|
Log-Analyse und Auswertung: OtlpeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.03.2012, 21:36 | #1 |
| Otlpe Hallo. Ich brauch ganz dringend hilfe.. Hab mir mal das alles durchgelesenw as ihr über das OTLPE geschrieben habts und hab versucht den Fix.txt von den anderen threads zu nehmen nur irgendwie hat es nicht geklappt... Hier mein scan: OTL logfile created on: 3/2/2012 9:32:01 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System Internet Explorer (Version = 7.0.6001.18000) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144.04 Gb Total Space | 30.65 Gb Free Space | 21.28% Space Free | Partition Type: NTFS Drive D: | 144.04 Gb Total Space | 136.83 Gb Free Space | 94.99% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2011/12/14 06:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011/12/14 06:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011/06/30 06:28:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/05/08 11:23:57 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/02/28 11:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 03:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2008/04/15 10:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008/03/21 06:22:52 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008/03/17 22:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008/03/04 16:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/16 11:35:02 | 000,081,504 | ---- | M] () [Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2007/12/06 09:15:28 | 000,110,592 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - File not found [Kernel | On_Demand] -- -- (hwusbdev) DRV - File not found [Kernel | On_Demand] -- -- (EagleNT) DRV - [2011/11/24 09:34:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011/06/30 06:28:09 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/06/30 06:28:09 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/05/10 01:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2009/05/11 02:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/05/09 05:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008/04/27 17:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008/04/20 22:14:00 | 007,444,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/04/20 22:14:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008/04/20 22:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008/04/14 21:20:48 | 000,025,856 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVerA310USB.sys -- (A310) DRV - [2008/04/14 21:20:38 | 000,042,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVerA310Cap.sys -- (BDASwCap) DRV - [2008/03/21 03:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008/03/17 05:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008/02/29 02:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008/01/16 11:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007/12/16 10:57:20 | 000,075,776 | ---- | M] (Wasay) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) DRV - [2007/03/28 00:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2001/05/07 05:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0908&m=aspire_7730g IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Red_Star_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0908&m=aspire_7730g IE - HKU\Red_Star_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\Red_Star_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\Red_Star_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ig?hl=de IE - HKU\Red_Star_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Red_Star_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\Red_Star_ON_C\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) IE - HKU\Red_Star_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Red_Star_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/05 10:48:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/24 10:22:52 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010/04/10 12:44:40 | 000,000,743 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) O3 - HKU\Red_Star_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\Red_Star_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\Red_Star_ON_C\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\Red_Star_ON_C..\Run: [12022411] File not found O4 - HKU\Red_Star_ON_C..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKU\Red_Star_ON_C..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKU\Red_Star_ON_C..\Run: [VX2bt1oYNKCLnkO] C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.) O4 - HKU\Red_Star_ON_C..\RunOnce: [Shockwave Updater] File not found O4 - Startup: Error locating startup folders. O7 - HKU\Red_Star_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\Red_Star_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\Red_Star_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\Red_Star_ON_C Winlogon: Shell - (C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.) O20 - HKU\Red_Star_ON_C Winlogon: UserInit - (C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/03/02 20:56:57 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2012/03/02 20:56:19 | 000,000,000 | ---D | C] -- C:\_OTL [2012/02/29 11:20:39 | 000,305,152 | ---- | C] (Cutting Edge Software Inc.) -- C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe [2012/02/08 08:28:21 | 000,000,000 | ---D | C] -- C:\Users\Red Star\AppData\Roaming\.minecraft [2012/02/07 13:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue [2008/07/22 03:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2012/03/02 15:10:34 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2012/03/02 15:09:08 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012/03/02 15:06:33 | 000,042,844 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012/03/02 15:06:33 | 000,042,844 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012/03/02 15:06:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/03/02 15:06:26 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012/03/02 15:06:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/02 15:06:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/29 11:56:27 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/02/29 11:56:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/02/29 11:56:27 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/02/29 11:56:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/02/29 11:44:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/02/29 11:20:38 | 000,305,152 | ---- | M] (Cutting Edge Software Inc.) -- C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe [2012/02/20 16:08:19 | 000,002,637 | ---- | M] () -- C:\Users\Red Star\Desktop\Microsoft Office Word 2003.lnk [2012/02/20 14:48:31 | 000,000,564 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Red Star.job [2012/02/19 06:17:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/02/19 06:09:06 | 000,000,680 | ---- | M] () -- C:\Users\Red Star\AppData\Local\d3d9caps.dat [2012/02/11 13:05:43 | 001,274,964 | ---- | M] () -- C:\Users\Red Star\Desktop\mcpatcher-2.3.2_01.exe [2012/02/10 10:47:01 | 000,047,993 | ---- | M] () -- C:\Users\Red Star\Desktop\TooManyItems2012_01_12.zip [2012/02/07 16:17:39 | 000,270,142 | ---- | M] () -- C:\Users\Red Star\Desktop\Minecraft1.1.exe [2012/02/06 07:47:43 | 000,089,249 | ---- | M] () -- C:\Users\Red Star\Desktop\ModLoader.zip [2012/02/06 07:41:31 | 000,059,122 | ---- | M] () -- C:\Users\Red Star\Desktop\mod_thx_helicopter_m1.1_v015-bin.zip ========== Files Created - No Company Name ========== [2012/02/19 06:09:06 | 000,000,680 | ---- | C] () -- C:\Users\Red Star\AppData\Local\d3d9caps.dat [2012/02/11 13:05:42 | 001,274,964 | ---- | C] () -- C:\Users\Red Star\Desktop\mcpatcher-2.3.2_01.exe [2012/02/10 10:47:00 | 000,047,993 | ---- | C] () -- C:\Users\Red Star\Desktop\TooManyItems2012_01_12.zip [2012/02/07 16:17:37 | 000,270,142 | ---- | C] () -- C:\Users\Red Star\Desktop\Minecraft1.1.exe [2012/02/06 08:27:26 | 000,089,249 | ---- | C] () -- C:\Users\Red Star\Desktop\ModLoader.zip [2012/02/06 07:41:30 | 000,059,122 | ---- | C] () -- C:\Users\Red Star\Desktop\mod_thx_helicopter_m1.1_v015-bin.zip [2011/07/04 07:16:33 | 000,107,976 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011/05/10 13:53:43 | 000,031,007 | ---- | C] () -- C:\Users\Red Star\AppData\Roaming\UserTile.png [2011/02/05 10:42:15 | 000,233,516 | ---- | C] () -- C:\Windows\hpoins47.dat [2010/10/09 10:58:04 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini [2010/03/31 18:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat [2009/03/23 12:41:59 | 000,004,096 | -H-- | C] () -- C:\Users\Red Star\AppData\Local\keyfile3.drm [2008/12/06 15:45:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008/11/10 11:09:57 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008/11/10 11:09:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/11/08 11:48:41 | 000,026,624 | ---- | C] () -- C:\Users\Red Star\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/11/03 13:17:26 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2008/09/13 04:02:34 | 000,042,844 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008/09/13 04:02:22 | 000,042,844 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008/09/13 03:28:25 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008/09/13 03:28:25 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2008/09/13 03:28:25 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008/04/18 13:25:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/04/18 04:49:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008/04/18 04:49:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008/04/18 03:56:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008/04/18 03:52:45 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008/04/18 03:42:52 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008/04/18 03:42:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008/04/18 03:42:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008/04/18 03:42:52 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008/01/21 02:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008/01/21 02:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006/11/02 07:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:47:37 | 000,349,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001/12/26 09:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/09/03 16:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/30 09:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/23 15:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2011/12/06 15:08:16 | 000,000,000 | -HSD | M] -- C:\Users\Red Star\AppData\Roaming\.# [2012/02/19 13:14:24 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\.minecraft [2008/04/18 04:11:32 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\Acer GameZone Console [2011/06/14 06:33:50 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\Babylon [2008/11/04 08:34:19 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\Big Fish Games [2010/09/10 13:45:47 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011/08/25 14:26:04 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\DVDVideoSoft [2011/08/25 14:18:17 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\DVDVideoSoftIEHelpers [2008/12/14 15:02:53 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\eSobi [2010/01/26 15:35:11 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\FloodLightGames [2011/06/08 06:25:31 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\Program Files [2009/11/28 16:41:18 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\SPORE [2011/12/14 12:36:02 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\TuneUp Software [2011/12/16 12:58:29 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\Uniblue [2010/04/27 15:07:25 | 000,000,000 | ---D | M] -- C:\ProgramData\12022411 [2008/04/18 04:11:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console [2008/11/03 12:13:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2008/11/07 10:44:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Arcade Lab [2012/02/29 11:28:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2008/11/03 12:13:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2009/08/10 09:23:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts [2008/04/18 04:43:25 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi [2008/11/03 12:13:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2008/04/18 04:00:31 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames [2011/12/18 10:02:43 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate [2008/11/03 13:18:05 | 000,000,000 | ---D | M] -- C:\ProgramData\InterAction studios [2008/11/03 12:47:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games [2011/12/16 12:56:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium [2008/11/03 13:41:04 | 000,000,000 | ---D | M] -- C:\ProgramData\SpinTop Games [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2008/11/03 12:13:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2011/12/18 08:59:58 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM [2011/12/14 12:51:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer [2011/01/16 14:20:51 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP [2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2012/01/22 08:43:39 | 000,000,000 | ---D | M] -- C:\ProgramData\TrackMania [2011/12/14 12:36:56 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software [2012/02/07 13:59:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue [2008/11/03 12:13:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2008/04/18 04:25:01 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2011/12/14 12:34:30 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011/06/28 11:34:43 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/03/02 15:09:08 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job [2012/02/26 06:36:24 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:193426B4 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C95B63DA @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4F636E25 < End of report > kann mir jemand helfen? Danke im voraus! |
03.03.2012, 15:07 | #2 |
/// Malware-holic | Otlpe hi
__________________auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL O4 - HKU\Red_Star_ON_C..\Run: [VX2bt1oYNKCLnkO] C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.) O7 - HKU\Red_Star_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\Red_Star_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\Red_Star_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O20 - HKU\Red_Star_ON_C Winlogon: Shell - (C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.) O20 - HKU\Red_Star_ON_C Winlogon: UserInit - (C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.) :Files C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ |
Themen zu Otlpe |
alternate, antivir, autorun, avira, babylon, babylon toolbar, babylontoolbar, bho, bingbar, bonjour, conduit, dealply, defender, desktop, disabletaskmgr, download, dringend, driverscanner, error, explorer, firefox, format, helper, home, launch, logfile, microsoft office word, nvidia, object, pdf, plug-in, popup, realtek, registry, scan, security scan, software, sweetim, tarma, version=1.0, vista, yontoo |