Available in Paging File | 93,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,66 Gb Total Space | 45,25 Gb Free Space | 46,33% Space Free | Partition Type: NTFS
Drive E: | 600,98 Gb Total Space | 134,47 Gb Free Space | 22,38% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 4,92 Gb Free Space | 66,03% Space Free | Partition Type: FAT32
Computer Name: MARCUS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"7000:TCP" = 7000:TCP:*:Enabled:TCP-Port für Windows-EasyTransfer
"7000:UDP" = 7000:UDP:*:Enabled:UDP-Port für Windows-EasyTransfer
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.6\ICQ.exe" = C:\Programme\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\QIP Infium\infium.exe" = C:\Programme\QIP Infium\infium.exe:*:Enabled:QIP Infium -- (QIP)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Windows Easy Transfer 7\migwiz.exe" = C:\Programme\Windows Easy Transfer 7\migwiz.exe:*:Enabled:Windows-EasyTransfer -- (Microsoft Corporation)
"C:\Programme\Warcraft III\Warcraft III.exe" = C:\Programme\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- ()
"C:\Programme\Ballerburg\Ballerburg.exe" = C:\Programme\Ballerburg\Ballerburg.exe:*:Enabled:Odin -- ()
"C:\Programme\BlobbyVolley\volley.exe" = C:\Programme\BlobbyVolley\volley.exe:*:Disabled:volley -- ()
"C:\Programme\GOG.com\Heroes of Might and Magic 2 GOLD\DOSBOX\dosbox.exe" = C:\Programme\GOG.com\Heroes of Might and Magic 2 GOLD\DOSBOX\dosbox.exe:*:Enabled:DOSBox DOS Emulator -- (DOSBox Team)
"C:\Programme\ICQ7.6\ICQ.exe" = C:\Programme\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
"C:\Programme\StealthNet\StealthNet.exe" = C:\Programme\StealthNet\StealthNet.exe:*:Enabled:StealthNet -- (The StealthNet Team)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)
"C:\Programme\FrostWire 5\FrostWire.exe" = C:\Programme\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21BBAD12-C75F-4F06-A9B0-6F8BEEAF3846}" = Moorhuhn X - XS
"{23430AE3-6FFF-47CF-B7E7-1552FC61DF39}" = Philips Flat Panel Adjust
"{2511D82C-2688-41C2-ABF8-AF237795989B}" = pdfforge Toolbar v6.2
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{66EBD70F-A42C-475F-AEDF-277378151031}" = Nero 7 Essentials
"{69C92B42-DFED-4304-8AA2-C90783D706FD}" = Skat 8.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}" = D-Link AirPlus
"{E2729A36-33EB-4094-9759-2C7A666DE296}" = Etherlords
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Ballerburg_is1" = Ballerburg
"BFGC" = Big Fish Games: Game Manager
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"Creative Live! Central 2" = Creative Live! Central 3
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0640" = Creative Live! Cam Socialize (VF0640) (1.00.04.00)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Finale 2011" = Finale 2011
"foobar2000" = foobar2000 v1.1.13
"Foxit Reader" = Foxit Reader
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Free Screen To Video_is1" = Free Screen To Video V 2.0
"FreeSweetGames" = FreeSweetGames (total removal)
"FrostWire 5" = FrostWire 5.3.8
"GNU Solfege_is1" = GNU Solfege 3.8.1
"Heroes of Might and Magic 2 GOLD_is1" = Heroes of Might and Magic 2 GOLD
"Heroes of Might and Magic IV" = Heroes of Might and Magic® IV
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"IrfanView" = IrfanView (remove only)
"Jardinains!" = Jardinains!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MD Adressbuch 2009_is1" = MD Adressbuch 2009
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.6.27)" = Mozilla Firefox (3.6.27)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.01.1532" = Opera 12.01
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"ST6UNST #1" = Hero Editor V0.96
"SysInfo" = Creative Systeminformationen
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.2
"Vtune_is1" = Vtune 7.6
"WET7Cable" = Windows-EasyTransfer
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR
"Worminator 3" = Worminator 3 (remove only)
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.05.2012 04:12:51 | Computer Name = MARCUS | Source = Microsoft IntelliPoint | ID = 1000
Description =
Error - 01.08.2012 19:15:16 | Computer Name = MARCUS | Source = JavaQuickStarterService | ID = 1
Description =
Error - 05.08.2012 07:08:10 | Computer Name = MARCUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung h5_game.exe, Version 1.60.0.51, fehlgeschlagenes
Modul h5_game.exe, Version 1.60.0.51, Fehleradresse 0x0015ecbc.
Error - 05.08.2012 08:53:30 | Computer Name = MARCUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung h5_game.exe, Version 1.60.0.51, fehlgeschlagenes
Modul h5_game.exe, Version 1.60.0.51, Fehleradresse 0x0015ecbc.
Error - 05.08.2012 08:54:00 | Computer Name = MARCUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung h5_game.exe, Version 1.60.0.51, fehlgeschlagenes
Modul h5_game.exe, Version 1.60.0.51, Fehleradresse 0x0015ecbc.
Error - 05.08.2012 08:55:09 | Computer Name = MARCUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung h5_game.exe, Version 1.60.0.51, fehlgeschlagenes
Modul h5_game.exe, Version 1.60.0.51, Fehleradresse 0x0015ecbc.
Error - 05.08.2012 09:59:52 | Computer Name = MARCUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung h5_game.exe, Version 1.60.0.51, fehlgeschlagenes
Modul h5_game.exe, Version 1.60.0.51, Fehleradresse 0x0062b4bd.
Error - 05.08.2012 10:29:27 | Computer Name = MARCUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung h5_game.exe, Version 1.60.0.51, fehlgeschlagenes
Modul h5_game.exe, Version 1.60.0.51, Fehleradresse 0x0062b4bd.
Error - 05.08.2012 15:47:07 | Computer Name = MARCUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung h5_game.exe, Version 1.60.0.51, fehlgeschlagenes
Modul h5_game.exe, Version 1.60.0.51, Fehleradresse 0x0062b4bd.
Error - 05.08.2012 17:01:33 | Computer Name = MARCUS | Source = ESENT | ID = 482
Description = HelpSvc (1124) Versuch, in Datei "C:\WINDOWS\PCHealth\HelpCtr\Database\HCdata.edb"
bei Offset 20480 (0x0000000000005000) für 4096 (0x00001000) Bytes zu schreiben,
ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler
-1032 (0xfffffbf8) bei Schreiboperation. Wenn dieser Zustand andauert, ist die
Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt
werden.
[ System Events ]
Error - 05.08.2012 18:10:58 | Computer Name = MARCUS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 05.08.2012 18:12:19 | Computer Name = MARCUS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 05.08.2012 18:12:19 | Computer Name = MARCUS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 05.08.2012 18:12:19 | Computer Name = MARCUS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "Umgebung
für die AFD-Netzwerkunterstützung" abhängig, der aufgrund folgenden Fehlers nicht
gestartet wurde: %%31
Error - 05.08.2012 18:12:19 | Computer Name = MARCUS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 05.08.2012 18:12:19 | Computer Name = MARCUS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD AmdPPM avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
Error - 05.08.2012 18:14:48 | Computer Name = MARCUS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 05.08.2012 18:15:12 | Computer Name = MARCUS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 05.08.2012 18:41:21 | Computer Name = MARCUS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 05.08.2012 18:41:24 | Computer Name = MARCUS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
[ TuneUp Events ]
Error - 11.05.2012 10:37:44 | Computer Name = MARCUS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-05-11 16:37:44', '\device\harddiskvolume1\programme\malwarebytes'
anti-malware\mbam.exe','3764',0)
Error - 11.05.2012 10:38:19 | Computer Name = MARCUS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-05-11 16:38:19', '\device\harddiskvolume1\programme\malwarebytes'
anti-malware\mbam.exe','2088',0)
Error - 20.05.2012 08:25:56 | Computer Name = MARCUS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-05-20 14:25:56', '\device\harddiskvolume1\programme\malwarebytes'
anti-malware\mbam.exe','1840',0)
Error - 20.05.2012 08:43:31 | Computer Name = MARCUS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-05-20 14:43:31', '\device\harddiskvolume1\programme\malwarebytes'
anti-malware\mbam.exe','4040',0)
Error - 03.06.2012 10:18:04 | Computer Name = MARCUS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-06-03 16:18:04', '\device\harddiskvolume1\programme\malwarebytes'
anti-malware\mbam.exe','1924',0)
Error - 24.06.2012 08:57:36 | Computer Name = MARCUS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-06-24 14:57:36', '\device\harddiskvolume1\programme\monkey's
audio\monkey's audio.exe','248',0)
Error - 01.08.2012 18:29:50 | Computer Name = MARCUS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-08-02 00:29:50', '\device\harddiskvolume1\programme\malwarebytes'
anti-malware\mbam.exe','3572',0)
Error - 01.08.2012 18:30:55 | Computer Name = MARCUS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-08-02 00:30:55', '\device\harddiskvolume1\dokumente
und einstellungen\all users\anwendungsdaten\malwarebytes\malwarebytes' anti-malware\mbam-setup.exe','420',0)
Error - 01.08.2012 18:31:15 | Computer Name = MARCUS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-08-02 00:31:15', '\device\harddiskvolume1\programme\malwarebytes'
anti-malware\mbam.exe','1552',0)
Error - 01.08.2012 18:31:50 | Computer Name = MARCUS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-08-02 00:31:50', '\device\harddiskvolume1\programme\malwarebytes'
anti-malware\mbam.exe','644',0)
< End of report >
Gmer hab ich auch scannen lassen, aber als ich die Datei unter "Gmer.txt" gespeichert habe, kam nur eine leere Textdatei raus. Hätte ich sie als Gmer.log speichern müssen?! lieben Dank! marcus |
|
06.08.2012, 02:59
| #2 |
| /// Helfer-Team  | Ransomware entfernen, Der Computer ist für die Verletzung... Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [sppcomapi] C:\Dokumente und Einstellungen\Sebatian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\2977\sppcomapi.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.06 17:40:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012.08.01 18:31:12 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2012.08.01 18:31:12 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[2012.08.01 18:31:12 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2012.08.06 00:08:13 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 00:06:43 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.08.06 00:06:20 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.05 22:13:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
06.08.2012, 08:52
| #3 |
| | Ransomware entfernen, Der Computer ist für die Verletzung... Hallo t'john,
__________________erstmal vielen Dank für die schnelle Hilfe! Hier das OTL Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Programme\Application Updater\ApplicationUpdater.exe moved successfully.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\tbDVD1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\tbsoft.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVD1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sppcomapi deleted successfully.
C:\Dokumente und Einstellungen\Sebatian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\2977\sppcomapi.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\chrome\content folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\chrome folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Res folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Lang folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot folder moved successfully.
C:\Programme\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Programme\pdfforge Toolbar\Res folder moved successfully.
C:\Programme\pdfforge Toolbar\IE\6.2 folder moved successfully.
C:\Programme\pdfforge Toolbar\IE folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Programme\pdfforge Toolbar\FF folder moved successfully.
C:\Programme\pdfforge Toolbar folder moved successfully.
C:\Programme\Application Updater folder moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\1-Klick-Wartung.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.
Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.
Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.
C:\Dokumente und Einstellungen\Administrator.MARCUS\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Administrator.MARCUS\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Administrator.MARCUS
->Temp folder emptied: 4003480 bytes
->Temporary Internet Files folder emptied: 727388 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Sebatian
->Temp folder emptied: 751181066 bytes
->Temporary Internet Files folder emptied: 5708538 bytes
->Java cache emptied: 4544591 bytes
->FireFox cache emptied: 54631111 bytes
->Opera cache emptied: 33755274 bytes
->Flash cache emptied: 12747 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138613 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5081018 bytes
RecycleBin emptied: 66216 bytes
Total Files Cleaned = 821,00 mb
[EMPTYFLASH]
User: Administrator
User: Administrator.MARCUS
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Sebatian
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08062012_094531
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Geändert von MarcusCP (06.08.2012 um 09:09 Uhr) |
|
06.08.2012, 15:16
| #4 |
| /// Helfer-Team | Ransomware entfernen, Der Computer ist für die Verletzung... Sehr gut!  1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
06.08.2012, 20:56
| #5 | ||
| | Ransomware entfernen, Der Computer ist für die Verletzung... So, hab alles umgesetzt. Ist der Fall jetzt ausgestanden? Zitat:
Zitat:
|
|
07.08.2012, 13:41
| #6 |
| /// Helfer-Team | Ransomware entfernen, Der Computer ist für die Verletzung... Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> Ransomware entfernen, Der Computer ist für die Verletzung... |
|
07.08.2012, 17:44
| #7 | ||
| | Ransomware entfernen, Der Computer ist für die Verletzung... So, ich musste für Emsisoft Anti-Malware erst das Service Pack3 installieren. Ansonsten gabs keine Probleme. Zitat:
Zitat:
|
|
07.08.2012, 18:27
| #8 |
| /// Helfer-Team | Ransomware entfernen, Der Computer ist für die Verletzung... Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
07.08.2012, 20:16
| #9 | |
| | Ransomware entfernen, Der Computer ist für die Verletzung... Ok, Emsisoft Anti-Malware deinstalliert. ESET scannen lassen. Log: Zitat:
|
|
07.08.2012, 20:24
| #10 |
| /// Helfer-Team | Ransomware entfernen, Der Computer ist für die Verletzung... Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
07.08.2012, 22:17
| #11 |
| | Ransomware entfernen, Der Computer ist für die Verletzung... Ich habe Java aktualisiert und die Einstellungen wie in der Anleitung angepasst. |
|
07.08.2012, 23:23
| #12 |
| /// Helfer-Team | Ransomware entfernen, Der Computer ist für die Verletzung... Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
|
08.08.2012, 00:01
| #13 |
| | Ransomware entfernen, Der Computer ist für die Verletzung... Ganz herzlichen Dank! Ich bin so froh über deine Hilfe. Die "Links zum Abarbeiten" werde ich noch durchgehen. Damit ich sobald nicht wieder Hilfe in Anspruch nehmen muss |
|
08.08.2012, 00:05
| #14 |
| /// Helfer-Team | Ransomware entfernen, Der Computer ist für die Verletzung... wuensche eine virenfreie Zeit |
|
| Themen zu Ransomware entfernen, Der Computer ist für die Verletzung... |
| abgesicherten modus funktioniert, antivir, audacity, avira, bho, browser, computer, conduit, der computer ist für die verletzung, downloader, einstellungen, entfernen, error, firefox, flash player, format, gmer.log, google earth, grand theft auto, helper, home, installation, internet, internet browser, logfile, national, pdfforge toolbar, plug-in, registry, rundll, scan, security, software, trojaner, udp, wrapper, youtube downloader, zugriff verweigert |
Linear-Darstellung
