Windows System blockiert Geldaufforderung Trojaner?

dojoba90 · 13.12.2011, 21:33

Hallo,

bei meinem Asus Eee Netbook (Windwos 7 Starter 32bit) kamen vorhin als ich im Internet war auf einmal folgende Bilder (in der Reihenfolge wenn ich jeweils auf Geld bezahlen klicke)

hxxp://s7.directupload.net/file/d/2737/3aq3o277_jpg.htm
hxxp://s1.directupload.net/file/d/2737/ioun2niz_jpg.htm
hxxp://s7.directupload.net/file/d/2737/qn5z82b9_jpg.htm

Habe seitdem den PC öfters aus und an gemacht und mich hier etwas informiert, allerdings alles ohne irgendwelchen Erfolg bislang.
Da ich von PCs und Netbooks fast gar keine Ahnung habe, wäre ich für jede Unterstützung sehr dankbar.

Vielen Dank im voraus!

Chris4You · 13.12.2011, 21:40

Hi,

prüfe ob Du in den abgesicherten Modus (F8 beim Booten drücken) mit Eingabeaufforderung kommst.

Wenn ja wie folgt vorgehen:
Lade Dir OTL.EXE runter, speichere sie auf einen USB-Stick, anschließen und OTL auf den verseuchten Rechner kopieren (copy E:\OTL.exe ., wenn E der USB-Stick ist).
Dann starte OTL wie beschrieben, und speichere die LOGS auf dem Stick und poste sie hier...

Dann sehen wir weiter...

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop/Stick

* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

chris

dojoba90 · 14.12.2011, 15:07

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12/14/2011 2:53:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\windows\system32
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 84.21% Memory free
3.98 Gb Paging File | 3.67 Gb Available in Paging File | 92.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 27.56 Gb Free Space | 27.56% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 17.17 Gb Free Space | 13.97% Space Free | Partition Type: NTFS
Drive E: | 965.72 Mb Total Space | 950.45 Mb Free Space | 98.42% Space Free | Partition Type: FAT
 
Computer Name: DOMINIKJOST-PC | User Name: Dominik Jost | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\System32\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.gmx.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/26 12:48:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 09:26:24 | 000,000,000 | ---D | M]
 
[2010/01/01 15:55:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik Jost\AppData\Roaming\mozilla\Extensions
[2011/11/14 14:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik Jost\AppData\Roaming\mozilla\Firefox\Profiles\j269fjqi.default\extensions
[2011/04/17 12:00:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Dominik Jost\AppData\Roaming\mozilla\Firefox\Profiles\j269fjqi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/01/16 20:55:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik Jost\AppData\Roaming\mozilla\Firefox\Profiles\j269fjqi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}-trash
[2011/11/14 14:43:59 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dominik Jost\AppData\Roaming\mozilla\Firefox\Profiles\j269fjqi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/13 13:50:32 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\Dominik Jost\AppData\Roaming\mozilla\Firefox\Profiles\j269fjqi.default\extensions\bug489729@alice0775
[2011/05/13 13:51:03 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Dominik Jost\AppData\Roaming\mozilla\Firefox\Profiles\j269fjqi.default\extensions\DTToolbar@toolbarnet.com
[2010/11/29 20:37:45 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Dominik Jost\AppData\Roaming\mozilla\Firefox\Profiles\j269fjqi.default\extensions\vshare@toolbar
[2011/03/29 13:48:53 | 000,002,059 | ---- | M] () -- C:\Users\Dominik Jost\AppData\Roaming\Mozilla\Firefox\Profiles\j269fjqi.default\searchplugins\daemon-search.xml
[2011/12/14 13:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/11/26 12:48:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/11 12:02:10 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/11 12:02:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 12:02:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/11 12:02:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/11 12:02:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/11 12:02:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKCU..\Run: [firefox.exe] C:\Users\Dominik Jost\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
O4 - HKCU..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe (phonostar)
O4 - Startup: C:\Users\Dominik Jost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dominik Jost\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Dominik Jost\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dominik Jost\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19601322-3DC9-4DE5-90B1-052D7D930AE3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52AD0A48-3B05-4421-839C-954F7908DD54}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E126553-95F8-4EB8-99A7-008026BD363E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Aibelive\Voice Command\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3bda1dc5-529f-11df-ad27-002243fedba4}\Shell - "" = AutoRun
O33 - MountPoints2\{3bda1dc5-529f-11df-ad27-002243fedba4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{8cfe2aaa-1718-11e0-85c5-ccb494ca354e}\Shell - "" = AutoRun
O33 - MountPoints2\{8cfe2aaa-1718-11e0-85c5-ccb494ca354e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{ff7bd03c-4bbb-11df-ad20-002243fedba4}\Shell - "" = AutoRun
O33 - MountPoints2\{ff7bd03c-4bbb-11df-ad20-002243fedba4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/14 14:35:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\windows\System32\OTL.exe
[2011/12/14 13:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/12/14 13:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/12/14 13:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2011/12/13 19:21:57 | 000,000,000 | ---D | C] -- C:\Users\Dominik Jost\Desktop\stick
[2011/12/12 21:54:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik Jost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2011/12/12 21:23:23 | 000,000,000 | ---D | C] -- C:\Users\Dominik Jost\Desktop\weihnachten
[2011/12/12 14:31:44 | 000,000,000 | ---D | C] -- C:\Users\Dominik Jost\Desktop\ArWi 3.Skript-Paket
[2009/08/19 21:30:53 | 000,035,624 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2009/08/14 10:00:08 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/14 14:47:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/14 14:47:05 | 1603,723,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/14 13:45:37 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 13:45:37 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 22:42:14 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/12/13 22:42:14 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/12/13 22:42:14 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/12/13 22:42:14 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/12/11 16:30:21 | 035,215,102 | ---- | M] () -- C:\Users\Dominik Jost\Desktop\mama.pdf
[2011/12/10 22:50:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\windows\System32\OTL.exe
[2011/12/09 13:28:19 | 085,876,161 | ---- | M] () -- C:\Users\Dominik Jost\Desktop\mkt.pdf
[2011/12/08 15:03:58 | 001,553,828 | ---- | M] () -- C:\Users\Dominik Jost\Desktop\mamaaa.pdf
 
========== Files Created - No Company Name ==========
 
[2011/12/11 16:22:00 | 035,215,102 | ---- | C] () -- C:\Users\Dominik Jost\Desktop\mama.pdf
[2011/12/09 13:24:35 | 085,876,161 | ---- | C] () -- C:\Users\Dominik Jost\Desktop\mkt.pdf
[2011/12/08 15:03:07 | 001,553,828 | ---- | C] () -- C:\Users\Dominik Jost\Desktop\mamaaa.pdf
[2011/11/23 16:14:56 | 002,459,828 | ---- | C] () -- C:\Users\Dominik Jost\Desktop\Englisch.pdf
[2011/01/08 17:57:16 | 000,045,056 | ---- | C] () -- C:\windows\System32\unredmon.exe
[2011/01/08 17:57:15 | 000,116,224 | ---- | C] () -- C:\windows\System32\redmonnt.dll
[2010/08/16 09:34:56 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2010/06/06 16:23:08 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2010/01/28 21:58:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/24 15:45:47 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2009/08/24 15:45:46 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2009/08/19 21:18:56 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009/08/19 19:18:55 | 000,000,712 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2009/08/19 19:18:55 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2009/07/26 02:28:45 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/07/26 02:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/07/26 02:28:45 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/07/26 02:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,378,592 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/01 09:10:50 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2003/02/20 16:53:42 | 000,005,702 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010/01/01 19:47:21 | 000,000,000 | -HSD | M] -- C:\Users\Dominik Jost\AppData\Roaming\.#
[2011/10/15 10:16:26 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\Amazon
[2009/08/24 15:39:20 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\Asus WebStorage
[2011/04/21 10:44:37 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\Canon
[2010/01/16 20:56:13 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/29 13:53:48 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\DAEMON Tools Lite
[2011/12/14 13:39:37 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\Dropbox
[2011/07/15 22:03:22 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\DVDVideoSoft
[2011/04/17 12:26:58 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/01/01 19:47:12 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\GameConsole
[2010/08/14 12:11:26 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\HTC
[2010/08/14 12:12:17 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/12/01 14:19:08 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\ICQ
[2011/04/21 11:19:34 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\IrfanView
[2011/09/13 13:16:56 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\phonostar-Player
[2009/12/30 16:58:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik Jost\AppData\Roaming\VoiceCommand
[2011/07/22 15:23:12 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:734E442A

< End of report >

--- --- ---

Chris4You · 14.12.2011, 17:13

Hi,

soso, ein Firefox der aus dem AppData-Verzeichnis gestartet wird...

Das Script auf den USB-Stick kopieren und wie gehabt OTL starten,
dann über die Eingabeaufforderung notepad starten (notepad eingeben),
alles kopieren und in sOTL-Fix-Fenster (wie unten beschrieben) kopieren...

Wenn die UC.PIF nicht erkannt wird, bite das Feete aus dem Script rausnehmen

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: []  File not found
[2010/01/01 19:47:21 | 000,000,000 | -HSD | M] -- C:\Users\Dominik Jost\AppData\Roaming\.#
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:734E442A
O4 - HKCU..\Run: [firefox.exe] C:\Users\Dominik Jost\AppData\Roaming\Mozilla\Firefox\firefox.exe ()

:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Rechner sollte jetzt wieder sich normal booten lassen...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

Windows System blockiert Geldaufforderung Trojaner?

Plagegeister aller Art und deren Bekämpfung: Windows System blockiert Geldaufforderung Trojaner?