Welches Windows Update Trojaner Problem?

ssabines · 12.06.2012, 19:38

Versuch mit Texteingabe in OTLPE,

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
/md5stop
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.exe /s
%APPDATA%\*.dat /s
%APPDATA%\Adobe\Update\*.*
%APPDATA%\Update\*.*
%APPDATA%\Microsoft\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%ALLUSERSPROFILE%\*.*
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.*
%PROGRAMFILES%\Internet Explorer\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
%systemroot%\*. /mp /s
%systemroot%\*.exe /90
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.dll /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\*.exe /90
%systemroot%\system32\config\*.sav
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_64\*.* /S /MD5
CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs [/B]

OTL ist =,

OTL Logfile:

Code:Alles kopierenAlles auswählenLarusso ModusOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 6/12/2012 8:58:24 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 49.00% Memory free
459.00 Mb Paging File | 284.00 Mb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29.30 Gb Total Space | 18.12 Gb Free Space | 61.83% Space Free | Partition Type: NTFS
Drive D: | 1000.00 Gb Total Space | 417.93 Gb Free Space | 41.79% Space Free | Partition Type: NTFS
Drive E: | 100.00 Gb Total Space | 99.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive F: | 103.58 Gb Total Space | 103.51 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive G: | 63.01 Gb Total Space | 53.85 Gb Free Space | 85.46% Space Free | Partition Type: NTFS
Drive H: | 800.00 Gb Total Space | 249.26 Gb Free Space | 31.16% Space Free | Partition Type: NTFS
Drive J: | 7.46 Gb Total Space | 2.57 Gb Free Space | 34.44% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (TrkWks) Überwachung verteilter Verknüpfungen (Client)
SRV - File not found [Auto] --  -- (stisvc) Windows-Bilderfassung (WIA)
SRV - File not found [Auto] --  -- (RpcSs) Remoteprozeduraufruf (RPC)
SRV - File not found [Auto] --  -- (RemoteAccess)
SRV - File not found [On_Demand] --  -- (Nla) NLA (Network Location Awareness)
SRV - File not found [On_Demand] --  -- (napagent) NAP-Agent (Network Access Protection)
SRV - File not found [On_Demand] --  -- (Dot3svc) Automatische Konfiguration (verkabelt)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot] --  -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - File not found [Kernel | On_Demand] --  -- (Raspti) Parallelanschluss (direkt)
DRV - File not found [Kernel | On_Demand] --  -- (Rasl2tp) WAN-Miniport (L2TP)
DRV - File not found [Kernel | On_Demand] --  -- (PptpMiniport) WAN-Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] --  -- (aswRdr)
DRV - File not found [Kernel | On_Demand] --  -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Jürgen_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKU\Jürgen_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\Jürgen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Jürgen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 
 
 
 
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/02/13 10:56:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/06/12 14:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
 
O1 HOSTS File: ([2012/06/12 14:45:58 | 000,001,564 | RH-- | M]) - C:\WINDOWS\System32\Drivers\etc\hosts
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: AudioSrv -  File not found
NetSvcs: Browser -  File not found
NetSvcs: CryptSvc -  File not found
NetSvcs: DMServer -  File not found
NetSvcs: DHCP -  File not found
NetSvcs: ERSvc -  File not found
NetSvcs: EventSystem -  File not found
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: LanmanWorkstation -  File not found
NetSvcs: Messenger -  File not found
NetSvcs: Netman -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Rasauto -  File not found
NetSvcs: Rasman - C:\WINDOWS\System32\rasman.dll (Microsoft Corporation)
NetSvcs: Remoteaccess -  File not found
NetSvcs: Schedule -  File not found
NetSvcs: Seclogon -  File not found
NetSvcs: SENS -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Tapisrv -  File not found
NetSvcs: Themes -  File not found
NetSvcs: TrkWks -  File not found
NetSvcs: W32Time -  File not found
NetSvcs: WZCSVC -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\winmgmt.exe (Microsoft Corporation)
NetSvcs: wscsvc -  File not found
NetSvcs: xmlprov -  File not found
NetSvcs: napagent -  File not found
NetSvcs: hkmsvc -  File not found
NetSvcs: BITS -  File not found
NetSvcs: wuauserv -  File not found
NetSvcs: ShellHWDetection -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: WmdmPmSN -  File not found
 
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= -  File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: EPSON Stylus CX3600 Series - hkey= - key= -  File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
 
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/12 14:46:09 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/06/12 14:45:48 | 000,000,000 | ---D | C] -- C:\_OTL
 
========== Files - Modified Within 30 Days ==========
 
 
========== Files Created - No Company Name ==========
 
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: LSASS.EXE  >
[2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=AFB8261B56CBA0D86AEB6DF682AF9785 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=AFB8261B56CBA0D86AEB6DF682AF9785 -- C:\WINDOWS\system32\lsass.exe
 
< MD5 for: SVCHOST.EXE  >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- C:\WINDOWS\system32\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
 
Invalid Environment Variable: %APPDATA%\*.exe
 
Invalid Environment Variable: %APPDATA%\*.dat
 
Invalid Environment Variable: %APPDATA%\Adobe\Update\*.*
 
Invalid Environment Variable: %APPDATA%\Update\*.*
 
Invalid Environment Variable: %APPDATA%\Microsoft\*.*
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Favorites\*.*
 
Invalid Environment Variable: %ALLUSERSPROFILE%\*.*
 
< %SYSTEMDRIVE%\*.* >
[2012/06/12 20:47:31 | 000,072,906 | ---- | M] () -- C:\1OTL.txt
[2012/03/14 03:14:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/04/14 08:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2011/06/04 10:36:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/06/12 20:46:21 | 000,031,460 | ---- | M] () -- C:\Extras.Txt
[2011/06/04 10:36:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/04 10:36:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2012/06/12 20:46:13 | 000,072,906 | ---- | M] () -- C:\OTL.Txt
[2011/07/12 22:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2012/06/12 06:32:31 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
 
< %PROGRAMFILES%\*.* >
 
< %PROGRAMFILES%\Internet Explorer\*.* >
[2009/03/07 22:35:04 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ExtExport.exe
[2009/03/07 22:24:28 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\hmmapi.dll
[2009/01/11 15:05:26 | 000,002,649 | ---- | M] () -- C:\Programme\Internet Explorer\ie8props.propdesc
[2011/08/16 06:45:39 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iecompat.dll
[2012/03/01 07:00:07 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iedvtool.dll
[2008/04/14 08:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iedw.exe
[2012/03/01 07:00:08 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll
[2009/03/08 08:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
[2009/03/08 08:28:16 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe.mui
[2009/03/07 22:35:02 | 000,521,216 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\jsdbgui.dll
[2009/03/07 22:35:02 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\jsdebuggeride.dll
[2009/03/07 22:35:04 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\JSProfilerCore.dll
[2009/03/07 22:35:12 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\jsprofilerui.dll
[2009/01/07 12:20:18 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\pdm.dll
[2009/01/07 12:20:54 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\sqmapi.dll
[2012/03/01 07:00:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\xpshims.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\*.exe /90 >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 08:00:00 | 000,193,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\activeds.dll
[2008/04/14 08:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\actxprxy.dll
[2008/04/14 08:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\adsldpc.dll
[2011/02/17 09:51:44 | 001,025,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\browseui.dll
[2008/04/14 08:00:00 | 000,102,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cscdll.dll
[2008/04/14 08:00:00 | 000,334,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cscui.dll
[2008/04/14 08:00:00 | 000,025,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\davclnt.dll
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drprov.dll
[2012/03/02 00:00:10 | 011,082,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/03/01 07:00:08 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/14 08:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 08:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netrap.dll
[2008/04/14 08:00:00 | 000,081,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netui0.dll
[2008/04/14 08:00:00 | 000,245,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netui1.dll
[2008/04/14 08:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/04/14 08:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntlanman.dll
[2008/04/14 08:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\samlib.dll
[2009/06/25 04:25:23 | 000,056,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\secur32.dll
[2011/02/17 09:51:44 | 001,510,400 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[2008/04/14 08:00:00 | 000,068,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shgina.dll
[2008/04/14 08:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\twext.dll
 
< %systemroot%\system32\*.dll /90 >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /90 >
 
< %systemroot%\system32\*.exe /90 >
[2012/04/10 10:02:50 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe
[2012/04/11 09:51:20 | 002,071,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntkrnlpa.exe
[2012/04/11 09:51:17 | 002,194,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntoskrnl.exe
 
< %systemroot%\system32\config\*.sav >
[2011/06/04 12:17:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2011/06/04 12:17:34 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2011/06/04 12:17:34 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/05/01 01:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD92.DLL
[2007/05/01 01:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP92.DLL
[2007/10/20 13:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2007/04/09 07:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\assembly\tmp\*.* /S /MD5 >
 
< %systemroot%\assembly\GAC_32\*.* /S /MD5 >
[2012/04/24 15:07:28 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=DF0350DBF3349741AD146C4B3CB2FED0 -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2012/04/24 15:07:42 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=8A600D0A6AE19EC70D3FB4421F20F5BE -- C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2012/04/24 15:07:43 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2012/04/24 15:07:43 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2012/04/24 15:07:44 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2012/04/24 15:07:43 | 004,308,992 | ---- | M] (Microsoft Corporation) MD5=4CDAE87053C9C93B0628FE45238EFDE3 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2012/04/24 15:07:44 | 000,059,342 | ---- | M] () MD5=C45791A2457AE198E6595759902BD2B1 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2012/04/24 15:07:44 | 000,042,918 | ---- | M] () MD5=ECB67857370C90165FF59636864848C3 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2012/04/24 15:07:44 | 000,036,644 | ---- | M] () MD5=63437E7BC4F6A866C36C8E1E33E939DD -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2012/04/24 15:07:44 | 000,063,176 | ---- | M] () MD5=62258D3B4B7E492180941F37684584CE -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2012/04/24 15:07:44 | 000,057,150 | ---- | M] () MD5=E1088DB2D56A1C473E58D4E27C03B611 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2012/04/24 15:07:44 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2012/04/24 15:07:44 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2012/04/24 15:07:43 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2012/04/24 15:07:43 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2012/04/24 15:07:44 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2012/04/24 15:07:45 | 000,482,304 | ---- | M] (Microsoft Corporation) MD5=335A9C6EF222CBDA0D410092C2E2CBEF -- C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2012/04/24 15:07:38 | 002,878,976 | ---- | M] (Microsoft Corporation) MD5=3047657FFCC2A6D4947113487CAF84FF -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2012/04/24 15:07:20 | 000,258,048 | ---- | M] (Microsoft Corporation) MD5=A78ECBA0C7DEFF0AFF8AE6FFA57C2A0A -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2012/04/24 15:07:20 | 000,114,176 | ---- | M] (Microsoft Corporation) MD5=396B76EC2329B07E08D79E7938B482F2 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2012/04/24 15:07:51 | 000,260,096 | ---- | M] (Microsoft Corporation) MD5=ED62E84B4E023F319FAE8AD8FE4CBDD9 -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2012/04/24 15:07:33 | 005,025,792 | ---- | M] (Microsoft Corporation) MD5=0485EE61C40B876E349A34D3B179F669 -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
 
< %systemroot%\assembly\GAC_64\*.* /S /MD5 >
 
< CREATERESTOREPOINT >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs  >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-17 16:18:14
 
 
 
 
< End of report >

--- --- ---
--- --- ---

Extra ist =,

OTL Logfile:

Code:Alles kopierenAlles auswählenLarusso ModusOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 6/12/2012 8:58:24 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 49.00% Memory free
459.00 Mb Paging File | 284.00 Mb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29.30 Gb Total Space | 18.12 Gb Free Space | 61.83% Space Free | Partition Type: NTFS
Drive D: | 1000.00 Gb Total Space | 417.93 Gb Free Space | 41.79% Space Free | Partition Type: NTFS
Drive E: | 100.00 Gb Total Space | 99.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive F: | 103.58 Gb Total Space | 103.51 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive G: | 63.01 Gb Total Space | 53.85 Gb Free Space | 85.46% Space Free | Partition Type: NTFS
Drive H: | 800.00 Gb Total Space | 249.26 Gb Free Space | 31.16% Space Free | Partition Type: NTFS
Drive J: | 7.46 Gb Total Space | 2.57 Gb Free Space | 34.44% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52306338-9945-41A5-A021-25739C852B58}" = StarMoney
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9CA72668-86CC-5447-9278-A0378FE45378}" = Media Add-ons für Acronis True Image Home 2010
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E4C57F9E-8673-40D3-B41A-BC7F445122DE}" = StarMoney 8.0 S-Edition
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E8D82F42-EBD8-478C-917B-28F5BA6EAAAA}" = StarMoney
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"abgx360" = abgx360 v1.0.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast!" = avast! Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Defraggler" = Defraggler
"FormatFactory" = FormatFactory 2.60
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Shop for HP Supplies" = Shop for HP Supplies
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.9
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"XnView_is1" = XnView 1.98
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Jürgen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723
 
< End of report >

--- --- ---
--- --- ---

Ich der Hoffnung, dass man Hiermit mehr anzufangen ist für bessere Hilfe.

PS.
Bitte mein anderes Thema löschen da zu, Unübersichtlich. Vielen dank!

cosinus · 14.06.2012, 14:13

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

ssabines · 22.06.2012, 13:10

Nein, ich konnte in keinem Modus mehr starten. Nun habe ich, ein altes BackUp eingespielt und jetzt bemerkt das meine Fim-Dateien alle Umbenannt bzw. Verschlüsselt sind.

Wie kann ich das wieder, beheben?

PS.
Habe gerade in einem anderen Thead gelesen, dass es noch keine richtige Hilfe gibt, werde allerdings zuerst die besagten Tipp´s versuchen z.B. (andere Endungen .avi).

Bin für jede Hilfe, Dankbar.

cosinus · 22.06.2012, 13:31

Lass bitte diese sinnfreien Vollzitate sein!

Hinweise bzgl. der verschlüsselten Dateien:
Wann genau deine Daten entschlüsselt werden können wird dir niemand genau sagen können außer vllt einer

es kann sein, dass du eine neuere Variante hast, deren Verschlüsselungsalgorithmus noch unbekannt ist. Sowas kann man (noch) nicht entschlüsseln und ohne Schlüssel schon garnicht - ist ja auch logisch, sonst wär es ja keine vernünftige Verschlüsselung
Einfach hier nochmal reinsehen in regelmäßigen Abständen, obige Hinweise beachten. 8 Tools mitsamt hunderten Diskussionsbeiträgen stehen da schon

Eine Notlösung für Vista und Win7-User => http://www.trojaner-board.de/115496-...erstellen.html

Entschlüsselungsversuche der verschlüsselten Dateien sind nur auf zusätzliche Kopien der verschlüsselten Dateien anzuwenden, sonst zerhackt man sich die noch weiter ohne die "original" verschlüsselte Datei mehr zu haben. Das willst du sicher nicht!

Man darf sich aber keine falschen Hoffnungen machen. Mittlerweile sieht es finster aus => Delphi-PRAXiS - Einzelnen Beitrag anzeigen - Verschlüsselungs-Trojaner, Hilfe benötigt

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html

14.06.2012, 14:13	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Welches Windows Update Trojaner Problem? Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung? Abgesicherter Modus zur Bereinigung Windows mit F8-Taste beim Start in den abgesicherten Modus bringen. Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern: __________________ __________________

Welches Windows Update Trojaner Problem?

Plagegeister aller Art und deren Bekämpfung: Welches Windows Update Trojaner Problem?