Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Dringende OTL Auswertung benoetigt

Dringende OTL Auswertung benoetigt


Log-Analyse und Auswertung: Dringende OTL Auswertung benoetigt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 14.06.2012, 12:08   #1
Owerumer
 
Dringende OTL Auswertung benoetigt - Standard

Dringende OTL Auswertung benoetigt


Hallo,

habe mir heute morgen folgenden Virus eingefangen.
Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt...

habe bereits eine OTL file un benoetige eine auswertung bzw. die auswertung fuer den CUSTOM SCANS/FIXES

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/14/2012 1:23:13 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium  (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0e:\pagefile.sys 1024 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 8.47 Gb Free Space | 11.37% Space Free | Partition Type: NTFS
Drive D: | 73.06 Gb Total Space | 58.72 Gb Free Space | 80.37% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/06/09 19:08:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/11 03:56:11 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 09:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/20 05:36:17 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/11/20 05:36:17 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2007/08/13 06:25:54 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/26 10:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/04/02 09:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2007/02/05 12:13:14 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006/11/14 14:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 10:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 13:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/17 09:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (USBCamera) Icatch(IV)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/04/04 09:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/30 07:11:41 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/29 06:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/04/29 06:11:58 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2009/05/27 16:48:14 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/27 16:47:52 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/27 16:47:43 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/04/18 09:01:08 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/07/30 05:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/26 10:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/07/13 10:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/18 13:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/02/24 08:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/25 19:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007/01/25 19:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007/01/23 10:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 10:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/18 10:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/12/14 09:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/10 10:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/10/18 06:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/05 14:07:00 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=A827A78C55D55F810EC3DD4FD9A96684&tbp=homepage
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Alex_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Alex_ON_C\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - Reg Error: Key error. File not found
IE - HKU\Alex_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Alex_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1"
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&src=sp&cf=26fdec5d-f9bd-11e0-b622-001d60f1b6ec&q="
FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..keyword.URL: "hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=A827A78C55D55F810EC3DD4FD9A96684&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mytalkpal.com/ffplugin: C:\Program Files\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll (Shanghai Qitai Tech. Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/27 09:01:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files\Steganos Password Manager 12\spmplugin3 [2011/10/24 11:23:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/14 05:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 17:36:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/14 05:06:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 17:36:39 | 000,000,000 | ---D | M]
 
[2011/09/09 14:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2012/06/14 05:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6l5ge16d.default\extensions
[2012/06/14 05:06:08 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6l5ge16d.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}
[2012/06/14 05:05:47 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6l5ge16d.default\extensions\plugin@yontoo.com
[2011/07/11 14:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6l5ge16d.default\searchplugins\startsear.xml
[2011/09/09 14:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2012/06/09 19:08:55 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012/02/23 10:20:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/23 10:20:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/23 10:20:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/23 10:20:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/14 05:06:07 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/02/23 10:20:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/23 10:20:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
O2 - BHO: (TBSB05590 Class) - {A3FC7223-752E-495B-9951-CE360FA1180C} - C:\Users\Alex\AppData\Roaming\AD ON Multimedia\Amazon Toolbar\amazon.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files\Steganos Password Manager 12\SPMIEToolbar.dll (Steganos GmbH)
O3 - HKLM\..\Toolbar: (Amazon Toolbar) - {BEBD573C-8315-43A8-9EA0-7028D471CC81} - C:\Users\Alex\AppData\Roaming\AD ON Multimedia\Amazon Toolbar\amazon.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\Alex_ON_C\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\Alex_ON_C\..\Toolbar\WebBrowser: (Amazon Toolbar) - {BEBD573C-8315-43A8-9EA0-7028D471CC81} - C:\Users\Alex\AppData\Roaming\AD ON Multimedia\Amazon Toolbar\amazon.dll ()
O3 - HKU\Alex_ON_C\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Alex_ON_C..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
O4 - HKU\Alex_ON_C..\Run: [otxuz.exe]  File not found
O4 - HKU\Alex_ON_C..\Run: [pseuyzwjydltsfa] C:\ProgramData\pseuyzwj.exe ()
O4 - HKU\Alex_ON_C..\Run: [TOSCDSPD]  File not found
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files\Steganos Password Manager 12\SPMIEToolbar.dll (Steganos GmbH)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5ee3d444-fe52-11e0-a605-001d60f1b6ec}\Shell\AutoRun\command - "" = G:\CD_Start.exe
O33 - MountPoints2\{d50fd84c-0bc1-11dd-a1fa-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{d50fd84c-0bc1-11dd-a1fa-00038a000015}\Shell\AutoRun\command - "" = D:\pushinst.exe
O33 - MountPoints2\{d84a8e15-913f-11dc-b5b0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d84a8e15-913f-11dc-b5b0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{df7be0d2-e490-11dc-8d3b-00038a000015}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{df7be0d2-e490-11dc-8d3b-00038a000015}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\CD_Start.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/14 06:00:36 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Alex\Desktop\OTLPENet.exe
[2012/06/14 05:22:48 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTH.scr
[2012/06/14 05:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/06/14 05:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2012/06/14 05:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/06/14 05:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/06/14 05:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\blekkotb_031
[2012/06/14 05:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/06/14 05:05:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\blekkotb_031
[2012/06/14 05:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/06/14 04:01:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2012/06/14 04:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/14 04:01:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/14 04:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/14 04:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/14 03:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\azwcihfotueacga
[2012/05/26 11:49:37 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Hochzeit giusy+dome
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/14 06:13:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/14 06:09:45 | 000,650,364 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/06/14 06:09:45 | 000,617,860 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 06:09:45 | 000,120,530 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/06/14 06:09:45 | 000,107,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/14 06:09:09 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2012/06/14 06:00:53 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Alex\Desktop\OTLPENet.exe
[2012/06/14 05:34:39 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/06/14 05:31:05 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/14 05:30:54 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 05:30:54 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 05:23:04 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTH.scr
[2012/06/14 05:05:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/06/14 05:01:44 | 000,006,648 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2012/06/14 04:10:33 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CCFFF676-8955-4553-85FA-573C1F87CF92}.job
[2012/06/14 04:01:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/14 04:01:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/14 03:56:17 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/06/14 03:56:17 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/06/14 03:30:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/14 03:29:15 | 000,000,052 | ---- | M] () -- C:\ProgramData\gpanjhyffiqfoqo
[2012/06/14 03:28:12 | 000,053,248 | ---- | M] () -- C:\ProgramData\pseuyzwj.exe
[2012/06/14 03:28:12 | 000,053,248 | ---- | M] () -- C:\ProgramData\lujaubkt.exe
[2012/06/14 03:28:12 | 000,053,248 | ---- | M] () -- C:\ProgramData\dtakdtpg.exe
[2012/06/13 16:19:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3913396371-1708683384-1320772167-1000UA.job
[2012/06/13 15:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/13 01:59:58 | 000,002,305 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/12 17:19:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3913396371-1708683384-1320772167-1000Core.job
[2012/06/12 14:51:23 | 000,002,042 | ---- | M] () -- C:\Users\Alex\Desktop\Google Chrome.lnk
[2012/06/12 14:51:23 | 000,002,004 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/06/14 06:09:09 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012/06/14 05:34:39 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/06/14 04:01:39 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/14 03:29:15 | 000,053,248 | ---- | C] () -- C:\ProgramData\pseuyzwj.exe
[2012/06/14 03:29:15 | 000,053,248 | ---- | C] () -- C:\ProgramData\dtakdtpg.exe
[2012/06/14 03:28:14 | 000,053,248 | ---- | C] () -- C:\ProgramData\lujaubkt.exe
[2012/06/14 03:28:14 | 000,000,052 | ---- | C] () -- C:\ProgramData\gpanjhyffiqfoqo
[2012/02/25 10:30:26 | 000,006,648 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011/06/13 15:39:48 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/06/13 15:39:48 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/06/01 14:33:11 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2008/12/28 19:00:35 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008/06/14 09:07:40 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2008/06/14 07:50:52 | 000,000,009 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\mdb.bin
[2008/05/29 14:43:21 | 000,000,092 | ---- | C] () -- C:\Users\Alex\AppData\Local\fusioncache.dat
[2008/04/16 13:26:08 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2008/01/02 11:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 11:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 11:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 11:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/11/26 13:56:14 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/11/13 13:50:00 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/11/13 12:55:14 | 000,000,016 | -H-- | C] () -- C:\Users\Alex\AppData\Roaming\mxfilerelatedcache.mxc2
[2007/11/13 12:55:14 | 000,000,016 | -H-- | C] () -- C:\Users\Alex\AppData\mxfilerelatedcache.mxc2
[2007/11/13 12:55:14 | 000,000,016 | -H-- | C] () -- C:\Users\Alex\AppData\Local\mxfilerelatedcache.mxc2
[2007/11/12 17:44:01 | 000,104,448 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/13 08:20:38 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/08/13 07:52:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/13 07:52:05 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/13 07:52:05 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/13 07:52:05 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/13 07:52:05 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/13 07:52:05 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/13 07:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/13 07:30:56 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/08/13 07:30:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/08/13 07:30:56 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/08/13 07:30:56 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/08/13 06:06:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/13 06:06:09 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/13 06:06:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2006/11/02 11:33:31 | 000,650,364 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,120,530 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,321,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,617,860 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,107,004 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
 
========== LOP Check ==========
 
[2007/11/16 12:45:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AD ON Multimedia
[2011/09/30 07:21:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2007/11/13 15:48:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICQ Toolbar
[2012/04/30 17:31:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ihqe
[2012/04/28 06:06:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ipizas
[2011/10/24 11:25:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Steganos
[2008/05/29 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\T-Online
[2008/04/16 12:33:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Toshiba
[2008/03/21 09:56:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ulead Systems
[2009/01/13 17:48:19 | 000,000,000 | ---D | M] -- C:\ProgramData\ALDI_Sued_Fotoservice
[2012/06/14 05:05:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Anti-phishing Domain Advisor
[2007/11/12 14:05:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/06/14 03:28:17 | 000,000,000 | ---D | M] -- C:\ProgramData\azwcihfotueacga
[2012/06/14 05:06:09 | 000,000,000 | ---D | M] -- C:\ProgramData\blekko toolbars
[2011/09/30 07:10:59 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2007/11/12 14:05:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2007/11/12 14:05:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/07/14 15:15:44 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2008/12/28 19:02:02 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2007/11/12 14:05:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2008/05/29 14:39:00 | 000,000,000 | ---D | M] -- C:\ProgramData\T-Online
[2012/06/14 05:05:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/15 17:13:27 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2007/08/13 08:03:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2007/11/12 14:10:36 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2007/08/13 07:51:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2007/11/26 13:57:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
[2007/11/12 14:05:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/05/17 16:47:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Windows
[2011/03/23 09:47:50 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/14 05:34:39 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/06/14 05:33:13 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/14 04:10:33 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CCFFF676-8955-4553-85FA-573C1F87CF92}.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---


Brauche meinen Laptop schnell wieder funktionsf'hig, da meine Freundin gerade an einer Praesentation arbeitet fuer eine Hochzeit am Samstag.
Steh quasi unter Strom

Vielen Dank im Vorraus

hier noch die Extras.txt

OTL EXTRAS Logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 6/14/2012 1:23:13 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium  (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0e:\pagefile.sys 1024 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 8.47 Gb Free Space | 11.37% Space Free | Partition Type: NTFS
Drive D: | 73.06 Gb Total Space | 58.72 Gb Free Space | 80.37% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Foto Paradies] -- "C:\Program Files\dm\dm-Fotowelt\Foto Paradies.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = Die Sims™ 2 Villen- und Garten-Accessoires
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{5023B3E9-6B73-471E-8BD9-DA4442AE357C}" = ArcSoft Print Creations - Quick Photo Book
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A40B26-5B56-4D5D-944C-7D82D1F3555D}" = ArcSoft MediaImpression
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A0602176-4BDA-40FA-808D-EF0AAAF0A183}" = ArcSoft Print Creations
"{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{C009A918-0C06-45B3-AEF6-B1057307A643}" = Steganos Password Manager 12
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E5BA962C-631A-464B-AA8C-B1CED01D2E93}" = ArcSoft Panorama Maker 4
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F027C8E3-6DBD-492A-9959-7B36B1DE0D65}" = Ad-Aware
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AOL Toolbar 4.0" = 
"Audiograbber" = Audiograbber 1.83 SE 
"blekkotb_031" = blekko search bar
"Corel Applications" = Corel Applications
"Creative Media Lite" = Creative Media Lite
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"EF Englishtown Advanced Speech Recognition_is1" = EF Englishtown Advanced Speech Recognition Version 4.3.0.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Foto Paradies" = Foto Paradies
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"maxdome - Online Videothek" = maxdome - Online Videothek
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"myphotobook" = myphotobook 3.1
"OpenTTD" = OpenTTD 1.1.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB05590.TBSB05590Toolbar" = Amazon Toolbar
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR 4.01 Beta 1 (32-Bit)
"ZENStoneUG" = Creative ZEN Stone-Benutzerhandbuch
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Alex_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
< End of report >
--- --- ---

--- --- ---

Alt 15.06.2012, 09:01   #2
kira
/// Helfer-Team
 
Dringende OTL Auswertung benoetigt - Standard

Dringende OTL Auswertung benoetigt


Hallo und Herzlich Willkommen!

Mit diesem Rechner nicht weiter arbeiten, da Vista ist total veraltet:
Zitat:
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.17037)
Es macht hier eine Systemreinigung so auch keinen Sinn!
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Kann ich Dir einen Zugriff auf deine Daten ermöglichen, aber danach sollst deine wichtige pers. Daten sichern und Vista neu aufsetzen und beide Servicepack (SP1 u. SP2 von Microsoft) gleich drauf installieren!

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTLPE
  • Starte die OTLPE
  • Kopiere folgendes Skript (unverändert inkl. :OTL, also - nach dem "Code", alles was in der Codebox steht - - (also beginnend mit :OTL und am Ende [emptytemp] ohne "code"!)
    :
Code:
ATTFilter
:OTL
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=A827A78C55D55F810EC3DD4FD9A96684&tbp=homepage
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Alex_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Alex_ON_C\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1"
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&src=sp&cf=26fdec5d-f9bd-11e0-b622-001d60f1b6ec&q="
[2011/07/11 14:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6l5ge16d.default\searchplugins\startsear.xml
O4 - HKU\Alex_ON_C..\Run: [otxuz.exe]  File not found
O4 - HKU\Alex_ON_C..\Run: [pseuyzwjydltsfa] C:\ProgramData\pseuyzwj.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5ee3d444-fe52-11e0-a605-001d60f1b6ec}\Shell\AutoRun\command - "" = G:\CD_Start.exe
O33 - MountPoints2\{d50fd84c-0bc1-11dd-a1fa-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{d50fd84c-0bc1-11dd-a1fa-00038a000015}\Shell\AutoRun\command - "" = D:\pushinst.exe
O33 - MountPoints2\{d84a8e15-913f-11dc-b5b0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d84a8e15-913f-11dc-b5b0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{df7be0d2-e490-11dc-8d3b-00038a000015}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{df7be0d2-e490-11dc-8d3b-00038a000015}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\CD_Start.exe

:Files
C:\ProgramData\pseuyzwj.exe
C:\ProgramData\dtakdtpg.exe
C:\ProgramData\lujaubkt.exe
C:\ProgramData\gpanjhyffiqfoqo
C:\ProgramData\azwcihfotueacga

ipconfig /flushdns /c

:Commands
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Run Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen, oder manuell aufstarten!
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.
Boote neu und schaue nach, ob Du schon im normalen Modus arbeiten kannst?
wenn ja, so geht es weiter:

3.
Kontrolliere deine eigene Dateien (wie Dokumente, Musik, Bilder etc), ob der Trojaner sie nicht eventuell verschlüsselt hat?!

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________
Antwort

Themen zu Dringende OTL Auswertung benoetigt
ad-aware, adobe, antivir, audiograbber, automatischen informationskontrolle, autorun, avira, bho, bonjour, computer, defender, desktop, error, firefox, flash player, home, informationskontrolle, install.exe, logfile, mozilla, object, plug-in, realtek, registry, rundll, security, software, system, tarma, version=1.0, virus, vista, yontoo


« Suisa Virus | Verschlüsselungstrojaner »


Ähnliche Themen: Dringende OTL Auswertung benoetigt


  1. AKM - Trojaner - Fix-File benoetigt
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (7)
  2. Bitte um dringende Hilfe!!!
    Mülltonne - 07.12.2008 (0)
  3. Dringende Hilfe benötigt
    Alles rund um Windows - 24.11.2008 (12)
  4. Bitte um dringende Auswertung
    Log-Analyse und Auswertung - 11.09.2008 (4)
  5. Dringende Hilfe!!!
    Log-Analyse und Auswertung - 29.05.2008 (1)
  6. AW: Dringende Hilfe!!!
    Mülltonne - 29.05.2008 (0)
  7. dringende AM2 Meinboardsuche
    Netzwerk und Hardware - 20.11.2007 (16)
  8. Bitte um dringende Hilfe - Auswertung Logfile
    Log-Analyse und Auswertung - 24.11.2006 (1)
  9. bitte um dringende Hilfe
    Log-Analyse und Auswertung - 11.08.2006 (3)
  10. Dringende Analyse!!
    Log-Analyse und Auswertung - 27.07.2006 (1)
  11. Dringende Hilfe
    Log-Analyse und Auswertung - 26.02.2006 (7)
  12. 2 Pc´s im ***** bitte um dringende Hilfe
    Plagegeister aller Art und deren Bekämpfung - 15.08.2005 (2)
  13. Erbitte dringende Hilfe!!
    Plagegeister aller Art und deren Bekämpfung - 25.07.2005 (2)
  14. Dringende Hilfe
    Log-Analyse und Auswertung - 10.12.2004 (12)
  15. Dringende Frage !!
    Plagegeister aller Art und deren Bekämpfung - 23.05.2004 (8)
  16. Dringende Anfrage
    Plagegeister aller Art und deren Bekämpfung - 18.01.2004 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Dringende OTL Auswertung benoetigt - Hallo, habe mir heute morgen folgenden Virus eingefangen. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt... habe bereits eine OTL file un benoetige eine auswertung bzw. die auswertung - Dringende OTL Auswertung benoetigt...
Archiv
Du betrachtest: Dringende OTL Auswertung benoetigt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55