Achtung! Ihr Computer wurde gesperrt (Win Vista)

cosinus · 09.02.2012, 11:37

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKLM\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=gppc
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Max DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=gppc"
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
[2012.02.07 19:03:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.04 14:38:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.02.07 19:03:17 | 000,000,000 | ---D | M] (Max DE Community Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{53b7f561-e49d-4a38-bc38-0f2642cee09c}
[2010.08.01 22:28:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2011.07.26 23:19:27 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\ffxtlbr@Facemoods.com
[2009.12.22 12:23:56 | 000,000,915 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\conduit.xml
[2012.02.06 21:42:35 | 000,000,955 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\icqplugin.xml
[2008.10.19 01:35:57 | 000,000,276 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\search.xml
2009.05.26 22:04:57 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2011.07.26 23:22:43 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
CHR - Extension: Facemoods = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O2 - BHO: (Reg Error: Value error.) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Max DE Toolbar) - {53B7F561-E49D-4A38-BC38-0F2642CEE09C} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (P2P Max Toolbar) - {72AE8426-3B8D-4EAD-B191-8D0AD1C62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found	
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.11.06 23:27:19 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.01.13 16:21:39 | 000,000,000 | ---D | M] - H:\AutomationML -- [ NTFS ]
O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2008.10.17 20:30:51 | 001,046,016 | R--- | M] ()
MsConfig - StartUpReg: 00PCTFW - hkey= - key= -  File not found
MsConfig - StartUpReg: CCUTRAYICON - hkey= - key= -  File not found
MsConfig - StartUpReg: VirRL2009 - hkey= - key= -  File not found
MsConfig - StartUpReg: wblogon - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:825D5945
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C31F31E6
:Files
C:\Users\Besitzer\AppData\Roaming\Uniblue
C:\Program Files\Uniblue
C:\Users\Besitzer\AppData\Local\Opera\Opera\profile\cache4\temporary_download\Facemoods.exe
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
C:\Users\Besitzer\Downloads\eMule
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Achtung! Ihr Computer wurde gesperrt (Win Vista)

Log-Analyse und Auswertung: Achtung! Ihr Computer wurde gesperrt (Win Vista)

Achtung! Ihr Computer wurde gesperrt (Win Vista)

Ähnliche Themen: Achtung! Ihr Computer wurde gesperrt (Win Vista)