Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Polizei Virus - 100 EUR Österreich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 23.08.2012, 20:23   #1
alterGauner
 
Polizei Virus - 100 EUR Österreich - Standard

Polizei Virus - 100 EUR Österreich



Hallo,

eine Freundin hat sich scheinbar den 100 EUR Polizei Virus eingefangen... (entsprechender Screen kommt, wenn sie in das Internet gehen will, nicht immer aber regelmäßig. Zusätzlich wird der TaskManager gleich nach dem Start wieder geschlossen)
Habe dann kurz etwas gegoogelt und bin auf den Namen ukash gestossen.

Sie hat vorher etwas rumprobiert, hat dann aber gleich mal damit aufgehört und mich um Hilfe gebeten. Hab den Rechner dann genau so gelassen und bin mit einem anderen Rechner ins Internet. Bin dann eben auf dieses Forum gestossen und bitte um Unterstützung.

Kurze Info zum Rechner (weiteres holt ihr euch vermutlich aus den Logs):
* Windows 7, x86
* Der Rechner verbindet sich einerseits über WLAN (ASDL Router von AON) und andrerseits über einen DREI Stick ins Internet (ist ein Laptop).


Was ich nun gemacht habe:
1. Defogger runtergeladen, als Admin gestartet, disable Button geklickt und nach dem Scan auf finished geklickt. Neustart wurde keiner gefordert / gemacht. Fehlermeldung ist keine gekommen, ein File wurde aber erstellt (siehe anbei)
2. OTL wurde als Admin gestartet und ein Quickscan durchgeführt
3. Gmer wurde als Admin gestartet (es kam keine Warnung), Haken bei IAT/EAT entfernt, Festplatte war nur auf C ausgewählt, Showall wurde nicht angehackt. Scan wurde gestartet und es erfolgte nach einiger Zeit ein Reboot des Systems... es folgte die Frage, wie der Rechner gestartet werden soll (normal, abgesicherter Modus, etc.). Es wurde normal ausgewählt... Rechner blieb beim Booten hängen... nach einiger Zeit (ohne zutun) hat sich der Rechner selbstständig rebootet (ohne jemals den Login-Screen zu erreichen). Das Gleiche beim nächsten Versuch. Nun Windows mit Starthilfe gestartet... dort Wiederherstellung angewählt (damit ich hoffentlich wieder ins System komme)... nach der Wiederherstellung waren die Files von OTL, Gmer und Defogger vom Desktop verschwunden. Die Logs habe ich jedoch noch (eigenen Ordner für die Logs am Desktop erstellt).
4. Zweiter Versuch mit Gmer... Programme (auch OTL und Defogger) wieder auf den Desktop kopiert. Beim erneuten Start von GMER als Admin hat er einen Bluescreen geworfen... ok, das lass ich jetzt bleiben. Boot danach hat funktioniert, keine weiteren Schritte mehr gesetzt.

Eine Info noch: War etwas verwirrt bezüglich dem "Teaser" zum entfernen vom diesem Verschlüsselungstrojaner und Malwarebytes Anti-Malware... habe deshalb nur die Standardschritte wie hier (http://www.trojaner-board.de/69886-a...-beachten.html) beschrieben durchgeführt und warte auf weitere Anweisungen bevor ich weitere Dinge mache. Hoffe es war bisher alles korrekt.

Vielen Dank im voraus für die Hilfe.

LG

Defogger-Logfile:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:25 on 23/08/2012 (Rita)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL-Logfile:
Code:
ATTFilter
OTL logfile created on: 23.08.2012 20:36:57 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Rita\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 69,43% Memory free
6,18 Gb Paging File | 5,19 Gb Available in Paging File | 84,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,58 Gb Total Space | 183,44 Gb Free Space | 64,01% Space Free | Partition Type: NTFS
Drive D: | 11,51 Gb Total Space | 2,15 Gb Free Space | 18,67% Space Free | Partition Type: NTFS
 
Computer Name: RITA-PC | User Name: Rita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.23 20:03:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rita\Desktop\OTL.exe
PRC - [2012.08.12 10:57:27 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 19:33:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 19:33:35 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 19:33:35 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.12 10:45:12 | 000,312,784 | ---- | M] () -- C:\Programme\3DataManager\WTGService.exe
PRC - [2008.12.25 21:34:56 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2008.09.19 17:43:12 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.19 17:33:45 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.09.15 10:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.08.31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.07.12 04:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007.04.25 17:44:52 | 000,035,328 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006.11.10 08:12:28 | 000,099,936 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.09.30 19:34:52 | 000,345,384 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007.09.30 19:34:42 | 000,255,384 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007.09.30 19:34:42 | 000,120,208 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007.09.30 19:34:42 | 000,038,184 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007.09.30 19:33:32 | 000,066,856 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007.04.25 17:44:52 | 000,035,328 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.09 19:33:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 19:33:35 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.10.12 10:45:12 | 000,312,784 | ---- | M] () [Auto | Running] -- C:\Programme\3DataManager\WTGService.exe -- (WTGService)
SRV - [2007.10.26 17:56:05 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.08.31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007.08.23 20:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007.03.05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007.01.19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006.11.10 08:12:28 | 000,099,936 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.09 19:33:37 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 19:33:37 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.10.27 19:27:34 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.02.20 16:27:08 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.02.20 16:27:06 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2007.09.19 22:05:00 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.09.10 00:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.08.15 21:27:00 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20070823.002\IDSvix86.sys -- (IDSvix86)
DRV - [2007.07.11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007.07.10 16:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.05.30 15:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.07 04:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.16 23:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=81&bd=Pavilion&pf=laptop
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{95589FE0-ABD1-427D-89ED-F02A09D2362B}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKLM\..\SearchScopes\{EDD935D5-74CB-44B6-B1CB-B3934E3DF3C3}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{95589FE0-ABD1-427D-89ED-F02A09D2362B}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=DVS
IE - HKCU\..\SearchScopes\{EDD935D5-74CB-44B6-B1CB-B3934E3DF3C3}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.at/"
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Rita\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\3-addons\addon [2010.10.27 19:27:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.04.27 18:12:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.04.27 18:12:31 | 000,000,000 | ---D | M]
 
[2009.04.27 18:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\Extensions
[2009.02.10 18:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\extensions
[2009.02.10 18:41:33 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012.08.21 12:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\gkf51ian.default\extensions
[2011.07.26 21:42:50 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\gkf51ian.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.04.27 18:12:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.04.27 18:12:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.10.27 19:27:39 | 000,000,000 | ---D | M] (3DataManager BM) -- C:\PROGRAM FILES\3-ADDONS\ADDON
[2009.04.27 18:12:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 20:34:40 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-AT\local\search.html ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222706107 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5576C9B9-B4E5-4BC9-9082-F7D1BB80E410}: NameServer = 213.94.78.17 213.94.78.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF2C0C7-72AA-416A-B545-ACBE2859B36D}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rita\Desktop\Fotos\Tiere\Luna\DSCI0324.JPG
O24 - Desktop BackupWallPaper: C:\Users\Rita\Desktop\Fotos\Tiere\Luna\DSCI0324.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{01cba49e-63de-11df-912a-001e686d5bcd}\Shell - "" = AutoRun
O33 - MountPoints2\{01cba49e-63de-11df-912a-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{33e200b8-e1eb-11df-8fd6-001e686d5bcd}\Shell - "" = AutoRun
O33 - MountPoints2\{33e200b8-e1eb-11df-8fd6-001e686d5bcd}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{4e42652a-c81c-11e0-be20-001e686d5bcd}\Shell - "" = AutoRun
O33 - MountPoints2\{4e42652a-c81c-11e0-be20-001e686d5bcd}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{77e24954-8d68-11dd-9902-001e686d5bcd}\Shell - "" = AutoRun
O33 - MountPoints2\{77e24954-8d68-11dd-9902-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{81166b11-859c-11dd-8137-001e686d5bcd}\Shell - "" = AutoRun
O33 - MountPoints2\{81166b11-859c-11dd-8137-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{89b4ec74-9517-11dd-8f72-001e686d5bcd}\Shell - "" = AutoRun
O33 - MountPoints2\{89b4ec74-9517-11dd-8f72-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{94b29367-84db-11dd-9062-001e686d5bcd}\Shell - "" = AutoRun
O33 - MountPoints2\{94b29367-84db-11dd-9062-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{94b29398-84db-11dd-9062-001e686d5bcd}\Shell - "" = AutoRun
O33 - MountPoints2\{94b29398-84db-11dd-9062-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9a2896da-8d69-11dd-b1c3-001e686d5bcd}\Shell - "" = AutoRun
O33 - MountPoints2\{9a2896da-8d69-11dd-b1c3-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a97c1a3e-fa56-11e0-bc18-001e686d5bcd}\Shell - "" = AutoRun
O33 - MountPoints2\{a97c1a3e-fa56-11e0-bc18-001e686d5bcd}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{b7abed4a-9531-11dd-9397-001e686d5bcd}\Shell - "" = AutoRun
O33 - MountPoints2\{b7abed4a-9531-11dd-9397-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bf6643d3-b13c-11e0-b0d5-001e686d5bcd}\Shell - "" = AutoRun
O33 - MountPoints2\{bf6643d3-b13c-11e0-b0d5-001e686d5bcd}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.23 20:23:26 | 000,000,000 | ---D | C] -- C:\Users\Rita\Desktop\logs
[2012.08.23 20:12:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.23 20:09:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rita\Desktop\OTL.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.23 20:26:21 | 007,336,332 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.23 20:26:20 | 006,574,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.23 20:26:19 | 021,930,890 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.23 20:26:17 | 007,232,952 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.23 20:25:32 | 000,000,000 | ---- | M] () -- C:\Users\Rita\defogger_reenable
[2012.08.23 20:23:24 | 000,027,240 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\nvModes.001
[2012.08.23 20:20:23 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.08.23 20:17:52 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.23 20:17:52 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.23 20:17:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.23 20:17:36 | 3220,160,512 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.23 20:17:02 | 000,050,477 | ---- | M] () -- C:\Users\Rita\Desktop\Defogger.exe
[2012.08.23 20:16:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.23 20:03:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rita\Desktop\OTL.exe
[2012.08.23 19:41:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.23 19:24:56 | 000,027,240 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\nvModes.dat
[2012.08.21 13:05:14 | 000,001,728 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.27 18:46:10 | 000,002,623 | ---- | M] () -- C:\Users\Rita\Desktop\Microsoft Word.lnk
 
========== Files Created - No Company Name ==========
 
[2012.08.23 20:25:32 | 000,000,000 | ---- | C] () -- C:\Users\Rita\defogger_reenable
[2012.08.23 20:24:17 | 000,050,477 | ---- | C] () -- C:\Users\Rita\Desktop\Defogger.exe
[2012.08.21 13:05:14 | 000,001,728 | ---- | C] () -- C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.21 13:05:13 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.01.11 19:43:07 | 000,000,680 | ---- | C] () -- C:\Users\Rita\AppData\Local\d3d9caps.dat
[2008.12.09 20:18:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.08.17 16:37:09 | 000,027,240 | ---- | C] () -- C:\Users\Rita\AppData\Roaming\nvModes.dat
[2008.08.17 11:02:41 | 000,032,768 | ---- | C] () -- C:\Users\Rita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.16 18:55:20 | 000,027,240 | ---- | C] () -- C:\Users\Rita\AppData\Roaming\nvModes.001
 
========== LOP Check ==========
 
[2012.07.03 08:31:31 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\3DataManager
[2009.03.02 18:43:03 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Canon
[2010.05.27 18:42:20 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Facebook
[2010.03.24 18:36:33 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\funkitron
[2008.09.19 17:48:09 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\ICQ
[2008.08.26 17:46:06 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Magic Academy
[2008.08.16 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\MusicIP
[2009.09.16 18:05:04 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Opera
[2008.08.24 19:48:15 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\PlayFirst
[2010.10.27 19:27:40 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Program Files
[2008.10.08 08:23:48 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\ScanSoft
[2008.08.17 11:40:18 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\WildTangent
[2012.08.23 20:16:26 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt (ebenfalls von OTL erstellt):
Code:
ATTFilter
OTL Extras logfile created on: 23.08.2012 20:36:57 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Rita\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 69,43% Memory free
6,18 Gb Paging File | 5,19 Gb Available in Paging File | 84,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,58 Gb Total Space | 183,44 Gb Free Space | 64,01% Space Free | Partition Type: NTFS
Drive D: | 11,51 Gb Total Space | 2,15 Gb Free Space | 18,67% Space Free | Partition Type: NTFS
 
Computer Name: RITA-PC | User Name: Rita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8F4C1020-CDCC-439A-B4E6-6922D0EC7535}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B08343D0-B114-4EBB-B8C3-972FA2FBCF98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2480B806-1935-4B6E-BCDC-05DF9A143333}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{279FE066-8162-43C7-8D10-5A5ED953FBAC}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{48A2BFA7-7924-4B94-858C-B3005FFAF9B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E633699-3110-47B3-B02A-E11ED601BECF}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{8947AE81-9047-44D5-9CB5-4BA8B3BE9EF4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A815C14B-7F21-487F-B73C-ED49D162BB47}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{A92C4E3A-13B3-455C-8C0F-8D9965E77636}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DE4BCDCB-5EE7-490F-8181-766AA1AA2486}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"TCP Query User{6EF06739-D8B3-4DB9-9CCB-9547C8F3C9CE}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{DEA3A827-497C-4D68-8D66-385AEB7092B6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{DFAC4E31-D488-4E82-8BF1-50C6B1D35F28}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{441BA79D-EB7A-4EDD-BF75-5B89160020A8}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{52A6BD3C-6BBF-477A-929C-4F465735443D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{65476406-51F7-4152-BE29-F5DC398BCCFF}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = Die Sims™ Lebensgeschichten
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BA6E8AF-2122-4825-9B55-98BC351E3C94}" = ESU for Microsoft Vista
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"3DataManager" = 3DataManager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AOL Toolbar" = AOL Toolbar 5.0
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP140 series Benutzerregistrierung" = Canon MP140 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CDex" = CDex extraction audio
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"NVIDIA Drivers" = NVIDIA Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 6.0" = RealPlayer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.08.2010 14:20:37 | Computer Name = Rita-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 07.08.2010 14:20:37 | Computer Name = Rita-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 08.08.2010 13:51:15 | Computer Name = Rita-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 08.08.2010 13:51:15 | Computer Name = Rita-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 08.08.2010 13:51:15 | Computer Name = Rita-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 08.08.2010 13:51:18 | Computer Name = Rita-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 09.08.2010 06:36:06 | Computer Name = Rita-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 09.08.2010 06:36:06 | Computer Name = Rita-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 09.08.2010 06:36:06 | Computer Name = Rita-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 09.08.2010 06:36:09 | Computer Name = Rita-PC | Source = WerSvc | ID = 5007
Description = 
 
[ Media Center Events ]
Error - 16.08.2008 13:16:41 | Computer Name = Rita-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 08/16/2008 19:16:41
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
[ OSession Events ]
Error - 18.10.2011 09:46:39 | Computer Name = Rita-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.08.2012 10:01:46 | Computer Name = Rita-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 14, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 21.08.2012 10:01:46 | Computer Name = Rita-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 23.08.2012 13:12:18 | Computer Name = Rita-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.08.2012 13:44:09 | Computer Name = Rita-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 23.08.2012 um 19:41:41 unerwartet heruntergefahren.
 
Error - 23.08.2012 13:45:32 | Computer Name = Rita-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.08.2012 14:17:08 | Computer Name = Rita-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 12, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 23.08.2012 14:17:08 | Computer Name = Rita-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 13, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 23.08.2012 14:17:08 | Computer Name = Rita-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 14, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 23.08.2012 14:17:08 | Computer Name = Rita-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 23.08.2012 14:19:08 | Computer Name = Rita-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

Alt 24.08.2012, 01:11   #2
t'john
/// Helfer-Team
 
Polizei Virus - 100 EUR Österreich - Standard

Polizei Virus - 100 EUR Österreich





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{95589FE0-ABD1-427D-89ED-F02A09D2362B}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351 
IE - HKLM\..\SearchScopes\{EDD935D5-74CB-44B6-B1CB-B3934E3DF3C3}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at 
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{95589FE0-ABD1-427D-89ED-F02A09D2362B}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351 
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=DVS 
IE - HKCU\..\SearchScopes\{EDD935D5-74CB-44B6-B1CB-B3934E3DF3C3}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.startup.homepage: "http://www.gmx.at/" 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found 
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found 
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found 
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) 
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll File not found 
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. 
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File not found 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. 
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) 
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) 
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found 
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe () 
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-AT\local\search.html () 
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) 
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) 
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) 
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] 
O33 - MountPoints2\{01cba49e-63de-11df-912a-001e686d5bcd}\Shell - "" = AutoRun 
O33 - MountPoints2\{01cba49e-63de-11df-912a-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{33e200b8-e1eb-11df-8fd6-001e686d5bcd}\Shell - "" = AutoRun 
O33 - MountPoints2\{33e200b8-e1eb-11df-8fd6-001e686d5bcd}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 
O33 - MountPoints2\{4e42652a-c81c-11e0-be20-001e686d5bcd}\Shell - "" = AutoRun 
O33 - MountPoints2\{4e42652a-c81c-11e0-be20-001e686d5bcd}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 
O33 - MountPoints2\{77e24954-8d68-11dd-9902-001e686d5bcd}\Shell - "" = AutoRun 
O33 - MountPoints2\{77e24954-8d68-11dd-9902-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{81166b11-859c-11dd-8137-001e686d5bcd}\Shell - "" = AutoRun 
O33 - MountPoints2\{81166b11-859c-11dd-8137-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{89b4ec74-9517-11dd-8f72-001e686d5bcd}\Shell - "" = AutoRun 
O33 - MountPoints2\{89b4ec74-9517-11dd-8f72-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{94b29367-84db-11dd-9062-001e686d5bcd}\Shell - "" = AutoRun 
O33 - MountPoints2\{94b29367-84db-11dd-9062-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{94b29398-84db-11dd-9062-001e686d5bcd}\Shell - "" = AutoRun 
O33 - MountPoints2\{94b29398-84db-11dd-9062-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{9a2896da-8d69-11dd-b1c3-001e686d5bcd}\Shell - "" = AutoRun 
O33 - MountPoints2\{9a2896da-8d69-11dd-b1c3-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{a97c1a3e-fa56-11e0-bc18-001e686d5bcd}\Shell - "" = AutoRun 
O33 - MountPoints2\{a97c1a3e-fa56-11e0-bc18-001e686d5bcd}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 
O33 - MountPoints2\{b7abed4a-9531-11dd-9397-001e686d5bcd}\Shell - "" = AutoRun 
O33 - MountPoints2\{b7abed4a-9531-11dd-9397-001e686d5bcd}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{bf6643d3-b13c-11e0-b0d5-001e686d5bcd}\Shell - "" = AutoRun 
O33 - MountPoints2\{bf6643d3-b13c-11e0-b0d5-001e686d5bcd}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 
O33 - MountPoints2\F\Shell - "" = AutoRun 
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 
O33 - MountPoints2\G\Shell - "" = AutoRun 
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe 
[2012.08.23 20:23:24 | 000,027,240 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\nvModes.001 
[2012.08.23 19:41:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad 
[2012.08.23 19:24:56 | 000,027,240 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\nvModes.dat 
[2012.08.21 13:05:14 | 000,001,728 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2009.02.10 18:41:33 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} 

[2012.08.23 20:17:52 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 
[2012.08.23 20:17:52 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 24.08.2012, 20:44   #3
alterGauner
 
Polizei Virus - 100 EUR Österreich - Standard

Polizei Virus - 100 EUR Österreich



Vielen Dank für die Hilfe.

Alles laut Anweisung durchgeführt. Hier das Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
C:\Programme\Softonic_Deutsch\tbSoft.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95589FE0-ABD1-427D-89ED-F02A09D2362B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95589FE0-ABD1-427D-89ED-F02A09D2362B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EDD935D5-74CB-44B6-B1CB-B3934E3DF3C3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDD935D5-74CB-44B6-B1CB-B3934E3DF3C3}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSoft.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95589FE0-ABD1-427D-89ED-F02A09D2362B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95589FE0-ABD1-427D-89ED-F02A09D2362B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EDD935D5-74CB-44B6-B1CB-B3934E3DF3C3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDD935D5-74CB-44B6-B1CB-B3934E3DF3C3}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.gmx.at/" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Programme\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found.
File C:\Programme\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Health Check Scheduler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
C:\Programme\Winamp\winampa.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar-Suche\ deleted successfully.
File Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-AT\local\search.html not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
Invalid CLSID key: C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll
File C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll not found.
File C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AUTOMODE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01cba49e-63de-11df-912a-001e686d5bcd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01cba49e-63de-11df-912a-001e686d5bcd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01cba49e-63de-11df-912a-001e686d5bcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01cba49e-63de-11df-912a-001e686d5bcd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33e200b8-e1eb-11df-8fd6-001e686d5bcd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33e200b8-e1eb-11df-8fd6-001e686d5bcd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33e200b8-e1eb-11df-8fd6-001e686d5bcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33e200b8-e1eb-11df-8fd6-001e686d5bcd}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e42652a-c81c-11e0-be20-001e686d5bcd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e42652a-c81c-11e0-be20-001e686d5bcd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e42652a-c81c-11e0-be20-001e686d5bcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e42652a-c81c-11e0-be20-001e686d5bcd}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77e24954-8d68-11dd-9902-001e686d5bcd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77e24954-8d68-11dd-9902-001e686d5bcd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77e24954-8d68-11dd-9902-001e686d5bcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77e24954-8d68-11dd-9902-001e686d5bcd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81166b11-859c-11dd-8137-001e686d5bcd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81166b11-859c-11dd-8137-001e686d5bcd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81166b11-859c-11dd-8137-001e686d5bcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81166b11-859c-11dd-8137-001e686d5bcd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89b4ec74-9517-11dd-8f72-001e686d5bcd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89b4ec74-9517-11dd-8f72-001e686d5bcd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89b4ec74-9517-11dd-8f72-001e686d5bcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89b4ec74-9517-11dd-8f72-001e686d5bcd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b29367-84db-11dd-9062-001e686d5bcd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b29367-84db-11dd-9062-001e686d5bcd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b29367-84db-11dd-9062-001e686d5bcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b29367-84db-11dd-9062-001e686d5bcd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b29398-84db-11dd-9062-001e686d5bcd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b29398-84db-11dd-9062-001e686d5bcd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b29398-84db-11dd-9062-001e686d5bcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b29398-84db-11dd-9062-001e686d5bcd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a2896da-8d69-11dd-b1c3-001e686d5bcd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a2896da-8d69-11dd-b1c3-001e686d5bcd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a2896da-8d69-11dd-b1c3-001e686d5bcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a2896da-8d69-11dd-b1c3-001e686d5bcd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97c1a3e-fa56-11e0-bc18-001e686d5bcd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97c1a3e-fa56-11e0-bc18-001e686d5bcd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97c1a3e-fa56-11e0-bc18-001e686d5bcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97c1a3e-fa56-11e0-bc18-001e686d5bcd}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7abed4a-9531-11dd-9397-001e686d5bcd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7abed4a-9531-11dd-9397-001e686d5bcd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7abed4a-9531-11dd-9397-001e686d5bcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7abed4a-9531-11dd-9397-001e686d5bcd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf6643d3-b13c-11e0-b0d5-001e686d5bcd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf6643d3-b13c-11e0-b0d5-001e686d5bcd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf6643d3-b13c-11e0-b0d5-001e686d5bcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf6643d3-b13c-11e0-b0d5-001e686d5bcd}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
C:\Users\Rita\AppData\Roaming\nvModes.001 moved successfully.
C:\ProgramData\ism_0_llatsni.pad moved successfully.
C:\Users\Rita\AppData\Roaming\nvModes.dat moved successfully.
File C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
C:\Users\Rita\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF folder moved successfully.
C:\Users\Rita\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences folder moved successfully.
C:\Users\Rita\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults folder moved successfully.
C:\Users\Rita\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome folder moved successfully.
C:\Users\Rita\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} folder moved successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Rita\Desktop\cmd.bat deleted successfully.
C:\Users\Rita\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Rita
->Temp folder emptied: 105679736 bytes
->Temporary Internet Files folder emptied: 96839583 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3546981 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 22016 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18378 bytes
RecycleBin emptied: 99716 bytes
 
Total Files Cleaned = 197,00 mb
 
 
OTL by OldTimer - Version 3.2.58.1 log created on 08242012_223641

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
C:\Users\Rita\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
LG
__________________

Alt 24.08.2012, 20:53   #4
t'john
/// Helfer-Team
 
Polizei Virus - 100 EUR Österreich - Standard

Polizei Virus - 100 EUR Österreich



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.08.2012, 14:16   #5
alterGauner
 
Polizei Virus - 100 EUR Österreich - Standard

Polizei Virus - 100 EUR Österreich



Sieht schon besser aus. Internet ging nun wieder normal (haben wir gestern noch ausprobiert, musste dann aber weg, hab nicht mit einer so schnellen Antwort gerechnet).

Beim Reboot ist nun jedoch folgende Meldung gekommen (vom Windows-Softwareschutz):
Zitat:
An Windows wurde eine nicht autorisierte Änderung vorgenommen. Windows hat eine Änderung erkannt, die eine eingeschrlänkte Windows-Funktionalität verursacht. Verwenden sie den folgenden Link, um zu erfahren, wie Windows repariert werden kann.
Auswahlfelder: "Weitere Informationen im Internet" und "Schließen".

Habe Schließen angeklickt, danach kam wieder der Login-Screen. Login hat zuerst scheinbar funktioniert, danach kam die Meldung erneut vom Windows-Softwareschutz. Nun war wieder ein Login erforderlich... scheint eine Schleife zu sein... wenn ich den Button "Weitere Informationen im Internet" klicke, dann öffnet er den Firefox und versucht eine Url aufzurufen (jedoch ohne Erfolg, da der Rechner ohne Anmeldung mittels DREI-Stick oder WLAN Zugriff keine INET Verbindung hat).

Haben dann das WLAN aktiviert, bin dann auf die Microsoft Seite gekommen bezüglich hxxp://www.microsoft.com/genuine/ Ups, alles klar... jetzt weiß ich auch warum die automatischen Updates deaktiviert waren.

Habe dann mal nach Raubkopie gefragt... ist ihr unklar, ein Freund hat das damals installiert (war ursprünglich eine Windows Vista PC). Freund angerufen und nicht abgehoben. Ich kläre das, bevor wir hier weitermachen. Notfalls muss eine neue Windows Version angeschafft werden.

Sorry für die Umstände, melde mich sobald das geklärt ist. Sollte es tatsächlich eine Raubkopie sein, werden wir asap eine Lizenz organisieren.

LG


Alt 25.08.2012, 17:42   #6
t'john
/// Helfer-Team
 
Polizei Virus - 100 EUR Österreich - Standard

Polizei Virus - 100 EUR Österreich



Alles klar
__________________
--> Polizei Virus - 100 EUR Österreich

Antwort

Themen zu Polizei Virus - 100 EUR Österreich
antivir, askbar, avira, bluescreen, canon, conduit, converter, desktop, entfernen, error, excel, festplatte, firefox, flash player, home, iexplore.exe, install.exe, intranet, launch, mp3, plug-in, scan, security, senden, softonic, softonic deutsch toolbar, software, svchost.exe, symantec, taskmanager, virus, vista, windows




Ähnliche Themen: Polizei Virus - 100 EUR Österreich


  1. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (2)
  2. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (24)
  3. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (4)
  4. Polizei Virus Österreich vom 23.10.12
    Log-Analyse und Auswertung - 25.10.2012 (1)
  5. Polizei Virus Österreich
    Log-Analyse und Auswertung - 13.10.2012 (2)
  6. Österreich Polizei Virus
    Log-Analyse und Auswertung - 05.10.2012 (4)
  7. polizei virus österreich
    Log-Analyse und Auswertung - 22.09.2012 (1)
  8. Polizei Virus Österreich
    Log-Analyse und Auswertung - 16.09.2012 (32)
  9. Polizei Virus Österreich
    Log-Analyse und Auswertung - 14.09.2012 (13)
  10. Polizei Virus Österreich
    Log-Analyse und Auswertung - 07.09.2012 (22)
  11. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (3)
  12. Polizei Virus Österreich
    Log-Analyse und Auswertung - 19.08.2012 (4)
  13. Polizei Virus Österreich
    Log-Analyse und Auswertung - 14.08.2012 (13)
  14. Polizei-Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (26)
  15. Polizei 5.2 Virus Österreich
    Log-Analyse und Auswertung - 26.07.2012 (2)
  16. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)
  17. Polizei Österreich Virus
    Log-Analyse und Auswertung - 04.07.2012 (1)

Zum Thema Polizei Virus - 100 EUR Österreich - Hallo, eine Freundin hat sich scheinbar den 100 EUR Polizei Virus eingefangen... (entsprechender Screen kommt, wenn sie in das Internet gehen will, nicht immer aber regelmäßig. Zusätzlich wird der TaskManager - Polizei Virus - 100 EUR Österreich...
Archiv
Du betrachtest: Polizei Virus - 100 EUR Österreich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.