Desktop schwarz und alle Programme im Startmenü verschwunden

Jürg · 22.06.2012, 13:17

Servus Leute,

meine Mom hat sich was eingefangen, also mim PC.

Beschreibung:
Windowos 7 startet normal, nur des Desktpo-Hintergrund ist schwarz und keine Icon bzw Programme mehr am Desktop sowie im Startmenü.
Wenn ich über Umwege den Explorer öffne, kann ich auch keine Daten auf der Festplatte erkennen, es ist also nichts zu sehen.
Ich kann über das Startmenü über "Programme und Dateien durchsuchen" nur interne Windows Programme (wie zB Systemsteuerung oder Netzwerk- und Freigabecenter) offen.
Im Abgesicherten Modus ist das ganz genau so!

Brauche Hilfe allein schaff ich das nicht

Danke

Jürge

Hi Leute,

ich hab in der Zwischenzeit das Board durchforstet und festgestellt das man in meinen Fall vermutlich eine OTLPE-BootCD braucht. Hab ich also schon mal vorbereitet...

nur ich kann den PC damit nicht Booten. Es kommt:

File SETUPREG.HIV could not be loaded.
The errer code is 32768

Setup cannot continue. Press any key to exit.

liegt das an mir, der CD oder dem PC?

danke

Soooo...

Den Scan mit OTLPEhab ich hinbekommen nur leider spuckt er mit nur die OTL.txt aus, die Extras.txt find ich nirgens. Darum hab ich den Scan zweimal ausgeführt:

Versuch 1
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 6/22/2012 6:20:23 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,023.00 Mb Total Physical Memory | 815.00 Mb Available Physical Memory | 80.00% Memory free
907.00 Mb Paging File | 851.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75.22 Gb Total Space | 52.74 Gb Free Space | 70.12% Space Free | Partition Type: NTFS
Drive D: | 70.90 Gb Total Space | 70.81 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive E: | 2.93 Gb Total Space | 2.89 Gb Free Space | 98.70% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 3.36 Gb Free Space | 89.81% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/06/16 11:40:58 | 000,113,120 | -H-- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/06 07:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/01/15 08:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/21 08:34:28 | 000,185,089 | -H-- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/13 10:48:18 | 000,108,289 | -H-- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System] --  -- (avcodldr)
DRV - [2009/11/25 06:19:02 | 000,056,816 | -H-- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:02:53 | 000,044,032 | -H-- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009/06/10 17:19:48 | 009,853,248 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/11 04:12:20 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 04:33:03 | 000,096,104 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 06:35:01 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Jutta_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Jutta_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Jutta_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 E2 7D 18 3A D1 CC 01  [binary data]
IE - HKU\Jutta_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 11:41:00 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/14 04:29:08 | 000,000,000 | -H-D | M]
 
[2010/03/17 14:04:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\Mozilla\Extensions
[2012/05/04 02:50:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\yusm587q.default\extensions
[2011/05/30 04:16:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\yusm587q.default\extensions\nostmp
[2010/03/17 14:04:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2012/06/16 11:40:59 | 000,085,472 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/04 03:12:04 | 000,001,392 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/04 03:12:04 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/04 03:12:04 | 000,001,153 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/04 03:12:04 | 000,006,805 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/04 03:12:04 | 000,001,178 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/04 03:12:04 | 000,001,105 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [kGACsYrmPjUu.exe] C:\ProgramData\kGACsYrmPjUu.exe ()
O4 - HKLM..\Run: [wPRiPBfrACTWLNJ.exe] C:\ProgramData\wPRiPBfrACTWLNJ.exe ()
O4 - HKU\Jutta_ON_C..\Run: [344B5A00]  File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 23040 = C:\PROGRA~2\LOCALS~1\Temp\msaepf.exe (ZyXEL)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Jutta_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Jutta_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jutta_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Jutta_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 09:06:42 | 000,000,053 | ---- | M] () - F:\AUTORUN.INF -- [ FAT ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/21 09:59:29 | 000,000,000 | -H-D | C] -- C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/06/21 09:52:16 | 000,000,000 | -H-D | C] -- C:\Windows\Minidump
[2012/06/21 05:31:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Local Settings
[2012/06/19 02:47:54 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 02:47:54 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 02:47:21 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 02:47:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 02:47:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 02:46:54 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 02:46:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/14 10:32:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 10:32:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 10:32:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 10:32:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 10:31:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/06/14 10:31:58 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 10:31:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 10:31:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 05:42:38 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/14 05:42:37 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/14 05:42:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/14 05:42:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/12 02:53:38 | 000,000,000 | -H-D | C] -- C:\Users\Jutta\Documents\OneNote-Notizbücher
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/22 11:06:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/22 11:06:46 | 804,954,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 07:10:44 | 000,000,679 | -H-- | M] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/22 02:32:18 | 000,000,112 | -H-- | M] () -- C:\ProgramData\-vmZl7rkRJhEoV2r
[2012/06/22 02:32:18 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-vmZl7rkRJhEoV2
[2012/06/22 02:32:17 | 000,000,655 | -H-- | M] () -- C:\Users\Jutta\Desktop\Data_Recovery.lnk
[2012/06/22 02:32:14 | 000,000,256 | -H-- | M] () -- C:\ProgramData\vmZl7rkRJhEoV2
[2012/06/22 02:29:05 | 000,304,640 | -H-- | M] () -- C:\Users\Jutta\AppData\Local\iibyk.exe
[2012/06/22 02:29:02 | 000,344,824 | -HS- | M] () -- C:\ProgramData\wPRiPBfrACTWLNJ.exe
[2012/06/21 10:04:20 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 10:04:20 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 09:59:15 | 000,253,688 | -H-- | M] () -- C:\ProgramData\vmZl7rkRJhEoV2.exe
[2012/06/21 09:52:07 | 127,576,501 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/21 08:31:23 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/21 08:31:23 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/21 08:31:23 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/06/21 08:31:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaillant winSOFT
[2012/06/21 08:31:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/06/21 08:31:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/06/21 08:31:22 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/21 08:31:22 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/21 08:18:32 | 000,344,824 | -HS- | M] () -- C:\ProgramData\kGACsYrmPjUu.exe
[2012/06/15 02:38:44 | 000,308,704 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/14 10:36:53 | 000,653,928 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2012/06/14 10:36:53 | 000,615,810 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 10:36:53 | 000,129,800 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2012/06/14 10:36:53 | 000,106,190 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/12 02:53:37 | 000,001,322 | -H-- | M] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 09:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 09:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files Created - No Company Name ==========
 
[2012/06/22 07:10:44 | 000,000,679 | -H-- | C] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/22 02:32:17 | 000,000,655 | -H-- | C] () -- C:\Users\Jutta\Desktop\Data_Recovery.lnk
[2012/06/22 02:31:29 | 000,344,824 | -HS- | C] () -- C:\ProgramData\wPRiPBfrACTWLNJ.exe
[2012/06/22 02:29:05 | 000,304,640 | -H-- | C] () -- C:\Users\Jutta\AppData\Local\iibyk.exe
[2012/06/21 09:59:32 | 000,000,112 | -H-- | C] () -- C:\ProgramData\-vmZl7rkRJhEoV2r
[2012/06/21 09:59:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-vmZl7rkRJhEoV2
[2012/06/21 09:59:26 | 000,000,256 | -H-- | C] () -- C:\ProgramData\vmZl7rkRJhEoV2
[2012/06/21 09:59:15 | 000,253,688 | -H-- | C] () -- C:\ProgramData\vmZl7rkRJhEoV2.exe
[2012/06/21 09:52:07 | 127,576,501 | -H-- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/21 08:20:56 | 000,344,824 | -HS- | C] () -- C:\ProgramData\kGACsYrmPjUu.exe
[2012/06/12 02:53:37 | 000,001,322 | -H-- | C] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2009/07/14 04:47:43 | 000,653,928 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,129,800 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,308,704 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,615,810 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,190 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/06/11 03:59:46 | 000,070,904 | -H-- | C] () -- C:\Windows\System32\ListLabel13JNI.dll
[2006/07/18 08:51:16 | 005,304,320 | -H-- | C] () -- C:\Windows\System32\digiSealApi.dll
[2000/05/26 05:28:00 | 000,016,183 | -H-- | C] () -- C:\Windows\System32\SELF32.INI
 
========== LOP Check ==========
 
[2012/05/02 14:12:16 | 000,000,000 | -H-D | M] -- C:\Users\Jutta\AppData\Roaming\Dvyitgtks
[2012/05/07 09:50:30 | 000,000,000 | -H-D | M] -- C:\Users\Jutta\AppData\Roaming\TeamViewer
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/06/21 05:31:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\Local Settings
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/01/10 03:38:53 | 000,032,632 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Versuch 2
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 6/22/2012 6:26:24 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,023.00 Mb Total Physical Memory | 755.00 Mb Available Physical Memory | 74.00% Memory free
907.00 Mb Paging File | 819.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75.22 Gb Total Space | 52.74 Gb Free Space | 70.12% Space Free | Partition Type: NTFS
Drive D: | 70.90 Gb Total Space | 70.81 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive E: | 2.93 Gb Total Space | 2.89 Gb Free Space | 98.70% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 3.36 Gb Free Space | 89.81% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/06/16 11:40:58 | 000,113,120 | -H-- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/06 07:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/01/15 08:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/21 08:34:28 | 000,185,089 | -H-- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/13 10:48:18 | 000,108,289 | -H-- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System] --  -- (avcodldr)
DRV - [2009/11/25 06:19:02 | 000,056,816 | -H-- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:02:53 | 000,044,032 | -H-- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009/06/10 17:19:48 | 009,853,248 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/11 04:12:20 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 04:33:03 | 000,096,104 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 06:35:01 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Jutta_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Jutta_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Jutta_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 E2 7D 18 3A D1 CC 01  [binary data]
IE - HKU\Jutta_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 11:41:00 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/14 04:29:08 | 000,000,000 | -H-D | M]
 
[2010/03/17 14:04:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\Mozilla\Extensions
[2012/05/04 02:50:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\yusm587q.default\extensions
[2011/05/30 04:16:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\yusm587q.default\extensions\nostmp
[2010/03/17 14:04:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2012/06/16 11:40:59 | 000,085,472 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/04 03:12:04 | 000,001,392 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/04 03:12:04 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/04 03:12:04 | 000,001,153 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/04 03:12:04 | 000,006,805 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/04 03:12:04 | 000,001,178 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/04 03:12:04 | 000,001,105 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [kGACsYrmPjUu.exe] C:\ProgramData\kGACsYrmPjUu.exe ()
O4 - HKLM..\Run: [wPRiPBfrACTWLNJ.exe] C:\ProgramData\wPRiPBfrACTWLNJ.exe ()
O4 - HKU\Jutta_ON_C..\Run: [344B5A00]  File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 23040 = C:\PROGRA~2\LOCALS~1\Temp\msaepf.exe (ZyXEL)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Jutta_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Jutta_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jutta_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Jutta_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 09:06:42 | 000,000,053 | ---- | M] () - F:\AUTORUN.INF -- [ FAT ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/22 18:24:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/21 09:59:29 | 000,000,000 | -H-D | C] -- C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/06/21 09:52:16 | 000,000,000 | -H-D | C] -- C:\Windows\Minidump
[2012/06/21 05:31:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Local Settings
[2012/06/19 02:47:54 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 02:47:54 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 02:47:21 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 02:47:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 02:47:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 02:46:54 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 02:46:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/14 10:32:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 10:32:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 10:32:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 10:32:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 10:31:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/06/14 10:31:58 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 10:31:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 10:31:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 05:42:38 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/14 05:42:37 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/14 05:42:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/14 05:42:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/12 02:53:38 | 000,000,000 | -H-D | C] -- C:\Users\Jutta\Documents\OneNote-Notizbücher
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/22 11:06:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/22 11:06:46 | 804,954,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 07:10:44 | 000,000,679 | -H-- | M] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/22 02:32:18 | 000,000,112 | -H-- | M] () -- C:\ProgramData\-vmZl7rkRJhEoV2r
[2012/06/22 02:32:18 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-vmZl7rkRJhEoV2
[2012/06/22 02:32:17 | 000,000,655 | -H-- | M] () -- C:\Users\Jutta\Desktop\Data_Recovery.lnk
[2012/06/22 02:32:14 | 000,000,256 | -H-- | M] () -- C:\ProgramData\vmZl7rkRJhEoV2
[2012/06/22 02:29:05 | 000,304,640 | -H-- | M] () -- C:\Users\Jutta\AppData\Local\iibyk.exe
[2012/06/22 02:29:02 | 000,344,824 | -HS- | M] () -- C:\ProgramData\wPRiPBfrACTWLNJ.exe
[2012/06/21 10:04:20 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 10:04:20 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 09:59:15 | 000,253,688 | -H-- | M] () -- C:\ProgramData\vmZl7rkRJhEoV2.exe
[2012/06/21 09:52:07 | 127,576,501 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/21 08:31:23 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/21 08:31:23 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/21 08:31:23 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/06/21 08:31:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaillant winSOFT
[2012/06/21 08:31:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/06/21 08:31:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/06/21 08:31:22 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/21 08:31:22 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/21 08:18:32 | 000,344,824 | -HS- | M] () -- C:\ProgramData\kGACsYrmPjUu.exe
[2012/06/15 02:38:44 | 000,308,704 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/14 10:36:53 | 000,653,928 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2012/06/14 10:36:53 | 000,615,810 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 10:36:53 | 000,129,800 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2012/06/14 10:36:53 | 000,106,190 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/12 02:53:37 | 000,001,322 | -H-- | M] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 09:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 09:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files Created - No Company Name ==========
 
[2012/06/22 07:10:44 | 000,000,679 | -H-- | C] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/22 02:32:17 | 000,000,655 | -H-- | C] () -- C:\Users\Jutta\Desktop\Data_Recovery.lnk
[2012/06/22 02:31:29 | 000,344,824 | -HS- | C] () -- C:\ProgramData\wPRiPBfrACTWLNJ.exe
[2012/06/22 02:29:05 | 000,304,640 | -H-- | C] () -- C:\Users\Jutta\AppData\Local\iibyk.exe
[2012/06/21 09:59:32 | 000,000,112 | -H-- | C] () -- C:\ProgramData\-vmZl7rkRJhEoV2r
[2012/06/21 09:59:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-vmZl7rkRJhEoV2
[2012/06/21 09:59:26 | 000,000,256 | -H-- | C] () -- C:\ProgramData\vmZl7rkRJhEoV2
[2012/06/21 09:59:15 | 000,253,688 | -H-- | C] () -- C:\ProgramData\vmZl7rkRJhEoV2.exe
[2012/06/21 09:52:07 | 127,576,501 | -H-- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/21 08:20:56 | 000,344,824 | -HS- | C] () -- C:\ProgramData\kGACsYrmPjUu.exe
[2012/06/12 02:53:37 | 000,001,322 | -H-- | C] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2009/07/14 04:47:43 | 000,653,928 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,129,800 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,308,704 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,615,810 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,190 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/06/11 03:59:46 | 000,070,904 | -H-- | C] () -- C:\Windows\System32\ListLabel13JNI.dll
[2006/07/18 08:51:16 | 005,304,320 | -H-- | C] () -- C:\Windows\System32\digiSealApi.dll
[2000/05/26 05:28:00 | 000,016,183 | -H-- | C] () -- C:\Windows\System32\SELF32.INI
 
========== LOP Check ==========
 
[2012/05/02 14:12:16 | 000,000,000 | -H-D | M] -- C:\Users\Jutta\AppData\Roaming\Dvyitgtks
[2012/05/07 09:50:30 | 000,000,000 | -H-D | M] -- C:\Users\Jutta\AppData\Roaming\TeamViewer
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/06/21 05:31:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\Local Settings
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/01/10 03:38:53 | 000,032,632 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Ich hoffe das es schon mal was bringt...

Jürg · 24.06.2012, 19:04

Hallo Leute,

mein Problem hat sich erledigt. Hab alle Platten formatiert, der PC sollte ja morgen wieder laufen. Da der PC eigentlich nur ein Kaufmännischesprogramm als Client drauf hat installier ich das heut abend nochmal neu.

ich denk das mit Format C: auch alle Schadsoftware vernichtet ist, oder?

Ich bedanke mich trotzdem, da ich bestimmt nicht das letzte mal hier war.
Das Forum ist sehr informativ, macht weiter so.

t'john · 26.08.2012, 02:05

Zitat:

ich denk das mit Format C: auch alle Schadsoftware vernichtet ist, oder?

Am besten vorher Partition loeschen!

t'john · 07.10.2012, 00:29

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Desktop schwarz und alle Programme im Startmenü verschwunden

Plagegeister aller Art und deren Bekämpfung: Desktop schwarz und alle Programme im Startmenü verschwunden