weisser bildschirm WIN7 ohne Taskmanager

gunnar73 · 31.07.2012, 08:03

Hallo,

ich habe auf meinem rechner während dem surfen einen absturz mit nem weissen bildschirm. auch nach dem Neustart kammt nach der WIN-anmeldung nur der weisse bildschirm und mit STRG-ALT-ENTF keine möglichkeit zum Taskmanager zu kommen.
Wie kann ich jetzt den rechner auslesen? über nen 2. rechner? Vielen Dank für eure hilfe.

t'john · 31.07.2012, 09:49

Von einem sauberen PC OTL.exe runterladen auf USB Stick.
Infizierten Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen.

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.

oder:

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

gunnar73 · 31.07.2012, 10:23

Hallo t´john,

hab die dvd vom 2. rechner erstellt und auch am verseuchten rechner gebootet. REATOGO-X-PE startet - schaltet dan in den Startmodus von xp (nur ganz kurz) und dann kommt n absturz mit nem blauen bildschirm dass, um schaden zu verhindern, der rechner gestoppt wurde (auf englisch). liegt das daran, dass der rechner eigentlich n win7 rechner ist? vielen dank für deine hilfe.
gruss gunnar

t'john · 31.07.2012, 10:34

Schau im BIOS nach den SATA Einstellungen und stelle von AHCI auf IDE um.

gunnar73 · 31.07.2012, 10:54

Hi. die OTL.txt wurde erstellt aber keine extras.txt....
Gruss GunnarOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 7/31/2012 2:45:38 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 100.00 Mb Total Space | 75.81 Mb Free Space | 75.82% Space Free | Partition Type: NTFS
Drive F: | 226.00 Gb Total Space | 142.56 Gb Free Space | 63.08% Space Free | Partition Type: NTFS
Drive G: | 226.00 Gb Total Space | 127.22 Gb Free Space | 56.29% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/07/23 07:26:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto] -- F:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/10/21 08:07:36 | 000,095,608 | ---- | M] (Dyn, Inc.) [Auto] -- F:\Program Files\Dyn Updater\DynUpSvc.exe -- (Dyn Updater)
SRV - [2011/08/05 06:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 06:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 06:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/05/09 05:11:22 | 000,508,848 | ---- | M] (REINER SCT) [Auto] -- F:\Windows\System32\cjpcsc.exe -- (cjpcsc)
SRV - [2011/04/24 18:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/04/20 03:33:09 | 000,013,312 | ---- | M] () [Auto] -- F:\IDU\usr\srvany.exe -- (aidooBen)
SRV - [2011/04/15 05:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto] -- F:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/07 07:49:08 | 000,560,880 | ---- | M] (CrossLoop Inc) [Auto] -- F:\Users\life-fitness\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/07/21 02:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand] -- F:\Users\life-fitness\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/05/14 05:34:39 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto] -- F:\IDU\Server\bin\pg_ctl.exe -- (postgresql-8.3)
SRV - [2010/04/16 08:51:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/14 10:08:12 | 000,598,696 | ---- | M] ( ) [Auto] -- F:\Windows\System32\lxeccoms.exe -- (lxec_device)
SRV - [2010/04/14 09:08:05 | 000,193,192 | ---- | M] () [Auto] -- F:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010/01/08 08:28:14 | 000,419,480 | ---- | M] (Sage Software) [Auto] -- F:\Program Files\Common Files\Sage Software Shared\Deploymentservice.exe -- (SageDeploymentService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand] --  -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand] --  -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand] --  -- (VGPU)
DRV - File not found [Kernel | On_Demand] --  -- (tsusbhub)
DRV - File not found [Kernel | On_Demand] --  -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand] --  -- (massfilter)
DRV - [2012/03/23 11:16:31 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System] -- F:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/03/29 06:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand] -- F:\Windows\System32\drivers\cjusb.sys -- (cjusb)
DRV - [2011/03/10 13:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- F:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 08:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- F:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 08:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- F:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System] -- F:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System] -- F:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/03 05:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | System] -- F:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/11/02 15:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- F:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/03/02 09:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- F:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/03/02 09:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- F:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/05/31 02:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System] -- F:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 77.7.52.201:80
 
IE - HKU\life-fitness_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKU\life-fitness_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\life-fitness_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\life-fitness_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 1C 2A 2F AB C9 CA 01  [binary data]
IE - HKU\life-fitness_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\life-fitness_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\life-fitness_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 77.7.52.201:80
 
 
 
IE - HKU\postgres.BUERO.000_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\postgres.BUERO.000_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\postgres.BUERO.000_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 1C 2A 2F AB C9 CA 01  [binary data]
IE - HKU\postgres.BUERO.000_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\postgres.BUERO.000_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.sport1.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: F:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/03/23 11:31:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/03/23 11:31:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/03/23 11:31:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/23 07:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/16 12:44:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/23 07:26:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/16 12:44:55 | 000,000,000 | ---D | M]
 
[2010/03/22 08:00:23 | 000,000,000 | ---D | M] (No name found) -- F:\Users\life-fitness\AppData\Roaming\Mozilla\Extensions
[2012/05/02 03:13:25 | 000,000,000 | ---D | M] (No name found) -- F:\Users\life-fitness\AppData\Roaming\Mozilla\Firefox\Profiles\upa2zgwo.default\extensions
[2012/02/16 13:05:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- F:\Users\life-fitness\AppData\Roaming\Mozilla\Firefox\Profiles\upa2zgwo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/01/20 10:06:29 | 000,000,000 | ---D | M] (Facemoods) -- F:\Users\life-fitness\AppData\Roaming\Mozilla\Firefox\Profiles\upa2zgwo.default\extensions\ffxtlbr@Facemoods.com
[2011/11/14 09:09:57 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2012/07/23 07:26:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/16 23:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/22 03:31:34 | 000,001,392 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/22 03:31:34 | 000,002,252 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/22 03:31:34 | 000,001,153 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/20 10:06:29 | 000,002,048 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/06/22 03:31:34 | 000,006,805 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/22 03:31:34 | 000,001,178 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/22 03:31:34 | 000,001,105 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - F:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - F:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\life-fitness_ON_F\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\postgres.BUERO.000_ON_F\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\Program Files\Adobe\Acrobatpro\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] F:\Program Files\Adobe\Acrobatpro\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [EzPrint] F:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [facemoods] F:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [lxecmon.exe] F:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [MFNetworkScanUtility] F:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [SfWinStartInfo] F:\Program Files\SFirm32\sfWinStartupInfo.exe (SFirm Hannover)
O4 - HKU\life-fitness_ON_F..\Run: [DynDNS Updater] F:\Program Files\DynDNS Updater\DynDNS.exe (Kana Solution)
O4 - HKU\life-fitness_ON_F..\Run: [lvuhbshbifdyfwa] F:\ProgramData\lvuhbshb.exe ()
O4 - HKU\life-fitness_ON_F..\Run: [MicroUpdate] F:\Windows\System32\MSDCSC\msdcsc.exe (Microsoft Corp.)
O4 - HKU\postgres.BUERO.000_ON_F..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\postgres.BUERO.000_ON_F..\Run: [JP595IR86O]  File not found
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\postgres.BUERO.000_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\postgres.BUERO_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\postgres_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: F:\Users\life-fitness\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\life-fitness_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\life-fitness_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\life-fitness_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - F:\Users\life-fitness\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - F:\Users\life-fitness\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - AppInit_DLLs: (acaptuser32.dll) - F:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\msdcsc.exe) - F:\Windows\System32\MSDCSC\msdcsc.exe (Microsoft Corp.)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - F:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{cb3b19d9-3472-11e1-a8df-00262d1a80f7}\Shell - "" = AutoRun
O33 - MountPoints2\{cb3b19d9-3472-11e1-a8df-00262d1a80f7}\Shell\AutoRun\command - "" = IomegaEncryptionSetup v1.3.exe
O33 - MountPoints2\{fa880554-bc3d-11e0-8c05-00262d1a80f7}\Shell - "" = AutoRun
O33 - MountPoints2\{fa880554-bc3d-11e0-8c05-00262d1a80f7}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/31 02:21:36 | 000,000,000 | ---D | C] -- F:\ProgramData\gioljfpfiawxqwz
[2012/07/26 16:07:56 | 002,345,984 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\win32k.sys
[2012/07/26 10:55:58 | 000,000,000 | ---D | C] -- F:\Users\life-fitness\Desktop\SOKA
[2012/07/25 06:29:46 | 000,000,000 | ---D | C] -- F:\Users\life-fitness\Desktop\DP_Welle_Infopost_EinSdDP_NAT
[2012/07/23 08:02:42 | 000,000,000 | ---D | C] -- F:\Users\life-fitness\Documents\Wunschhaus Architekt Ultimate
[2012/07/23 08:02:23 | 000,000,000 | ---D | C] -- F:\Users\life-fitness\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\bhv
[2012/07/23 08:02:22 | 000,000,000 | ---D | C] -- F:\Users\life-fitness\AppData\Local\cacad
[2012/07/23 08:02:07 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\DWGdirectX 2.7
[2012/07/23 08:00:06 | 000,290,816 | ---- | C] (Cygnicon GmbH) -- F:\Windows\System32\CyViewer.ocx
[2012/07/23 07:59:53 | 000,062,464 | ---- | C] (Tools & Components) -- F:\Windows\System32\sevLock.dll
[2012/07/23 07:59:53 | 000,000,000 | ---D | C] -- F:\Program Files\bhv
[2012/07/23 01:53:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtml.tlb
[2012/07/23 01:53:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2012/07/23 01:53:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieUnatt.exe
[2012/07/23 01:53:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jsproxy.dll
[2012/07/23 01:53:42 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2012/07/23 01:53:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2012/07/23 01:53:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\inetcpl.cpl
[2012/07/23 01:53:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\url.dll
[2012/07/10 23:36:39 | 000,219,136 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ncrypt.dll
[2012/07/10 23:36:33 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\cdosys.dll
[2012/07/10 23:36:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msxml3r.dll
[2012/07/05 13:19:45 | 000,000,000 | ---D | C] -- F:\Users\life-fitness\Desktop\ZUMBA
[2012/07/02 10:29:38 | 000,000,000 | ---D | C] -- F:\Users\life-fitness\AppData\Roaming\YourFileDownloader
[2012/07/02 07:47:01 | 000,000,000 | ---D | C] -- F:\Users\life-fitness\AppData\Roaming\dclogs
[2012/07/02 07:46:55 | 000,000,000 | ---D | C] -- F:\Windows\System32\MSDCSC
[2011/07/26 10:10:48 | 000,442,368 | ---- | C] ( ) -- F:\Windows\System32\lxeccoin.dll
[2011/07/26 10:10:23 | 001,048,576 | ---- | C] ( ) -- F:\Windows\System32\lxecserv.dll
[2011/07/26 10:10:23 | 000,847,872 | ---- | C] ( ) -- F:\Windows\System32\lxecusb1.dll
[2011/07/26 10:10:23 | 000,802,816 | ---- | C] ( ) -- F:\Windows\System32\lxeccomc.dll
[2011/07/26 10:10:23 | 000,688,128 | ---- | C] ( ) -- F:\Windows\System32\lxechbn3.dll
[2011/07/26 10:10:23 | 000,643,072 | ---- | C] ( ) -- F:\Windows\System32\lxecpmui.dll
[2011/07/26 10:10:23 | 000,598,696 | ---- | C] ( ) -- F:\Windows\System32\lxeccoms.exe
[2011/07/26 10:10:23 | 000,577,536 | ---- | C] ( ) -- F:\Windows\System32\lxeclmpm.dll
[2011/07/26 10:10:23 | 000,373,416 | ---- | C] ( ) -- F:\Windows\System32\lxeccfg.exe
[2011/07/26 10:10:23 | 000,372,736 | ---- | C] ( ) -- F:\Windows\System32\lxeccomm.dll
[2011/07/26 10:10:23 | 000,364,544 | ---- | C] ( ) -- F:\Windows\System32\lxecinpa.dll
[2011/07/26 10:10:23 | 000,356,352 | ---- | C] ( ) -- F:\Windows\System32\LXEChcp.dll
[2011/07/26 10:10:23 | 000,344,064 | ---- | C] ( ) -- F:\Windows\System32\lxeciesc.dll
[2011/07/26 10:10:23 | 000,324,264 | ---- | C] ( ) -- F:\Windows\System32\lxecih.exe
[2 F:\ProgramData\*.tmp files -> F:\ProgramData\*.tmp -> ]
[1 F:\Users\life-fitness\Desktop\*.tmp files -> F:\Users\life-fitness\Desktop\*.tmp -> ]
[1 F:\*.tmp files -> F:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/31 07:37:27 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/07/31 07:32:44 | 000,778,158 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2012/07/31 07:32:44 | 000,729,834 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2012/07/31 07:32:44 | 000,179,260 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2012/07/31 07:32:44 | 000,151,214 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2012/07/31 07:32:31 | 000,013,536 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 07:32:31 | 000,013,536 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 07:25:10 | 000,000,306 | -H-- | M] () -- F:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012/07/31 07:25:04 | 000,065,536 | ---- | M] () -- F:\Windows\System32\Ikeext.etl
[2012/07/31 07:24:52 | 2414,776,320 | -HS- | M] () -- F:\hiberfil.sys
[2012/07/31 02:21:38 | 000,000,051 | ---- | M] () -- F:\ProgramData\nakgcknkerbylth
[2012/07/31 02:21:33 | 000,061,440 | ---- | M] () -- F:\ProgramData\lvuhbshb.exe
[2012/07/31 02:11:02 | 000,794,712 | ---- | M] () -- F:\Users\life-fitness\Desktop\lst.pdf
[2012/07/30 13:29:00 | 000,202,967 | ---- | M] () -- F:\Users\life-fitness\Desktop\Ausbildungen_Group_Fitness_GmbH.pdf
[2012/07/30 13:25:10 | 000,000,718 | ---- | M] () -- F:\Users\life-fitness\Desktop\aidooCheckInOut.lnk
[2012/07/30 13:25:10 | 000,000,715 | ---- | M] () -- F:\Users\life-fitness\Desktop\aidooManage.lnk
[2012/07/26 16:10:48 | 000,415,504 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2012/07/23 13:48:47 | 000,216,969 | ---- | M] () -- F:\Users\life-fitness\Desktop\aigner1_1.cyp
[2012/07/23 12:12:03 | 002,156,810 | ---- | M] () -- F:\Users\life-fitness\Desktop\R_Anzeige_72x120_Amberg.pdf
[2012/07/23 07:26:02 | 000,001,994 | ---- | M] () -- F:\Users\life-fitness\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/23 01:53:13 | 000,000,127 | ---- | M] () -- F:\Windows\System32\MRT.INI
[2012/07/20 04:46:29 | 000,510,102 | ---- | M] () -- F:\Users\life-fitness\Desktop\Variante.jpg
[2012/07/20 04:28:20 | 000,469,049 | ---- | M] () -- F:\Users\life-fitness\Desktop\Scannen2.JPG
[2012/07/18 09:08:17 | 000,544,068 | ---- | M] () -- F:\Users\life-fitness\Desktop\document2012-07-13-075114 (2).pdf
[2012/07/17 05:58:45 | 000,369,759 | ---- | M] () -- F:\Users\life-fitness\Desktop\TerminS2.pdf
[2012/07/17 05:55:56 | 000,364,129 | ---- | M] () -- F:\Users\life-fitness\Desktop\TerminS2.jpg
[2012/07/17 03:19:49 | 000,001,033 | ---- | M] () -- F:\Users\life-fitness\Desktop\TerminS1.lnk
[2012/07/17 03:08:00 | 003,250,482 | ---- | M] () -- F:\Users\life-fitness\Desktop\2012-07-13_INLINE_HANDOUT.pdf
[2012/07/02 12:24:12 | 036,926,444 | ---- | M] () -- F:\Users\life-fitness\Documents\Track No31.wav
[2 F:\ProgramData\*.tmp files -> F:\ProgramData\*.tmp -> ]
[1 F:\Users\life-fitness\Desktop\*.tmp files -> F:\Users\life-fitness\Desktop\*.tmp -> ]
[1 F:\*.tmp files -> F:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/31 02:21:38 | 000,061,440 | ---- | C] () -- F:\ProgramData\lvuhbshb.exe
[2012/07/31 02:21:34 | 000,000,051 | ---- | C] () -- F:\ProgramData\nakgcknkerbylth
[2012/07/31 02:11:02 | 000,794,712 | ---- | C] () -- F:\Users\life-fitness\Desktop\lst.pdf
[2012/07/30 13:29:00 | 000,202,967 | ---- | C] () -- F:\Users\life-fitness\Desktop\Ausbildungen_Group_Fitness_GmbH.pdf
[2012/07/23 12:12:03 | 002,156,810 | ---- | C] () -- F:\Users\life-fitness\Desktop\R_Anzeige_72x120_Amberg.pdf
[2012/07/23 09:04:36 | 000,216,969 | ---- | C] () -- F:\Users\life-fitness\Desktop\aigner1_1.cyp
[2012/07/23 02:41:13 | 007,818,740 | ---- | C] () -- F:\Users\life-fitness\Desktop\Planung Studio 1000 qm_Seite_06.jpg
[2012/07/20 04:46:29 | 000,510,102 | ---- | C] () -- F:\Users\life-fitness\Desktop\Variante.jpg
[2012/07/20 04:18:53 | 000,469,049 | ---- | C] () -- F:\Users\life-fitness\Desktop\Scannen2.JPG
[2012/07/18 09:08:17 | 000,544,068 | ---- | C] () -- F:\Users\life-fitness\Desktop\document2012-07-13-075114 (2).pdf
[2012/07/17 05:58:45 | 000,369,759 | ---- | C] () -- F:\Users\life-fitness\Desktop\TerminS2.pdf
[2012/07/17 05:55:56 | 000,364,129 | ---- | C] () -- F:\Users\life-fitness\Desktop\TerminS2.jpg
[2012/07/17 03:08:00 | 003,250,482 | ---- | C] () -- F:\Users\life-fitness\Desktop\2012-07-13_INLINE_HANDOUT.pdf
[2012/07/17 03:05:38 | 000,001,033 | ---- | C] () -- F:\Users\life-fitness\Desktop\TerminS1.lnk
[2012/07/02 12:24:00 | 036,926,444 | ---- | C] () -- F:\Users\life-fitness\Documents\Track No31.wav
[2012/03/23 11:18:21 | 000,017,408 | ---- | C] () -- F:\Users\life-fitness\AppData\Local\WebpageIcons.db
[2012/03/23 11:17:17 | 000,115,369 | ---- | C] () -- F:\Windows\System32\drivers\klin.dat
[2012/03/23 11:17:17 | 000,097,961 | ---- | C] () -- F:\Windows\System32\drivers\klick.dat
[2012/03/22 16:22:22 | 000,000,127 | ---- | C] () -- F:\Windows\System32\MRT.INI
[2012/03/14 03:55:28 | 000,000,100 | ---- | C] () -- F:\Users\life-fitness\AppData\Local\fusioncache.dat
[2012/01/30 03:03:20 | 000,000,061 | ---- | C] () -- F:\Windows\Setup_tmp.ini
[2011/11/04 04:07:34 | 000,000,323 | ---- | C] () -- F:\Windows\System32\CNCMFP36.INI
[2011/07/26 10:10:48 | 000,040,960 | ---- | C] () -- F:\Windows\System32\lxecvs.dll
[2011/07/26 10:10:47 | 000,294,912 | ---- | C] () -- F:\Windows\System32\lxeccui.dll
[2011/07/26 10:10:47 | 000,110,592 | ---- | C] () -- F:\Windows\System32\lxeccuir.dll
[2011/07/26 10:10:47 | 000,086,016 | ---- | C] () -- F:\Windows\System32\lxecgcfg.dll
[2011/07/26 10:10:23 | 000,331,776 | ---- | C] () -- F:\Windows\System32\LXECinst.dll
[2011/07/26 10:10:23 | 000,323,584 | ---- | C] () -- F:\Windows\System32\lxecins.dll
[2011/07/26 10:10:23 | 000,262,144 | ---- | C] () -- F:\Windows\System32\lxecinsb.dll
[2011/07/26 10:10:23 | 000,253,952 | ---- | C] () -- F:\Windows\System32\lxeccu.dll
[2011/07/26 10:10:23 | 000,208,896 | ---- | C] () -- F:\Windows\System32\lxecgrd.dll
[2011/07/26 10:10:23 | 000,114,688 | ---- | C] () -- F:\Windows\System32\lxecinsr.dll
[2011/07/26 10:10:23 | 000,090,112 | ---- | C] () -- F:\Windows\System32\lxeccub.dll
[2011/07/26 10:10:23 | 000,057,344 | ---- | C] () -- F:\Windows\System32\lxecjswr.dll
[2011/07/26 10:10:23 | 000,036,864 | ---- | C] () -- F:\Windows\System32\lxeccur.dll
[2011/07/26 10:10:17 | 000,299,008 | ---- | C] () -- F:\Windows\System32\LXECsm.dll
[2011/07/26 10:10:17 | 000,024,064 | ---- | C] () -- F:\Windows\System32\LXECsmr.dll
[2011/06/23 07:51:07 | 000,080,896 | ---- | C] () -- F:\Windows\System32\RDVGHelper.exe
[2011/06/23 07:50:54 | 000,252,928 | ---- | C] () -- F:\Windows\System32\DShowRdpFilter.dll
[2011/06/23 07:50:23 | 000,066,048 | ---- | C] () -- F:\Windows\System32\PrintBrmUi.exe
[2011/06/21 07:34:52 | 000,000,107 | ---- | C] () -- F:\Users\life-fitness\AppData\default.pls
[2011/06/21 06:40:32 | 000,000,396 | ---- | C] () -- F:\Windows\hbcikrnl.ini
[2011/06/21 06:40:21 | 000,167,936 | ---- | C] () -- F:\Windows\System32\SerialXP.dll
[2011/06/21 06:40:21 | 000,027,648 | ---- | C] () -- F:\Windows\System32\win32com.dll
[2011/03/11 07:43:54 | 000,029,763 | ---- | C] () -- F:\Windows\System32\drivers\klopp.dat
[2010/12/10 09:09:59 | 000,000,040 | -HS- | C] () -- F:\ProgramData\.zreglib
[2010/10/15 11:35:37 | 000,120,200 | ---- | C] () -- F:\Windows\System32\DLLDEV32i.dll
[2010/09/06 09:37:44 | 000,004,401 | ---- | C] () -- F:\Windows\FOODOPT1.INI
[2010/05/28 06:22:15 | 000,038,437 | ---- | C] () -- F:\Users\life-fitness\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010/05/28 06:18:43 | 000,025,019 | ---- | C] () -- F:\Users\life-fitness\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/05/28 06:16:24 | 000,009,135 | ---- | C] () -- F:\Users\life-fitness\AppData\Roaming\Microsoft Excel 97-2003.EML
[2010/05/28 05:52:40 | 000,000,635 | ---- | C] () -- F:\Windows\ODBC.INI
[2010/04/12 14:42:46 | 000,210,944 | ---- | C] () -- F:\Windows\System32\MSVCRT10.DLL
[2010/03/29 02:32:18 | 000,000,398 | ---- | C] () -- F:\Windows\System32\CNCMP60.INI
[2010/03/10 07:06:25 | 000,000,193 | ---- | C] () -- F:\Windows\wordpad.INI
[2010/03/05 05:29:29 | 000,022,723 | ---- | C] () -- F:\Windows\System32\SUGS2l3.dll
[2009/07/14 04:47:43 | 000,778,158 | ---- | C] () -- F:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- F:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,179,260 | ---- | C] () -- F:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- F:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,415,504 | ---- | C] () -- F:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,729,834 | ---- | C] () -- F:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- F:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,151,214 | ---- | C] () -- F:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- F:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- F:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- F:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- F:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\System32\mlang.dat
[2000/11/09 07:39:06 | 000,000,176 | ---- | C] () -- F:\Windows\UNO.INI
 
========== LOP Check ==========
 
[2012/03/14 03:56:33 | 000,000,000 | ---D | M] -- F:\ProgramData\5b8441bb-056f-4d39-921d-76f4aa9b5957
[2010/03/05 04:25:26 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2010/04/02 08:27:54 | 000,000,000 | ---D | M] -- F:\ProgramData\bbwin
[2010/03/29 02:45:23 | 000,000,000 | -H-D | M] -- F:\ProgramData\CanonBJ
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/03/05 04:25:26 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2011/10/28 08:56:58 | 000,000,000 | ---D | M] -- F:\ProgramData\Dyn
[2011/07/26 10:15:27 | 000,000,000 | ---D | M] -- F:\ProgramData\Ezprint
[2010/03/05 04:25:26 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2012/07/31 02:21:37 | 000,000,000 | ---D | M] -- F:\ProgramData\gioljfpfiawxqwz
[2011/04/20 03:32:58 | 000,000,000 | ---D | M] -- F:\ProgramData\IDU
[2010/07/09 06:25:15 | 000,000,000 | ---D | M] -- F:\ProgramData\ISDNWatch
[2011/12/20 11:06:19 | 000,000,000 | ---D | M] -- F:\ProgramData\Lexmark Pro800-Pro900 Series
[2011/12/20 11:08:29 | 000,000,000 | ---D | M] -- F:\ProgramData\Lx_cats
[2010/10/15 13:23:02 | 000,000,000 | ---D | M] -- F:\ProgramData\MAGIX
[2011/06/21 06:40:21 | 000,000,000 | ---D | M] -- F:\ProgramData\REINER SCT
[2012/01/30 03:03:20 | 000,000,000 | ---D | M] -- F:\ProgramData\SFirm LOGS
[2010/12/10 09:10:10 | 000,000,000 | ---D | M] -- F:\ProgramData\SlySoft
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/03/05 04:25:26 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2012/02/24 02:32:10 | 000,000,000 | ---D | M] -- F:\ProgramData\TechSmith
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2010/03/05 04:25:26 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2010/03/29 11:13:10 | 000,000,000 | ---D | M] -- F:\ProgramData\WinZip
[2011/04/25 03:24:03 | 000,000,000 | ---D | M] -- F:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/06 06:17:08 | 000,032,632 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/31 07:25:10 | 000,000,306 | -H-- | M] () -- F:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> F:\Users\life-fitness\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
< End of report >

--- --- ---

t'john · 31.07.2012, 11:01

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:

Code:

ATTFilter

:OTL
DRV - File not found [Kernel | On_Demand] -- -- (ZTEusbser6k) 
DRV - File not found [Kernel | On_Demand] -- -- (ZTEusbnmea) 
DRV - File not found [Kernel | On_Demand] -- -- (ZTEusbmdm6k) 
DRV - File not found [Kernel | On_Demand] -- -- (VGPU) 
DRV - File not found [Kernel | On_Demand] -- -- (tsusbhub) 
DRV - File not found [Kernel | On_Demand] -- -- (Synth3dVsc) 
DRV - File not found [Kernel | On_Demand] -- -- (massfilter) 

FF - prefs.js..browser.startup.homepage: "www.sport1.de" 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
File not found (No name found) -- 
Hosts file not found 
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - F:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) 
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - F:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) 
O3 - HKU\life-fitness_ON_F\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) 
O3 - HKU\postgres.BUERO.000_ON_F\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [facemoods] F:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) 
O4 - HKU\life-fitness_ON_F..\Run: [lvuhbshbifdyfwa] F:\ProgramData\lvuhbshb.exe () 
O4 - HKU\life-fitness_ON_F..\Run: [MicroUpdate] F:\Windows\System32\MSDCSC\msdcsc.exe (Microsoft Corp.) 
O4 - HKU\postgres.BUERO.000_ON_F..\Run: [JP595IR86O] File not found 
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - HKU\postgres.BUERO.000_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - HKU\postgres.BUERO_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - HKU\postgres_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - Startup: F:\Users\life-fitness\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKU\life-fitness_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 
O7 - HKU\life-fitness_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 
O7 - HKU\life-fitness_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\msdcsc.exe) - F:\Windows\System32\MSDCSC\msdcsc.exe (Microsoft Corp.) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] 
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] 
O33 - MountPoints2\{cb3b19d9-3472-11e1-a8df-00262d1a80f7}\Shell - "" = AutoRun 
O33 - MountPoints2\{cb3b19d9-3472-11e1-a8df-00262d1a80f7}\Shell\AutoRun\command - "" = IomegaEncryptionSetup v1.3.exe 
O33 - MountPoints2\{fa880554-bc3d-11e0-8c05-00262d1a80f7}\Shell - "" = AutoRun 
O33 - MountPoints2\{fa880554-bc3d-11e0-8c05-00262d1a80f7}\Shell\AutoRun\command - "" = F:\setup.exe 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 
[2012/07/31 02:21:33 | 000,061,440 | ---- | M] () -- F:\ProgramData\lvuhbshb.exe 
@Alternate Data Stream - 143 bytes -> F:\Users\life-fitness\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty 
[2012/01/20 10:06:29 | 000,000,000 | ---D | M] (Facemoods) -- F:\Users\life-fitness\AppData\Roaming\Mozilla\Firefox\Profiles\upa2zgwo.default\extensions\ffxtlbr@Facemoods.com 
[2012/01/20 10:06:29 | 000,002,048 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml 
[2012/06/22 03:31:34 | 000,001,392 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012/06/22 03:31:34 | 000,002,252 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\bing.xml 
[2012/06/22 03:31:34 | 000,001,153 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\eBay-de.xml 
[2012/06/22 03:31:34 | 000,006,805 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012/06/22 03:31:34 | 000,001,178 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012/06/22 03:31:34 | 000,001,105 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml 
[2012/07/31 07:25:10 | 000,000,306 | -H-- | M] () -- F:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job 

[2012/07/31 02:21:36 | 000,000,000 | ---D | C] -- F:\ProgramData\gioljfpfiawxqwz 
[2012/07/31 02:21:38 | 000,000,051 | ---- | M] () -- F:\ProgramData\nakgcknkerbylth 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

gunnar73 · 31.07.2012, 11:18

hi,
hier der logfile...

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ZTEusbser6k deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ZTEusbnmea deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ZTEusbmdm6k deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VGPU deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tsusbhub deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Synth3dVsc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\massfilter deleted successfully.
Prefs.js: "www.sport1.de" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
F:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
F:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll moved successfully.
Registry value HKEY_USERS\life-fitness_ON_F\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ deleted successfully.
F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll moved successfully.
Registry value HKEY_USERS\postgres.BUERO.000_ON_F\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
File F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
F:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe moved successfully.
Registry value HKEY_USERS\life-fitness_ON_F\Software\Microsoft\Windows\CurrentVersion\Run\\lvuhbshbifdyfwa deleted successfully.
F:\ProgramData\lvuhbshb.exe moved successfully.
Registry value HKEY_USERS\life-fitness_ON_F\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate deleted successfully.
F:\Windows\System32\MSDCSC\msdcsc.exe moved successfully.
Registry value HKEY_USERS\postgres.BUERO.000_ON_F\Software\Microsoft\Windows\CurrentVersion\Run\\JP595IR86O deleted successfully.
Registry value HKEY_USERS\LocalService_ON_F\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
F:\Windows\System32\mctadmin.exe moved successfully.
Registry value HKEY_USERS\NetworkService_ON_F\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File F:\Windows\System32\mctadmin.exe not found.
Registry value HKEY_USERS\postgres.BUERO.000_ON_F\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File F:\Windows\System32\mctadmin.exe not found.
Registry value HKEY_USERS\postgres.BUERO_ON_F\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File F:\Windows\System32\mctadmin.exe not found.
Registry value HKEY_USERS\postgres_ON_F\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File F:\Windows\System32\mctadmin.exe not found.
F:\Users\life-fitness\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\life-fitness_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\life-fitness_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\life-fitness_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\msdcsc.exe deleted successfully.
File F:\Windows\System32\MSDCSC\msdcsc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
F:\autoexec.bat moved successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3b19d9-3472-11e1-a8df-00262d1a80f7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb3b19d9-3472-11e1-a8df-00262d1a80f7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3b19d9-3472-11e1-a8df-00262d1a80f7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb3b19d9-3472-11e1-a8df-00262d1a80f7}\ not found.
File IomegaEncryptionSetup v1.3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa880554-bc3d-11e0-8c05-00262d1a80f7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa880554-bc3d-11e0-8c05-00262d1a80f7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa880554-bc3d-11e0-8c05-00262d1a80f7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa880554-bc3d-11e0-8c05-00262d1a80f7}\ not found.
File F:\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
File F:\ProgramData\lvuhbshb.exe not found.
ADS F:\Users\life-fitness\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty deleted successfully.
F:\Users\life-fitness\AppData\Roaming\Mozilla\Firefox\Profiles\upa2zgwo.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
F:\Users\life-fitness\AppData\Roaming\Mozilla\Firefox\Profiles\upa2zgwo.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
F:\Users\life-fitness\AppData\Roaming\Mozilla\Firefox\Profiles\upa2zgwo.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
F:\Users\life-fitness\AppData\Roaming\Mozilla\Firefox\Profiles\upa2zgwo.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
F:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
F:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
F:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
F:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
F:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
F:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
F:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
F:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
F:\ProgramData\gioljfpfiawxqwz folder moved successfully.
F:\ProgramData\nakgcknkerbylth moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: life-fitness
->Temp folder emptied: 716900679 bytes
->Temporary Internet Files folder emptied: 296125955 bytes
->Java cache emptied: 14551228 bytes
->FireFox cache emptied: 471721088 bytes
->Flash cache emptied: 46872 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: postgres.BUERO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: postgres.BUERO.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 541381 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 208563520 bytes

Total Files Cleaned = 1,629.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: life-fitness
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.BUERO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.BUERO.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTLPE by OldTimer - Version 3.1.48.0 log created on 07312012_151002

Hallo t´john,

rechner bootet normal. alle progs laufen normal - soweit ich das beurteilen kann. Vielen Dank dafür. muss ich noch was machen? Gruss Gunnar

t'john · 31.07.2012, 11:49

Sehr gut!

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

gunnar73 · 31.07.2012, 16:22

hi t'john, hab das anti maleware durchlaufen lassen und die trojner entfernt.
Im Anhang die die Datei vom Adw Cleaner

gruß gunnar

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 19:58:20
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : life-fitness - BUERO
# Running from : C:\Users\life-fitness\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\life-fitness\AppData\LocalLow\facemoods.com
Folder Found : C:\Program Files\facemoods.com

***** [Registry] *****

Key Found : HKCU\Software\facemoods.com
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\facemoods.com
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Found : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}

***** [Internet Browsers] *****

#NAME?

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.facemoods.com/?a=ddrnw
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.facemoods.com/?a=ddrnw&f=2
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

#NAME?

Profile name : default
File : C:\Users\life-fitness\AppData\Roaming\Mozilla\Firefox\Profiles\upa2zgwo.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5432 octets] - [31/07/2012 19:58:20]

########## EOF - C:\AdwCleaner[R1].txt - [5560 octets] ##########

t'john · 31.07.2012, 16:46

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

t'john · 21.08.2012, 03:39

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

31.07.2012, 10:34	#4
t'john /// Helfer-Team	weisser bildschirm WIN7 ohne Taskmanager Schau im BIOS nach den SATA Einstellungen und stelle von AHCI auf IDE um. __________________ Mfg, t'john Das TB unterstützen

weisser bildschirm WIN7 ohne Taskmanager

Plagegeister aller Art und deren Bekämpfung: weisser bildschirm WIN7 ohne Taskmanager