Hallo Zusammen,

Ich bin glücklich besitzer des Bundes-polizei-trojaners

Hatte den Freund schon ein paar mal zu Besuch, hab ihn immer mit abgesichertem Modus + syswiederherstellung wegbekommen.

Am Anfang bin ich auch immernoch in vista gekommen,
nun aber wenn ich in den abges. Modus geh bricht er immer ab,
kurzer blauer Bildschirm, und macht anschließend einen Restart. Sonstige Reparaturmaßnahmen aus der wiederherstellungskonsole wollen auch nicht.

Hab mich da im Netz versucht reinzulesen, aber ich blick da nich mehr durch.
Das mit dem explorer.exe in der registry hab ich schon probiert.

Die Frage ist wie komm ich wieder in Vista rein.
Evtl. mit der USB-Boot Methode? Wie funktioniert das?

Danke und grüsse, marc

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

• "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
  - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
  - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
• Charakteristische Merkmale/Profilinformationen:
  - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] oder Sternchen (*) ersetzen
• Die Systemprüfung und Bereinigung:
  - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
• Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
• Innerhalb der Betreuungszeit:
  - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
• Die Reihenfolge:
  - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
• GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
• Ansonsten unsere Forumsregeln:
  - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
• Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

1.
Unbootbares System mit OTLPE Network scannen

• Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
  Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
• Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
• Lege eine leere CD in Deinen Brenner.
• ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
• Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
• Du kannst nun die Fenster des Brennprogramms schließen.

• Starte das unbootbare System neu und boote von der CD, die Du gerade erstellt hast.
  Anmerkung: Wenn Du nicht weißt, wie Du Deinen Computer dazu bringst, von CD zu booten, dann folge diesen Schritten hier.
• Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
• Mache einen Doppelklick auf das OTLPE Icon.
• Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
• OTLpe sollte nun starten.
  
  
  
• Drücke Run Scan, um den Scan zu starten.
• Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt gesichert und mit Notepad++ geöffnet.
• Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
• Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt in diesen Thread.

Falls Du kein Brennprogramm hast:

ISOBurner
Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen.
Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
kira

Hallo Kira,

Danke erstmal für infos.
Hat soweit prima geklappt.
Konnte dadurch auch schonmal ein paar Dokumente vom Desktop retten,
falls ich am schluss um eine Neuinstallation nicht rumkomm.
Das hat mir schonmal sehr geholfen!

Hier die zwei files otl.txt und extras.txt.

1.
was das sein soll?:

Zitat:

C:\Users\marc\Desktop\m20973-metalwarez.com.rar

2.
Von Dir abgelegt bzw sind Dir bekannt?:

Zitat:

[2011/09/10 12:44:17 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Ekycki
[2011/07/07 17:53:18 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\enchant
[2011/07/12 13:12:30 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Gyetgo
[2011/12/25 08:25:13 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\MAXON
[2011/12/20 08:03:46 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Syihus
[2011/07/04 02:08:58 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Teleca

3.
auf dein Desktop liegen "herum" einige pdf und mp3 Dateien, alle sind Dir bekannt? Gibt es dafür keine passenden Sammelordner

4.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

• Starte die OTL.exe.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0611&m=aspire_m7720
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0611&m=aspire_m7720
IE - HKU\marc_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0611&m=aspire_m7720
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\marc\AppData\Roaming\5052 [2011/12/01 14:00:06 | 000,000,000 | ---D | M]
O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\marc_ON_C..\Run: [{3226766D-962F-B667-3D5F-9607B5FC1AF1}]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2326da89-1fd1-11e1-88f1-0022683972b4}\Shell - "" = AutoRun
O33 - MountPoints2\{2326da89-1fd1-11e1-88f1-0022683972b4}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{413c9dd2-9f59-11e0-9444-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{413c9dd2-9f59-11e0-9444-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Astart.exe
[2012/02/21 05:04:17 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/20 19:25:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/06 17:56:34 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\5038
[2011/11/12 05:49:49 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\5039
[2011/11/21 03:31:24 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\5044
[2011/11/22 05:16:33 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\5045
[2011/11/22 08:09:44 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\5047
[2011/11/23 14:02:31 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\5048
[2011/11/25 05:15:16 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\5049
[2011/11/25 11:50:35 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\5050
[2011/11/28 15:54:31 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\5051
[2011/12/01 14:00:06 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\5052
[2011/11/06 17:56:12 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\kock
[2011/11/06 17:56:20 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\xmldm
[2011/07/12 10:00:34 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Yqwout
[2011/09/13 00:56:45 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Zykyxau

:Commands
[purity]
[emptytemp]
         

• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
• OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
  Kopiere den Inhalt hier in Deinen Thread.

5.
erneut einen Scan mit OTL:

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
  Wähle bitte Standard-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.
• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
  Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
- Kannst Du schon jetzt im abgesicherten Modus oder im normalen Modus mit dem PC arbeiten?

Ok, zu deinen fragen...

1. die datei ist harmlos, da verbirgt sich nur ein .pdf drin, das hat keine probleme gemacht.

2. also die geposteten Daten sagen mir garnix, bzw. koennen eliminiert werden

3. Die pdfs und mp3s sind allesamt bekannt und harmlos, ja sollte ich wohl mal aufraeumen!

4. Der gefixte Inhalt durch otl.exe

Code: Alles auswählenAufklappen

ATTFilter

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\marc_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\marc\AppData\Roaming\5052 not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_USERS\marc_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3226766D-962F-B667-3D5F-9607B5FC1AF1}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2326da89-1fd1-11e1-88f1-0022683972b4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2326da89-1fd1-11e1-88f1-0022683972b4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2326da89-1fd1-11e1-88f1-0022683972b4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2326da89-1fd1-11e1-88f1-0022683972b4}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{413c9dd2-9f59-11e0-9444-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{413c9dd2-9f59-11e0-9444-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{413c9dd2-9f59-11e0-9444-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{413c9dd2-9f59-11e0-9444-806e6f6e6963}\ not found.
File E:\Astart.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Users\marc\AppData\Roaming\5038\components folder moved successfully.
C:\Users\marc\AppData\Roaming\5038 folder moved successfully.
C:\Users\marc\AppData\Roaming\5039\components folder moved successfully.
C:\Users\marc\AppData\Roaming\5039 folder moved successfully.
C:\Users\marc\AppData\Roaming\5044\components folder moved successfully.
C:\Users\marc\AppData\Roaming\5044 folder moved successfully.
C:\Users\marc\AppData\Roaming\5045\components folder moved successfully.
C:\Users\marc\AppData\Roaming\5045 folder moved successfully.
C:\Users\marc\AppData\Roaming\5047\components folder moved successfully.
C:\Users\marc\AppData\Roaming\5047 folder moved successfully.
C:\Users\marc\AppData\Roaming\5048\components folder moved successfully.
C:\Users\marc\AppData\Roaming\5048 folder moved successfully.
C:\Users\marc\AppData\Roaming\5049\components folder moved successfully.
C:\Users\marc\AppData\Roaming\5049 folder moved successfully.
C:\Users\marc\AppData\Roaming\5050\components folder moved successfully.
C:\Users\marc\AppData\Roaming\5050 folder moved successfully.
C:\Users\marc\AppData\Roaming\5051\components folder moved successfully.
C:\Users\marc\AppData\Roaming\5051 folder moved successfully.
C:\Users\marc\AppData\Roaming\5052\components folder moved successfully.
C:\Users\marc\AppData\Roaming\5052 folder moved successfully.
C:\Users\marc\AppData\Roaming\kock folder moved successfully.
C:\Users\marc\AppData\Roaming\xmldm folder moved successfully.
C:\Users\marc\AppData\Roaming\Yqwout folder moved successfully.
C:\Users\marc\AppData\Roaming\Zykyxau folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: marc
->Temp folder emptied: 524500268 bytes
->Temporary Internet Files folder emptied: 39266186 bytes
->Java cache emptied: 203971489 bytes
->FireFox cache emptied: 1153580051 bytes
->Flash cache emptied: 138891 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3308592 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
 
Total Files Cleaned = 1,836.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 02222012_161615

Files\Folders moved on Reboot...
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

5. Das erneut gescannte Logfile


OTL.txt
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 2/22/2012 5:16:59 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366.76 Gb Total Space | 221.02 Gb Free Space | 60.26% Space Free | Partition Type: NTFS
Drive H: | 550.10 Gb Total Space | 25.06 Gb Free Space | 4.55% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/11/09 22:11:32 | 000,204,288 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/08/19 08:27:22 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/08 05:31:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/29 02:12:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 00:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/18 04:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/08/24 16:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS)
SRV - [2008/07/29 11:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/20 11:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/11/09 22:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/11/09 22:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/09 21:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 12:40:40 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/07/04 09:34:12 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/06/29 02:12:51 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/29 02:12:51 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/06/13 03:41:54 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2008/04/10 03:20:00 | 000,028,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gwfilt64.sys -- (gwfilt64)
DRV:64bit: - [2008/02/29 16:56:44 | 000,144,136 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\zebrmdmc.sys -- (zebrmdmc) Sony Ericsson mRouter Port (WDM)
DRV:64bit: - [2008/02/29 16:56:44 | 000,144,136 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\zebrmdm.sys -- (zebrmdm) Sony Ericsson Port (WDM)
DRV:64bit: - [2008/02/29 16:56:44 | 000,107,784 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\zebrbus.sys -- (zebrbus)
DRV:64bit: - [2008/02/29 16:56:44 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\zebrmdfl.sys -- (zebrmdfl)
DRV:64bit: - [2007/04/13 02:50:28 | 000,120,584 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\zebrsce.sys -- (zebrsce)
DRV:64bit: - [2007/04/13 02:50:22 | 000,080,776 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\zebrceb.sys -- (zebrceb) Sony Ericsson Cable Emulation Bus (WDM)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV - [2008/08/19 08:23:00 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\marc_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKU\marc_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\marc_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\marc_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\marc_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\marc_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.arcor.de"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/12 07:06:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/31 11:52:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\marc\AppData\Roaming\5052
 
[2011/06/25 14:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\Mozilla\Extensions
[2011/11/07 16:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\pxj5avc2.default\extensions
[2011/11/08 12:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- 
File not found (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\5052
[2011/12/31 11:52:12 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/13 12:38:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/13 12:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/13 12:38:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/13 12:38:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/13 12:38:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/13 12:38:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKU\marc_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\marc_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKU\marc_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\marc_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology]  File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel]  File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PC Suite for Smartphones] C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\marc_ON_C..\Run: [{3226766D-962F-B667-3D5F-9607B5FC1AF1}]  File not found
O4 - HKU\marc_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\marc_ON_C..\Run: [WMPNSCFG]  File not found
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.612646647525311567f76.exe.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/22 17:15:01 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Sammelordner pdfs mp3s
[2012/02/22 16:16:20 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/02/22 16:16:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/22 11:09:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/21 15:09:48 | 000,000,000 | ---D | C] -- C:\Temp
[2012/02/21 03:57:25 | 000,000,000 | -HSD | C] -- C:\found.001
[2012/02/14 07:07:25 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\SFL
[2012/02/14 06:57:31 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Bassnectar-Divergent_Spectrum_Remixes-(RapGodFathers.info)
[2012/02/12 15:31:43 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/02/06 14:49:18 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Nasty Mane & Project Pat - Belly On Full
[2012/02/06 14:43:42 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Biohazard - Reborn In Defiance (2012)
[2012/02/03 05:14:54 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Kool Savas - Aura - (2011)
[2012/02/01 13:59:06 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\Boota
[2012/02/01 13:59:06 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\Agunbi
[2012/01/31 20:51:32 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Twista - The Perfect Storm
[2012/01/29 09:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/01/29 09:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012/01/29 08:03:01 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Rage-SKIDROW
[2012/01/24 16:35:47 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Tommy Four Seven - Primate (2011)
[2008/11/01 19:15:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2007/08/13 11:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\marc\AppData\Local\CDRip.dll
[2007/01/18 15:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\marc\AppData\Local\No23 Recorder.exe
[2006/12/11 13:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\marc\AppData\Local\basscd.dll
[2006/12/11 13:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\marc\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/22 03:10:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/21 05:04:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 05:04:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 04:57:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/02/20 20:10:42 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/02/20 20:10:42 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/20 20:10:42 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/02/20 20:10:42 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/20 20:04:33 | 000,000,896 | ---- | M] () -- C:\Users\marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.612646647525311567f76.exe.lnk
[2012/02/19 08:50:31 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/02/17 04:38:15 | 058,110,196 | ---- | M] () -- C:\Users\marc\Desktop\m20973-metalwarez.com.rar
[2012/02/17 02:58:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/11 08:41:17 | 000,001,456 | ---- | M] () -- C:\Users\marc\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012/02/08 07:00:07 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/31 09:56:45 | 000,001,728 | ---- | M] () -- C:\Users\marc\Desktop\FreeMind.lnk
[2012/01/31 09:56:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
[2012/01/29 09:58:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/01/27 05:03:47 | 000,000,000 | ---- | M] () -- C:\Users\marc\AppData\Local\{BAC89A80-5A35-4641-8257-BC92F0A9DC21}
 
========== Files Created - No Company Name ==========
 
[2012/02/20 20:04:33 | 000,000,896 | ---- | C] () -- C:\Users\marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.612646647525311567f76.exe.lnk
[2012/02/17 04:17:32 | 058,110,196 | ---- | C] () -- C:\Users\marc\Desktop\m20973-metalwarez.com.rar
[2012/02/08 07:00:04 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/01/31 09:56:45 | 000,001,728 | ---- | C] () -- C:\Users\marc\Desktop\FreeMind.lnk
[2012/01/27 05:03:47 | 000,000,000 | ---- | C] () -- C:\Users\marc\AppData\Local\{BAC89A80-5A35-4641-8257-BC92F0A9DC21}
[2011/12/09 05:17:20 | 000,000,000 | ---- | C] () -- C:\Users\marc\AppData\Local\{2CB89179-AAE7-45BA-BF86-DC2E86B4D3F8}
[2011/11/09 16:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 16:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/07 15:04:57 | 000,001,599 | ---- | C] () -- C:\Users\marc\AppData\Local\RecConfig.xml
[2011/11/06 17:56:20 | 000,000,072 | ---- | C] () -- C:\Users\marc\AppData\Roaming\blckdom.res
[2011/09/23 03:27:02 | 000,000,132 | ---- | C] () -- C:\Users\marc\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/09/19 04:03:34 | 000,000,732 | ---- | C] () -- C:\Users\marc\AppData\Local\d3d9caps64.dat
[2011/09/13 02:35:11 | 000,000,132 | ---- | C] () -- C:\Users\marc\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/05 12:51:41 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011/08/04 03:35:55 | 000,000,337 | ---- | C] () -- C:\Windows\wininit.ini
[2011/08/03 17:57:57 | 000,000,058 | ---- | C] () -- C:\Users\marc\AppData\Roaming\you.bmp
[2011/07/06 06:04:01 | 000,001,456 | ---- | C] () -- C:\Users\marc\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011/06/25 15:48:27 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2011/06/25 15:48:27 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2011/06/25 14:33:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/25 13:02:27 | 000,158,208 | ---- | C] () -- C:\Users\marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/25 12:49:24 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/06/25 12:49:24 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011/06/25 12:34:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/11/01 11:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008/11/01 11:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/08/13 11:46:00 | 000,155,136 | ---- | C] () -- C:\Users\marc\AppData\Local\lame_enc.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/10/25 19:06:48 | 000,064,000 | ---- | C] () -- C:\Users\marc\AppData\Local\vorbisenc.dll
[2006/10/25 19:06:48 | 000,019,456 | ---- | C] () -- C:\Users\marc\AppData\Local\vorbisfile.dll
[2006/10/25 19:06:46 | 000,143,872 | ---- | C] () -- C:\Users\marc\AppData\Local\vorbis.dll
[2006/10/25 19:06:36 | 000,015,872 | ---- | C] () -- C:\Users\marc\AppData\Local\ogg.dll
[2005/08/23 16:34:06 | 000,029,184 | ---- | C] () -- C:\Users\marc\AppData\Local\no23xwrapper.dll
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2008/11/01 11:30:21 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Acer GameZone Console
[2012/02/08 20:06:25 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Agunbi
[2011/12/23 11:37:55 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\BitTorrent
[2012/02/08 19:59:36 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Boota
[2011/07/22 05:24:26 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/01 07:52:55 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/04 09:35:03 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\DAEMON Tools Lite
[2011/09/14 09:14:50 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Dropbox
[2011/09/10 12:44:17 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Ekycki
[2011/07/07 17:53:18 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\enchant
[2011/11/11 05:13:51 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\FileZilla
[2011/07/12 13:12:30 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Gyetgo
[2011/11/08 07:53:13 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\JavaEditor
[2011/08/04 05:08:33 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Leadertech
[2011/12/25 08:25:13 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\MAXON
[2011/07/05 08:04:46 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\OpenOffice.org
[2011/10/08 04:43:40 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Origin
[2011/10/28 06:40:58 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Processing
[2011/07/05 06:44:08 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/20 08:03:46 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Syihus
[2011/07/04 02:08:58 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Teleca
[2011/08/14 17:01:42 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Tropico 4 Demo
[2008/11/01 11:30:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console
[2011/06/25 12:39:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/07/04 09:33:43 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/06/25 12:39:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/01/10 15:27:23 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011/10/08 04:41:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008/11/01 11:41:20 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2011/06/25 12:39:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/11/01 11:31:01 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames
[2011/10/08 04:43:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2011/11/01 12:48:07 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/08/04 05:09:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Seagate
[2012/01/10 17:26:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/06/25 12:39:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/07/04 01:51:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Teleca
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/06/25 12:39:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/02/17 02:58:44 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         

--- --- ---


Und noch Extras.txt

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 2/22/2012 5:16:59 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366.76 Gb Total Space | 221.02 Gb Free Space | 60.26% Space Free | Partition Type: NTFS
Drive H: | 550.10 Gb Total Space | 25.06 Gb Free Space | 4.55% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4229F8C0-7366-4F58-8AA3-22EE1F191008}" = PC Suite for Sony Ericsson x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"MAXONFB05E576" = CINEMA 4D 13.016
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PROSetDX" = Intel(R) Network Connections 13.1.33.0
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4229F8C0-7366-4F58-8AA3-22EE1F191008}" = PC Suite for Sony Ericsson x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"MAXONFB05E576" = CINEMA 4D 13.016
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PROSetDX" = Intel(R) Network Connections 13.1.33.0
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\marc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
< End of report >
         

--- --- ---


Ich probier jetzt mal ob ich in den abgesicherten Modus komme, und werde gleich berichten...

ok, leider hat sich noch nichts geändert, immernoch beim hochfahren, sowohl im normal-, als auch im abgesicherten modus wird das hochfahren abgebrochen.

Wär ja auch zu schön gewesen

tja..sind wir noch nicht "durch"...

1.
TDSSKiller von Kaspersky

• Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
• Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
• deaktiviere vorübergehend dein AntiVirus-Programm
• Starte die TDSSKiller.exe durch Doppelklick.
• Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
  Bestätige das ggfs. mit Y(es).
  Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
• Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

Hier findest Du eine ausführlichere Anleitung.

2.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

• Starte die OTL.exe.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O4 - HKU\marc_ON_C..\Run: [{3226766D-962F-B667-3D5F-9607B5FC1AF1}]  File not found
O4 - Startup: C:\Users\marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.612646647525311567f76.exe.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
[2011/09/10 12:44:17 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Ekycki
[2011/07/07 17:53:18 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\enchant
[2011/07/12 13:12:30 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Gyetgo
[2011/12/25 08:25:13 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\MAXON
[2011/12/20 08:03:46 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Syihus
[2011/07/04 02:08:58 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Teleca 

:Commands
[purity]
[emptytemp]
         

• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
• OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
  Kopiere den Inhalt hier in Deinen Thread.

Kannst Du schon im normalen Modus arbeiten? wenn ja:

3.
Nicht mehr "OTLPE" starten!

Systemscan mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
  Wähle bitte Standard-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.
• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
  Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

Hy Kira,

Folgendes Update:

1.TDSSKiller meinte:
a. cant initialize log
Im Log-file hab ich aber nichts geändert. Zu keiner Zeit.
b. cant load driver
(und ja ich habs auf den desktop gezogen)
Das Programm ist schon aufgegangen und ich könnte einen scan machen.
Nach 3 sekunden war er fertig und meinte er hat nichts gefunden.
Ein Text-file hat er dann aber nicht geschrieben.

2.Hier das gefixte logfile

Code: Alles auswählenAufklappen

ATTFilter

========== OTL ==========
Registry key HKEY_USERS\marc_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3226766D-962F-B667-3D5F-9607B5FC1AF1}\ not found.
File move failed. C:\Users\marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.612646647525311567f76.exe.lnk scheduled to be moved on reboot.
File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Folder C:\Users\marc\AppData\Roaming\Ekycki\ not found.
Folder C:\Users\marc\AppData\Roaming\enchant\ not found.
Folder C:\Users\marc\AppData\Roaming\Gyetgo\ not found.
Folder C:\Users\marc\AppData\Roaming\MAXON\ not found.
Folder C:\Users\marc\AppData\Roaming\Syihus\ not found.
Folder C:\Users\marc\AppData\Roaming\Teleca\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: marc
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 02232012_151011

Files\Folders moved on Reboot...
File\Folder C:\Users\marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.612646647525311567f76.exe.lnk not found!
File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

3. Bei dem neuen OTL-Programm meinte er beim starten:
This application has failed to start because framedyn.dll was nost found.
Als Admin kann ich mich nicht anmelden, hab dafür kein passwort, hatte
auch nie eins angelegt. Und ohne gehts nicht.
Ein reinstall oder neuer download brachte keinen Erfolg.


Also den Programmierer des Trojaners würd ich echt gern mal im Mondschein begegnen

So, ist das jetzt das Ende der Fahnenstange oder gibts noch ne Möglichkeit?

Danke!

kannst im abgesicherten Modus starten?

➊
die im folgenden genannten Programme herunterladen-> updaten-> laufen lassen-> Ergebnisse mir posten:
[/U]
- also gehe in den abgesicherten Modus von Windows Drücke beim Hochfahren des Rechners [F8] solange, bis Du eine Auswahlmöglichkeit hast) und versuche die hier empfohlenen Programme herunterladen
also wähle hier dann aus: - Abgesicherter Modus mit Netzwerktreibern

➋
Lade Dir das Programm herunter:-> Anleitung findest Du hier: Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf)
- Updates ziehen
- das Programm Malwarebytes von dort ausführen-> Funde löschen-> Ergebnis posten

➌
schaue nach, od Du schon im normalen Modus arbeiten kannst?
wenn ja, so geht es weiter:

➍
das Malwarebytes nochmal updaten-> einen Vollscan machen-> Ergebnis posten

► berichte erneut über den Zustand des Computers. starten u. Befehle ausführen im normalen Modus?

Hy Kira,

Also....

1. Abgesicherte Modis gehn durch die Bank durch nicht.

2. Malwarebytes hab ich installiert,halt im Live-System, jedoch hat er zwei mal wegen corrupted files gemeckert. Programm konnt ich aber dann trotzdem starten. Der Scan
war innerhalb einer sekunde fertig, und fand dann natürlich auch nichts.
Also ähnlich dem anderen Programm.
mmhh...da is echt was ganz hässliches im gange....

3. Normaler Modus geht auch nicht, macht auch wie bei den anderen Modis immer einen Neustart.

Vielleicht hats meine Registry irgendwie zerhaun, vielleicht muss man da erstmal drüber? Is ja seltsam dass ich immer nichts gescheit installieren kann.

So, whats next? Noch irgendwelche Tricks anzubieten?

Grüße, Marc

....

verwende bitte nochmal OTLPE:

erneut einen Scan mit OTLPE:

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
  Wähle bitte Standard-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.
• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
  Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

ok, hier das otl file:
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 2/25/2012 2:00:43 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366.76 Gb Total Space | 220.99 Gb Free Space | 60.25% Space Free | Partition Type: NTFS
Drive H: | 550.10 Gb Total Space | 25.06 Gb Free Space | 4.55% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/11/09 22:11:32 | 000,204,288 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/08/19 08:27:22 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/08 05:31:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/29 02:12:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 00:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/18 04:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/08/24 16:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS)
SRV - [2008/07/29 11:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/20 11:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/11/09 22:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/11/09 22:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/09 21:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 12:40:40 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/07/04 09:34:12 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/06/29 02:12:51 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/29 02:12:51 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/06/13 03:41:54 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2008/04/10 03:20:00 | 000,028,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gwfilt64.sys -- (gwfilt64)
DRV:64bit: - [2008/02/29 16:56:44 | 000,144,136 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\zebrmdmc.sys -- (zebrmdmc) Sony Ericsson mRouter Port (WDM)
DRV:64bit: - [2008/02/29 16:56:44 | 000,144,136 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\zebrmdm.sys -- (zebrmdm) Sony Ericsson Port (WDM)
DRV:64bit: - [2008/02/29 16:56:44 | 000,107,784 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\zebrbus.sys -- (zebrbus)
DRV:64bit: - [2008/02/29 16:56:44 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\zebrmdfl.sys -- (zebrmdfl)
DRV:64bit: - [2007/04/13 02:50:28 | 000,120,584 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\zebrsce.sys -- (zebrsce)
DRV:64bit: - [2007/04/13 02:50:22 | 000,080,776 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\zebrceb.sys -- (zebrceb) Sony Ericsson Cable Emulation Bus (WDM)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV - [2008/08/19 08:23:00 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\marc_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKU\marc_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\marc_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\marc_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\marc_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\marc_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.arcor.de"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/12 07:06:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/31 11:52:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\marc\AppData\Roaming\5052
 
[2011/06/25 14:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\Mozilla\Extensions
[2011/11/07 16:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\pxj5avc2.default\extensions
[2011/11/08 12:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- 
File not found (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\5052
[2011/12/31 11:52:12 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/13 12:38:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/13 12:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/13 12:38:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/13 12:38:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/13 12:38:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/13 12:38:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKU\marc_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\marc_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKU\marc_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\marc_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology]  File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel]  File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PC Suite for Smartphones] C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\marc_ON_C..\Run: [{3226766D-962F-B667-3D5F-9607B5FC1AF1}]  File not found
O4 - HKU\marc_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\marc_ON_C..\Run: [WMPNSCFG]  File not found
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/23 22:39:06 | 000,000,000 | ---D | C] -- C:\zozo
[2012/02/23 22:29:24 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2012/02/22 17:15:01 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Sammelordner pdfs mp3s
[2012/02/22 16:16:20 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/02/22 16:16:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/22 11:09:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/21 15:09:48 | 000,000,000 | ---D | C] -- C:\Temp
[2012/02/21 03:57:25 | 000,000,000 | -HSD | C] -- C:\found.001
[2012/02/14 07:07:25 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\SFL
[2012/02/14 06:57:31 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Bassnectar-Divergent_Spectrum_Remixes-(RapGodFathers.info)
[2012/02/12 15:31:43 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/02/06 14:49:18 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Nasty Mane & Project Pat - Belly On Full
[2012/02/06 14:43:42 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Biohazard - Reborn In Defiance (2012)
[2012/02/03 05:14:54 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Kool Savas - Aura - (2011)
[2012/02/01 13:59:06 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\Boota
[2012/02/01 13:59:06 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\Agunbi
[2012/01/31 20:51:32 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Twista - The Perfect Storm
[2012/01/29 09:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/01/29 09:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012/01/29 08:03:01 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Rage-SKIDROW
[2008/11/01 19:15:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2007/08/13 11:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\marc\AppData\Local\CDRip.dll
[2007/01/18 15:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\marc\AppData\Local\No23 Recorder.exe
[2006/12/11 13:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\marc\AppData\Local\basscd.dll
[2006/12/11 13:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\marc\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/24 02:13:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/21 05:04:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 05:04:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 04:57:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/02/20 20:10:42 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/02/20 20:10:42 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/20 20:10:42 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/02/20 20:10:42 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/19 08:50:31 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/02/17 04:38:15 | 058,110,196 | ---- | M] () -- C:\Users\marc\Desktop\m20973-metalwarez.com.rar
[2012/02/17 02:58:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/11 08:41:17 | 000,001,456 | ---- | M] () -- C:\Users\marc\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012/02/08 07:00:07 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/31 09:56:45 | 000,001,728 | ---- | M] () -- C:\Users\marc\Desktop\FreeMind.lnk
[2012/01/31 09:56:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
[2012/01/29 09:58:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/01/27 05:03:47 | 000,000,000 | ---- | M] () -- C:\Users\marc\AppData\Local\{BAC89A80-5A35-4641-8257-BC92F0A9DC21}
 
========== Files Created - No Company Name ==========
 
[2012/02/17 04:17:32 | 058,110,196 | ---- | C] () -- C:\Users\marc\Desktop\m20973-metalwarez.com.rar
[2012/02/08 07:00:04 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/01/31 09:56:45 | 000,001,728 | ---- | C] () -- C:\Users\marc\Desktop\FreeMind.lnk
[2012/01/27 05:03:47 | 000,000,000 | ---- | C] () -- C:\Users\marc\AppData\Local\{BAC89A80-5A35-4641-8257-BC92F0A9DC21}
[2011/12/09 05:17:20 | 000,000,000 | ---- | C] () -- C:\Users\marc\AppData\Local\{2CB89179-AAE7-45BA-BF86-DC2E86B4D3F8}
[2011/11/09 16:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 16:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/07 15:04:57 | 000,001,599 | ---- | C] () -- C:\Users\marc\AppData\Local\RecConfig.xml
[2011/11/06 17:56:20 | 000,000,072 | ---- | C] () -- C:\Users\marc\AppData\Roaming\blckdom.res
[2011/09/23 03:27:02 | 000,000,132 | ---- | C] () -- C:\Users\marc\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/09/19 04:03:34 | 000,000,732 | ---- | C] () -- C:\Users\marc\AppData\Local\d3d9caps64.dat
[2011/09/13 02:35:11 | 000,000,132 | ---- | C] () -- C:\Users\marc\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/05 12:51:41 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011/08/04 03:35:55 | 000,000,337 | ---- | C] () -- C:\Windows\wininit.ini
[2011/08/03 17:57:57 | 000,000,058 | ---- | C] () -- C:\Users\marc\AppData\Roaming\you.bmp
[2011/07/06 06:04:01 | 000,001,456 | ---- | C] () -- C:\Users\marc\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011/06/25 15:48:27 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2011/06/25 15:48:27 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2011/06/25 14:33:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/25 13:02:27 | 000,158,208 | ---- | C] () -- C:\Users\marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/25 12:49:24 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/06/25 12:49:24 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011/06/25 12:34:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/11/01 11:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008/11/01 11:24:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/08/13 11:46:00 | 000,155,136 | ---- | C] () -- C:\Users\marc\AppData\Local\lame_enc.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/10/25 19:06:48 | 000,064,000 | ---- | C] () -- C:\Users\marc\AppData\Local\vorbisenc.dll
[2006/10/25 19:06:48 | 000,019,456 | ---- | C] () -- C:\Users\marc\AppData\Local\vorbisfile.dll
[2006/10/25 19:06:46 | 000,143,872 | ---- | C] () -- C:\Users\marc\AppData\Local\vorbis.dll
[2006/10/25 19:06:36 | 000,015,872 | ---- | C] () -- C:\Users\marc\AppData\Local\ogg.dll
[2005/08/23 16:34:06 | 000,029,184 | ---- | C] () -- C:\Users\marc\AppData\Local\no23xwrapper.dll
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2008/11/01 11:30:21 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Acer GameZone Console
[2012/02/08 20:06:25 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Agunbi
[2011/12/23 11:37:55 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\BitTorrent
[2012/02/08 19:59:36 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Boota
[2011/07/22 05:24:26 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/01 07:52:55 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/04 09:35:03 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\DAEMON Tools Lite
[2011/09/14 09:14:50 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Dropbox
[2011/11/11 05:13:51 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\FileZilla
[2011/11/08 07:53:13 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\JavaEditor
[2011/08/04 05:08:33 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Leadertech
[2011/07/05 08:04:46 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\OpenOffice.org
[2011/10/08 04:43:40 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Origin
[2011/10/28 06:40:58 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Processing
[2011/07/05 06:44:08 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/14 17:01:42 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Tropico 4 Demo
[2008/11/01 11:30:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console
[2011/06/25 12:39:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/07/04 09:33:43 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/06/25 12:39:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/01/10 15:27:23 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011/10/08 04:41:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008/11/01 11:41:20 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2011/06/25 12:39:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/11/01 11:31:01 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames
[2011/10/08 04:43:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2011/11/01 12:48:07 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/08/04 05:09:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Seagate
[2012/01/10 17:26:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/06/25 12:39:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/07/04 01:51:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Teleca
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/06/25 12:39:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/02/17 02:58:44 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         

--- --- ---


und hier das extra file:
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 2/25/2012 2:00:43 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366.76 Gb Total Space | 220.99 Gb Free Space | 60.25% Space Free | Partition Type: NTFS
Drive H: | 550.10 Gb Total Space | 25.06 Gb Free Space | 4.55% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4229F8C0-7366-4F58-8AA3-22EE1F191008}" = PC Suite for Sony Ericsson x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"MAXONFB05E576" = CINEMA 4D 13.016
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PROSetDX" = Intel(R) Network Connections 13.1.33.0
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4229F8C0-7366-4F58-8AA3-22EE1F191008}" = PC Suite for Sony Ericsson x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"MAXONFB05E576" = CINEMA 4D 13.016
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PROSetDX" = Intel(R) Network Connections 13.1.33.0
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\marc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
< End of report >
         

--- --- ---


gruesse

ich denke, es wäre besser, Du formatierst deine Festplatte und installierst dein Windows neu. Generell Anhand die Probleme scheinen komplex und tiefliegend zu sein. Hier findet gerade die "feindliche Übernahme" deines Computers statt - Angriffen durch Malware - und kritischen Systemänderungen, die ohne deine Genehmigung vorgenommen wurden. Es sind noch einige Möglichkeiten offen, aber man kann nicht auf ein günstiges Ergebnis hoffen. Da hilft wohl nur noch eine Radikalkur: Dir eine Menge Zeit und Ärger zu ersparen, nicht wochenlang herumbasteln, und dann festzustellen, dass es doch nicht geht, formatiere die Festplatte und installiere Windows XP neu!
Bei einer Neuinstallation gehen auf der Festplatte alle Daten verloren, also sichere vorher deine Daten auf Speichermedien wie externe Festplatten, USB-Sticks, DVDs oder andere Datenträger um diese nach der Neuinstallation wiederherstellen zu können

Ja ich denk auch das wird das gescheitste sein.

Ok, dann schwing ich mal den FormatC: Hammer.

Vielen Dank für die kompetenten Hilfen!

Falls es noch irgendetwas gibt melde ich mich nochmal, ansonsten dir ein herrliches Wochenende.

Tipps & Rat:

➊
Datensicherung:
► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
- Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen
- Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall!
- Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren!

- Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...:
- die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten

Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung

➋
-> Anleitung: Neuaufsetzen des Systems + Absicherung
-> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7

➌
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

Dir auch ein schönes Wochenende und alles Gute!
gruß
kira