Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows Vista blockiert, 50 Euro für Behebung gefordert. otl.txt + extra.txt hochgeladen

Windows Vista blockiert, 50 Euro für Behebung gefordert. otl.txt + extra.txt hochgeladen


Plagegeister aller Art und deren Bekämpfung: Windows Vista blockiert, 50 Euro für Behebung gefordert. otl.txt + extra.txt hochgeladen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.02.2012, 18:29   #6
iNexT
 
Windows Vista blockiert, 50 Euro für Behebung gefordert. otl.txt + extra.txt hochgeladen - Standard

Windows Vista blockiert, 50 Euro für Behebung gefordert. otl.txt + extra.txt hochgeladen


So hier ist die gewünschte Log von Combofix.

Code:
ATTFilter
ComboFix 12-02-07.01 - media 07.02.2012  18:06:00.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4062.2164 [GMT 1:00]
ausgeführt von:: c:\users\media\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Mozilla Firefox\components\AskHPRFF.js
c:\program files (x86)\Mozilla Firefox\extensions\dealio@mybrowserbar.com
c:\programdata\sysReserve.ini
c:\users\media\AppData\Roaming\chrtmp
c:\users\media\AppData\Roaming\EasyMetin2_de_1.0.6.1836_cracked.exe
c:\users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kna0.5082704360609919.exe.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-07 bis 2012-02-07  ))))))))))))))))))))))))))))))
.
.
2012-02-07 17:17 . 2012-02-07 17:17	--------	d-----w-	c:\users\media\AppData\Local\temp
2012-02-07 17:17 . 2012-02-07 17:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-07 16:24 . 2012-02-07 16:24	--------	d-----w-	C:\found.000
2012-02-07 14:20 . 2012-02-07 15:27	--------	d-----w-	C:\_OTL
2012-02-07 14:13 . 2012-02-07 14:13	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-07 11:50 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3601690B-8A99-4956-A3E5-7B2AA48AB5A1}\mpengine.dll
2012-01-25 20:10 . 2011-11-16 16:42	347136	----a-w-	c:\windows\system32\schannel.dll
2012-01-25 20:10 . 2011-11-17 06:53	515968	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-25 20:10 . 2011-11-16 16:43	442368	----a-w-	c:\windows\system32\winhttp.dll
2012-01-25 20:10 . 2011-11-16 16:42	94720	----a-w-	c:\windows\system32\secur32.dll
2012-01-25 20:10 . 2011-11-16 16:41	1689600	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-25 20:10 . 2011-11-16 16:24	77312	----a-w-	c:\windows\SysWow64\secur32.dll
2012-01-25 20:10 . 2011-11-16 16:23	377344	----a-w-	c:\windows\SysWow64\winhttp.dll
2012-01-25 20:10 . 2011-11-16 16:23	278528	----a-w-	c:\windows\SysWow64\schannel.dll
2012-01-25 20:09 . 2011-11-16 14:34	11264	----a-w-	c:\windows\system32\lsass.exe
2012-01-15 08:25 . 2012-01-15 08:25	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-15 08:25 . 2012-01-15 08:25	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-15 08:25 . 2012-01-15 08:25	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-15 08:25 . 2012-01-15 08:25	43992	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2009-11-04 15:41	279656	------w-	c:\windows\system32\MpSigStub.exe
2011-11-23 13:57 . 2011-12-15 15:54	2764800	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{f4e6547e-325b-403c-a3bb-ad29ed37a92f}"= "c:\program files (x86)\SearchElf_1.2\prxtbSea0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E}]
2011-12-19 20:25	167936	----a-w-	c:\program files (x86)\TheBflix\thebflix.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-05-30 13:35	89008	----a-w-	c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-06-01 17:17	1236360	----a-w-	c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 18:17	1487240	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 17:21	1299248	----a-w-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]
2011-01-17 14:54	175912	----a-w-	c:\program files (x86)\SearchElf_1.2\prxtbSea0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11	194848	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{f4e6547e-325b-403c-a3bb-ad29ed37a92f}"= "c:\program files (x86)\SearchElf_1.2\prxtbSea0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll" [2011-05-30 89008]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Search Protection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-03-20 319792]
"BitTorrent DNA"="c:\users\media\Program Files (x86)\DNA\btdna.exe" [2010-03-01 323392]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-11-06 2975640]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-07 1242448]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-08-30 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-08-30 347008]
"GameXN"="c:\programdata\GameXN\GameXNGO.exe" [2011-08-30 347008]
"Akamai NetSession Interface"="c:\users\media\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 210216]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2008-12-10 842816]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"4StoryPrePatch"="c:\program files (x86)\Gameforge4D\4Story\PrePatch.exe" [2010-11-20 319488]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-08-17 534880]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
.
c:\users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2011-3-16 202240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll 
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-11 c:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2011-04-09 16:03]
.
2011-11-23 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2011-04-09 16:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-06-01 17:17	1793416	----a-w-	c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-17 1561384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 15959584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 82464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.sweetim.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: Free YouTube to Mp3 Converter - c:\users\media\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{603D3CE5-33BC-4d51-A31E-613A2B826E21} - c:\users\media\AppData\Roaming\IEButtons\toolbutton2.js
IE: {{804420A5-7F05-4ee9-92F2-D2B644AD9102} - c:\users\media\AppData\Roaming\IEButtons\toolbutton3.js
IE: {{C376BD23-6DC3-4e10-9ED0-AB8C0444E45C} - c:\users\media\AppData\Roaming\IEButtons\toolbutton1.js
TCP: DhcpNameServer = 10.0.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\media\AppData\Roaming\Mozilla\Firefox\Profiles\kni8simj.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=de_DE&apn_uid=79138EAE-95C4-4798-B79B-0F06E1882905&apn_ptnrs=UG&apn_sauid=3D8D1A16-CADA-4375-BF03-01B89A5DF529&apn_dtid=&q=
FF - user.js: extensions.BabylonToolbar_i.id - 3d481b13000000000000001e654b4450
FF - user.js: extensions.BabylonToolbar_i.hardId - 3d481b13000000000000001e654b4450
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15333
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:15
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - ef26b379-6387-4904-be00-8b9538817867
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 3d481b13000000000000001e654b4450
FF - user.js: extensions.softonic_i.instlDay - 15377
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.517:56
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00015
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-weather9-service - c:\users\media\AppData\Roaming\weather9\weather9-service.exe
Wow6432Node-HKCU-Run-Direct Card Updater - c:\users\media\AppData\Roaming\DirectCard Updater\Direct Card Updater.exe
Wow6432Node-HKCU-Run-RDReminder - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
AddRemove-Weather9 Service - c:\users\media\AppData\Roaming\weather9\uninstall.exe
AddRemove-Shoddy Battle - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va001]
"ImagePath"="\??\c:\windows\TEMP\0011D11.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\windows\TEMP\0056EDB.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3928627519-717092517-1777524165-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c1,aa,8c,f2,93,c3,96,9e,1a,ef,81,37,35,e5,95,6a,c7,40,b7,7f,be,c4,c3,
   4a,35,36,d0,db,fb,1e,47,68,80,89,47,94,09,8f,bc,b7,dd,a3,1b,c7,3a,65,6c,e9,\
"??"=hex:82,64,5a,d9,a9,fe,a6,eb,d5,9c,a3,a5,ce,77,fd,16
.
[HKEY_USERS\S-1-5-21-3928627519-717092517-1777524165-1000\Software\SecuROM\License information*]
"datasecu"=hex:27,63,4a,b3,45,63,b1,33,9d,c6,d0,19,40,7f,9f,ce,1e,e5,29,5d,f9,
   28,b2,5d,b0,a7,f5,1e,16,64,dc,7b,64,41,65,d0,28,b5,75,8b,df,a9,32,bd,f3,b4,\
"rkeysecu"=hex:4e,8b,68,ca,a9,2b,b9,82,bd,7c,60,fd,38,84,1c,91
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-07  18:27:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-07 17:27
.
Vor Suchlauf: 18 Verzeichnis(se), 97.194.995.712 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 96.282.824.704 Bytes frei
.
- - End Of File - - E5A0582F0E5F59E06DB8C99757D20C38

 

Themen zu Windows Vista blockiert, 50 Euro für Behebung gefordert. otl.txt + extra.txt hochgeladen
alternate, antivir, autorun, avira, babylon, babylon toolbar, babylontoolbar, bho, blockiert, conduit, converter, dealply, defender, desktop, ebay.de, error, euro, explorer, firefox, format, helper, home, intranet, logfile, mp3, nvstor.sys, pando media booster, plug-in, realtek, registry, required, rundll, scan, senden, studio, trojaner, vista, windows, windows vista blockiert, yontoo


« Langsamer Windows 7 Start nach Trojanerbefall | Windows blockiert... 50 Euro virus »


Ähnliche Themen: Windows Vista blockiert, 50 Euro für Behebung gefordert. otl.txt + extra.txt hochgeladen


  1. Windows Vista 50 Euro Sicherheitsupdate
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (1)
  2. Windows blockiert 50 Euro zahlen
    Log-Analyse und Auswertung - 20.03.2012 (1)
  3. (2x) Windows blockiert und verlangt 50 Euro
    Mülltonne - 15.03.2012 (2)
  4. 50 Euro Virus Windows blockiert
    Log-Analyse und Auswertung - 01.03.2012 (11)
  5. Windows Blockiert 50 Euro Zahlen !
    Log-Analyse und Auswertung - 01.03.2012 (1)
  6. Windows blockiert 50 Euro Fenster
    Log-Analyse und Auswertung - 27.02.2012 (4)
  7. Windows blockiert, 50 Euro Update
    Log-Analyse und Auswertung - 15.02.2012 (15)
  8. Windowssystem blockiert. OTLogfiles hochgeladen.
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (45)
  9. Windows blockiert 50 Euro bezahlen
    Log-Analyse und Auswertung - 11.02.2012 (17)
  10. Windows blockiert - 50 Euro für Virenupdate
    Log-Analyse und Auswertung - 11.02.2012 (3)
  11. 50 Euro Trojaner blockiert Windows 64 bit
    Log-Analyse und Auswertung - 30.01.2012 (27)
  12. 50 euro Trojaner blockiert windows 7
    Log-Analyse und Auswertung - 29.01.2012 (1)
  13. 50 Euro Virus - Windows blockiert
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (11)
  14. Windows-Vista blockiert - soll 50 euro bezahlen
    Log-Analyse und Auswertung - 30.12.2011 (12)
  15. Windows blockiert. 50 Euro Trojaner.
    Log-Analyse und Auswertung - 29.12.2011 (7)
  16. Windows blockiert, 50 Euro zahlen
    Log-Analyse und Auswertung - 29.12.2011 (14)
  17. 50 euro zahlen - windows blockiert
    Log-Analyse und Auswertung - 21.12.2011 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Vista blockiert, 50 Euro für Behebung gefordert. otl.txt + extra.txt hochgeladen - So hier ist die gewünschte Log von Combofix. Code: Alles auswählen Aufklappen ATTFilter ComboFix 12-02-07.01 - media 07.02.2012 18:06:00.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4062.2164 [GMT 1:00] ausgeführt - Windows Vista blockiert, 50 Euro für Behebung gefordert. otl.txt + extra.txt hochgeladen...
Archiv
Du betrachtest: Windows Vista blockiert, 50 Euro für Behebung gefordert. otl.txt + extra.txt hochgeladen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19