Win7-PC mit GVU/BSI-Trojaner infiziert

Krp · 15.11.2012, 19:54

Hallo!

Auf meinem Rechner befindet sich seit dem 13.11.2012 ein GVU/BSI-Trojaner. Zumindest habe ich seit dem 13.11.2012 den UKASH-Bildschirm, der mir jegliches Arbeiten unterbindet.
Das Starten im abgesicherten Modus hilft nicht viel, da auch hier der Virus die Meldung anzeigt, und direkte Sicht auf den Desktop verhindert.
Trenne ich die WLAN-Verbindung, nützt ds auch nicht viel, da dann einfach der Bildschirm weiß bleibt (ich sehe zwar die Maus, aber das wars).
Mit Strg+Alt+Entf komme ich in die Auswahl zum Taskmanager, Benutzer abmelden, etc. allerdings öffnet sich beim Klicken auf den Taskmanager dieser nicht.

Da ich nun nicht weiter weiß, wende ich mich an euch, mit der Bitte und Hoffnung, dass mir hier vernünftig weitergeholfen werden kann.
Ich habe Win7 Pro 64-bit (nur ein Benutzerkonto) installiert!

Beste Grüße
Krp

t'john · 15.11.2012, 21:17

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

Krp · 16.11.2012, 07:17

Moin!
Schonmal vielen Dank für die schnelle Antwort.
Sobald ich heute Feierabend habe, werde ich nach deiner Anleitung vorgehen und dann die beiden gewünschten Dateien posten.

Beste Grüße
Krp

t'john · 16.11.2012, 23:50

Alles klar.

Krp · 17.11.2012, 14:14

So, hier die beiden gewünschten Dateien.

OTL.txt

Code:

ATTFilter

OTL logfile created on: 11/17/2012 2:06:35 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39.06 Gb Total Space | 1.16 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 223.68 Gb Free Space | 76.35% Space Free | Partition Type: NTFS
Drive E: | 488.28 Gb Total Space | 62.69 Gb Free Space | 12.84% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 75.80 Mb Free Space | 75.80% Space Free | Partition Type: NTFS
Drive H: | 111.10 Gb Total Space | 104.74 Gb Free Space | 94.28% Space Free | Partition Type: NTFS
Drive I: | 7.46 Gb Total Space | 6.37 Gb Free Space | 85.39% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/17 06:50:46 | 002,863,168 | ---- | M] (Sophos Limited) [Auto] -- D:\Programme\SophosInstall\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012/09/17 06:50:32 | 000,216,640 | ---- | M] (Sophos Limited) [Auto] -- D:\Programme\SophosInstall\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/08/14 12:04:50 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/13 10:34:46 | 003,222,776 | ---- | M] (GfK) [Auto] -- C:\Program Files (x86)\GfKLSPService\GfKLspService.exe -- (GfkLSPService)
SRV - [2012/08/08 11:08:52 | 000,232,512 | ---- | M] (Sophos Limited) [Auto] -- D:\Programme\SophosInstall\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/08/08 11:07:48 | 002,009,152 | ---- | M] (Sophos Limited) [Auto] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/05 09:09:51 | 000,139,840 | ---- | M] (Sophos Limited) [Auto] -- D:\Programme\SophosInstall\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/14 19:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/05/09 11:07:05 | 000,357,400 | ---- | M] (Sophos Limited) [Auto] -- D:\Programme\SophosInstall\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2011/12/06 11:40:28 | 000,150,552 | ---- | M] (Sophos Limited) [Auto] -- D:\Programme\SophosInstall\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager)
SRV - [2011/12/06 11:40:28 | 000,089,112 | ---- | M] (Sophos Limited) [Auto] -- D:\Programme\SophosInstall\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall)
SRV - [2011/09/15 06:06:04 | 000,088,576 | ---- | M] () [Auto] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Programme\TeamViewer6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/24 03:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/04/26 06:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011/03/04 05:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2011/03/01 12:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/01/20 08:00:32 | 000,102,400 | ---- | M] () [Auto] -- C:\Program Files (x86)\GfK Internet-Monitor\GfK-Reporting.exe -- (GfK-Reporting-Service)
SRV - [2011/01/20 08:00:10 | 000,180,224 | ---- | M] () [Auto] -- C:\Program Files (x86)\GfK Internet-Monitor\GfK-Updater.exe -- (GfK-Update-Service)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 07:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/18 07:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2009/12/28 08:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 16:17:16 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand] -- D:\Benchmarks\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe -- (SandraAgentSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/09/07 10:38:22 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/05/09 11:06:57 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012/04/29 04:52:50 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012/04/29 04:52:37 | 000,142,944 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61)
DRV:64bit: - [2012/04/29 04:52:34 | 000,133,728 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012/04/18 12:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/20 08:47:52 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012/03/20 08:47:45 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2012/03/20 08:47:45 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2011/12/06 11:40:25 | 000,055,072 | ---- | M] (Sophos Limited) [Kernel | System] -- C:\Windows\System32\drivers\scfndis.sys -- (scfndis)
DRV:64bit: - [2011/12/06 11:40:04 | 000,102,688 | ---- | M] (Sophos Limited) [Kernel | System] -- C:\Windows\System32\drivers\scfdriver.sys -- (scfdriver)
DRV:64bit: - [2011/12/06 11:39:43 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011/09/18 05:49:59 | 000,314,016 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/09/18 05:49:58 | 000,043,680 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/03/28 04:52:52 | 000,053,840 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System] -- C:\Windows\System32\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011/03/28 04:52:50 | 000,528,464 | ---- | M] (Paragon) [Kernel | System] -- C:\Windows\System32\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011/03/04 05:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/19 11:18:06 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2010/09/02 02:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010/07/22 10:13:28 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot] -- C:\Windows\System32\drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/25 10:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/05/30 22:46:50 | 000,333,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/26 20:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/26 20:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/04/20 02:55:08 | 000,769,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\arusb_win7x.sys -- (arusb_win7x)
DRV:64bit: - [2010/03/02 06:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/02/08 01:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/11 06:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/12/21 19:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/02 12:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/04 20:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/02/13 05:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/11/16 11:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/04/11 09:14:45 | 000,111,552 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/03/17 17:34:36 | 000,068,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Programme\Visual Studio 2010 Ultimate\Team Tools\Performance Tools\x64\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009/08/07 17:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand] -- D:\Benchmarks\SiSoftware Sandra Lite 2011.SP5\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2008/04/11 09:14:45 | 000,111,552 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 0F 1B 9F 8B 44 CD 01  [binary data]
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\SV_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\SV_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\SV_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\SV_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 BB 38 D6 4D 2F CC 01  [binary data]
IE - HKU\SV_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_265.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Programme\Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Programme\Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: D:\Videoplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: D:\Videoplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: D:\Videoplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Programme\AdobePDF\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: [INSTALLDIR]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files (x86)\GfK Internet-Monitor\ [2012/11/14 14:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/07 06:13:26 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (GfK Internet-Monitor) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\GfK Internet-Monitor\x64\Gacela2.dll (GfK)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (GfK Internet-Monitor) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\GfK Internet-Monitor\Gacela2.dll (GfK)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Programme\Visual Studio 2010 Ultimate\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKU\Gast_ON_C\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [BCSSync] D:\Programme\Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GfK-WatchDog] C:\Program Files (x86)\GfKLSPService\GfK-WatchDog.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] D:\Programme\SophosInstall\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\SV_ON_C..\Run: [Spotify Web Helper] C:\Users\SV\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9:64bit: - Extra 'Tools' menuitem : Über GfK Internet-Monitor - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\GfK Internet-Monitor\x64\Gacela2.dll (GfK)
O9 - Extra 'Tools' menuitem : Über GfK Internet-Monitor - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\GfK Internet-Monitor\Gacela2.dll (GfK)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\GfKLSPService.DLL (GfK)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\GfKLSPService.DLL (GfK)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\GfKLSPService.DLL (GfK)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\GfKLSPService.DLL (GfK)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\GfKLSPService.DLL (GfK)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (D:\PROGRA~1\SOPHOS~1\SOPHOS~1\SOPHOS~2.DLL) - D:\Programme\SophosInstall\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited)
O20 - AppInit_DLLs: (D:\PROGRA~1\SOPHOS~1\SOPHOS~1\SOPHOS~1.DLL) - D:\Programme\SophosInstall\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\SV_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\SV_ON_C Winlogon: Shell - (C:\Users\SV\AppData\Roaming\msconfig.dat) - C:\Users\SV\AppData\Roaming\msconfig.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/15 18:45:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/14 20:51:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/28 05:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photomatix Pro 4.2
[2012/10/28 05:58:07 | 000,000,000 | ---D | C] -- C:\Users\SV\AppData\Roaming\HDRsoft
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/15 14:09:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/15 14:08:55 | 000,000,047 | ---- | M] () -- C:\Users\SV\AppData\Roaming\msconfig.ini
[2012/11/15 14:08:17 | 000,000,408 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/11/15 14:07:56 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/15 13:10:58 | 000,027,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 13:10:57 | 000,027,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 13:10:39 | 000,718,196 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/11/15 13:10:39 | 000,680,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/15 13:10:39 | 000,154,326 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/11/15 13:10:39 | 000,130,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/13 12:51:28 | 000,279,040 | ---- | M] () -- C:\Users\SV\Desktop\Untitled - 2.ufo
[2012/11/13 12:21:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-812983997-1204346164-4145480764-1000UA.job
[2012/11/13 12:15:57 | 000,000,849 | ---- | M] () -- C:\Users\SV\AppData\Local\recently-used.xbel
[2012/11/13 11:16:15 | 000,187,648 | ---- | M] () -- C:\Users\SV\Desktop\21451_james_bond.jpg
[2012/11/13 11:02:26 | 000,020,479 | ---- | M] () -- C:\Users\SV\Desktop\007.jpg
[2012/11/11 07:21:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-812983997-1204346164-4145480764-1000Core.job
[2012/11/11 06:52:10 | 001,120,105 | ---- | M] () -- C:\Users\SV\Desktop\IMG_2363.JPG
[2012/11/11 06:52:10 | 001,079,916 | ---- | M] () -- C:\Users\SV\Desktop\IMG_2361.JPG
[2012/11/11 06:52:10 | 001,049,837 | ---- | M] () -- C:\Users\SV\Desktop\IMG_2362.JPG
[2012/11/11 06:25:33 | 001,590,452 | ---- | M] () -- C:\Users\SV\Desktop\IMG_2360.JPG
[2012/11/11 06:25:32 | 001,566,632 | ---- | M] () -- C:\Users\SV\Desktop\IMG_2358.JPG
[2012/11/11 06:25:32 | 001,458,372 | ---- | M] () -- C:\Users\SV\Desktop\IMG_2359.JPG
[2012/11/11 06:25:32 | 001,416,899 | ---- | M] () -- C:\Users\SV\Desktop\IMG_2355.JPG
[2012/11/11 06:25:32 | 001,082,238 | ---- | M] () -- C:\Users\SV\Desktop\IMG_2357.JPG
[2012/11/11 06:25:32 | 000,975,105 | ---- | M] () -- C:\Users\SV\Desktop\IMG_2356.JPG
[2012/11/10 07:22:46 | 000,002,430 | ---- | M] () -- C:\Users\SV\Desktop\Google Chrome.lnk
[2012/11/07 08:10:50 | 000,032,212 | ---- | M] () -- C:\Users\SV\Documents\cc_20121107_141047.reg
[2012/10/28 05:58:08 | 000,000,873 | ---- | M] () -- C:\Users\SV\Desktop\Photomatix Pro 4.2.2 (64-bit).lnk
[2012/10/28 05:58:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photomatix Pro 4.2
[2012/10/21 05:48:53 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/11/13 12:51:28 | 000,279,040 | ---- | C] () -- C:\Users\SV\Desktop\Untitled - 2.ufo
[2012/11/13 12:15:57 | 000,000,849 | ---- | C] () -- C:\Users\SV\AppData\Local\recently-used.xbel
[2012/11/13 11:48:25 | 000,000,047 | ---- | C] () -- C:\Users\SV\AppData\Roaming\msconfig.ini
[2012/11/13 11:16:14 | 000,187,648 | ---- | C] () -- C:\Users\SV\Desktop\21451_james_bond.jpg
[2012/11/13 11:02:24 | 000,020,479 | ---- | C] () -- C:\Users\SV\Desktop\007.jpg
[2012/11/11 06:52:10 | 001,120,105 | ---- | C] () -- C:\Users\SV\Desktop\IMG_2363.JPG
[2012/11/11 06:52:10 | 001,079,916 | ---- | C] () -- C:\Users\SV\Desktop\IMG_2361.JPG
[2012/11/11 06:52:10 | 001,049,837 | ---- | C] () -- C:\Users\SV\Desktop\IMG_2362.JPG
[2012/11/11 06:25:32 | 001,590,452 | ---- | C] () -- C:\Users\SV\Desktop\IMG_2360.JPG
[2012/11/11 06:25:32 | 001,566,632 | ---- | C] () -- C:\Users\SV\Desktop\IMG_2358.JPG
[2012/11/11 06:25:32 | 001,458,372 | ---- | C] () -- C:\Users\SV\Desktop\IMG_2359.JPG
[2012/11/11 06:25:32 | 001,416,899 | ---- | C] () -- C:\Users\SV\Desktop\IMG_2355.JPG
[2012/11/11 06:25:32 | 001,082,238 | ---- | C] () -- C:\Users\SV\Desktop\IMG_2357.JPG
[2012/11/11 06:25:32 | 000,975,105 | ---- | C] () -- C:\Users\SV\Desktop\IMG_2356.JPG
[2012/11/07 08:10:48 | 000,032,212 | ---- | C] () -- C:\Users\SV\Documents\cc_20121107_141047.reg
[2012/10/28 05:58:08 | 000,000,873 | ---- | C] () -- C:\Users\SV\Desktop\Photomatix Pro 4.2.2 (64-bit).lnk
[2012/06/20 11:35:53 | 000,007,168 | ---- | C] () -- C:\Users\SV\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/14 19:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/04 07:20:50 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini
[2012/04/18 14:09:42 | 000,007,656 | ---- | C] () -- C:\Users\SV\AppData\Local\Resmon.ResmonCfg
[2012/01/11 11:41:30 | 000,053,760 | ---- | C] () -- C:\Users\SV\AppData\Roaming\msconfig.dat
[2011/11/09 12:51:15 | 001,777,096 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/06 05:40:57 | 011,202,560 | ---- | C] () -- C:\Users\SV\AppData\Roaming\Sandra.mdb
[2011/09/19 08:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/09/11 05:49:44 | 000,000,079 | ---- | C] () -- C:\Users\SV\AppData\Local\CrystalDiskMark30.ini
[2011/08/20 05:05:29 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/08/03 06:21:58 | 004,077,568 | ---- | C] () -- C:\Windows\QLMGXRenderer.dll
[2011/06/26 06:27:24 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/06/22 10:59:56 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/06/22 10:59:56 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/06/22 10:59:54 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/06/22 10:59:54 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/06/21 12:42:44 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/06/20 11:12:06 | 000,002,616 | ---- | C] () -- C:\Windows\SysWow64\GacelaLSPServiceOff.ini
[2011/06/19 13:30:15 | 000,000,408 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/19 11:09:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/06/19 11:09:42 | 000,030,974 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/10/22 13:52:22 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\NBKey 2.exe
[2010/09/15 04:55:52 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\NB Key 1.exe
[2010/09/13 06:21:14 | 000,003,824 | ---- | C] () -- C:\Windows\SysWow64\GfKLSPService.ini
[2010/08/27 09:03:32 | 000,002,352 | ---- | C] () -- C:\Windows\SysWow64\GfKLSPServiceOff.ini
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/30 01:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe
[2007/04/27 03:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2012/10/09 11:26:29 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\.purple
[2012/04/29 04:54:27 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\Acronis
[2011/06/26 04:25:16 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\AnvSoft
[2011/07/11 10:02:29 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\Ashampoo
[2011/09/18 04:03:48 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\BitTorrent
[2012/05/04 07:21:23 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\Buhl Data Service
[2012/04/16 07:48:29 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\CD-LabelPrint
[2011/07/06 08:26:00 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\CIL Software
[2012/06/02 09:52:05 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\DigitalDJ17
[2011/09/03 02:59:40 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\DVDVideoSoft
[2011/07/13 02:44:07 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/04/23 07:11:53 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\e-academy Inc
[2012/06/10 06:27:47 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\Engelmann Media
[2012/09/15 10:58:23 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\fdrtools.com
[2011/07/11 13:35:31 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\FileZilla
[2012/06/27 11:08:20 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\fltk.org
[2011/06/26 04:21:38 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\Free iPad Video Converter
[2011/12/23 14:35:00 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\gtk-2.0
[2011/07/02 10:00:55 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\hdbADS
[2012/10/28 05:58:07 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\HDRsoft
[2012/01/27 04:08:03 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\HTC
[2012/01/27 04:14:07 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/06/10 05:17:07 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\MAGIX
[2011/11/03 13:46:02 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\MAXON
[2011/08/06 09:27:51 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\OpenOffice.org
[2012/09/24 12:31:17 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\pdfforge
[2012/07/22 04:15:00 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\proDAD
[2011/10/16 04:43:33 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\ProtectDisc
[2011/10/02 06:49:50 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\rockbox.org
[2012/05/22 12:06:40 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\Simraceway
[2012/06/02 09:52:05 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\SongManager
[2012/11/09 08:45:39 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\Spotify
[2012/04/26 11:09:50 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\StoneTrip
[2012/08/24 13:06:22 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\TeamViewer
[2012/05/22 12:06:40 | 000,000,000 | -H-D | M] -- C:\Users\SV\AppData\Roaming\TempMods
[2011/06/20 09:07:27 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\Ulead Systems
[2012/10/28 08:44:46 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\uTorrent
[2012/05/03 11:12:22 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\Wireshark
[2011/06/26 05:00:14 | 000,000,000 | ---D | M] -- C:\Users\SV\AppData\Roaming\XMedia Recode
[2012/05/02 09:53:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Acronis
[2011/06/19 10:04:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/11/24 14:13:08 | 000,000,000 | ---D | M] -- C:\ProgramData\backup
[2012/05/04 07:22:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2011/06/20 10:16:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/08/03 08:11:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Caphyon
[2011/07/18 08:14:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Codemasters
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/06/19 10:04:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/06/24 06:47:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Downloaded Installations
[2011/11/24 14:12:24 | 000,000,000 | ---D | M] -- C:\ProgramData\explauncher
[2011/06/19 10:04:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/06/27 11:08:20 | 000,000,000 | ---D | M] -- C:\ProgramData\fltk.org
[2011/11/03 14:07:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Futuremark
[2011/11/24 14:12:24 | 000,000,000 | ---D | M] -- C:\ProgramData\launcher
[2012/06/10 05:17:07 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2011/07/16 05:11:27 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2011/11/09 13:14:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PreEmptive Solutions
[2012/07/22 04:13:32 | 000,000,000 | ---D | M] -- C:\ProgramData\proDAD
[2012/03/29 09:27:10 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution
[2012/04/18 09:15:51 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/06/26 06:27:31 | 000,000,000 | ---D | M] -- C:\ProgramData\SlySoft
[2012/05/09 11:09:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Sophos
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/06/19 10:04:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/06/19 13:17:08 | 000,000,000 | ---D | M] -- C:\ProgramData\TP-LINK
[2012/01/06 09:27:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2012/06/03 04:57:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/06/19 10:04:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/04/19 11:43:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Western Digital
[2012/09/05 10:36:38 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

und Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 11/17/2012 2:06:35 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39.06 Gb Total Space | 1.16 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 223.68 Gb Free Space | 76.35% Space Free | Partition Type: NTFS
Drive E: | 488.28 Gb Total Space | 62.69 Gb Free Space | 12.84% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 75.80 Mb Free Space | 75.80% Space Free | Partition Type: NTFS
Drive H: | 111.10 Gb Total Space | 104.74 Gb Free Space | 94.28% Space Free | Partition Type: NTFS
Drive I: | 7.46 Gb Total Space | 6.37 Gb Free Space | 85.39% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "e:\Bildbearbeitung\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "e:\Bildbearbeitung\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416032FF}" = Java(TM) 6 Update 32 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for AMD64 and Intel EM64T
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.3.0
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{883F56F3-B9E7-4B07-8F6D-2BEF6291DF16}" = Oracle VM VirtualBox 4.1.22
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP5
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D5FE818E-F1C7-44F8-A3C0-C08761906E27}" = Share64
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0)
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1b
"Defraggler" = Defraggler
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"My Lockbox_is1" = My Lockbox 2.6
"PhotomatixPro42x64_is1" = Photomatix Pro version 4.2.2
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416032FF}" = Java(TM) 6 Update 32 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for AMD64 and Intel EM64T
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.3.0
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{883F56F3-B9E7-4B07-8F6D-2BEF6291DF16}" = Oracle VM VirtualBox 4.1.22
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP5
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D5FE818E-F1C7-44F8-A3C0-C08761906E27}" = Share64
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0)
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1b
"Defraggler" = Defraggler
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"My Lockbox_is1" = My Lockbox 2.6
"PhotomatixPro42x64_is1" = Photomatix Pro version 4.2.2
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\SV_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Spotify" = Spotify
 
< End of report >

allerdings musste ich bei OTLpe noch bei "Extra Registry" "Use SafeList" anhaken, damit ich die Extras.txt erhalte. Ich hoffe, dass war korrekt so und du kannst mit den Daten arbeiten.

Beste Grüße
Krp

t'john · 17.11.2012, 16:50

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:

Code:

ATTFilter

:OTL
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found 
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found 
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin] File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 
O20 - HKU\SV_ON_C Winlogon: Shell - (C:\Users\SV\AppData\Roaming\msconfig.dat) - C:\Users\SV\AppData\Roaming\msconfig.dat () 
[2012/01/11 11:41:30 | 000,053,760 | ---- | C] () -- C:\Users\SV\AppData\Roaming\msconfig.dat 
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\SV\*.tmp
C:\Users\SV\AppData\Local\{*}
C:\Users\SV\AppData\Local\Temp\*.exe
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

Krp · 17.11.2012, 17:21

Hi!

Super, ich kann wieder von meinem alten Rechner schreiben. Soweit ich das überblicken kann, läuft er wieder problemlos.
Nun wäre natürlich als nächstes die Frage, wie ich den Rechner weiter absichern kann? Verwende zur Zeit Sophos AntiVir inkl. Firewall.
Welches "Anti-Malware"-Programm wäre ratsam? Oder sogar ein Sandbox-Browser?

Hier der Inhalt des LogFiles:

Code:

ATTFilter

========== OTL ==========
Registry key HKEY_USERS\LocalService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\UpdatusUser_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\SV_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\SV\AppData\Roaming\msconfig.dat deleted successfully.
C:\Users\SV\AppData\Roaming\msconfig.dat moved successfully.
File C:\Users\SV\AppData\Roaming\msconfig.dat not found.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
C:\ProgramData\xml5AFC.tmp moved successfully.
C:\ProgramData\xml5C26.tmp moved successfully.
C:\ProgramData\xmlAC28.tmp moved successfully.
C:\ProgramData\xmlBE42.tmp moved successfully.
C:\ProgramData\xmlBECF.tmp moved successfully.
C:\ProgramData\xmlBF3E.tmp moved successfully.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\SV\*.tmp not found.
C:\Users\SV\AppData\Local\{10FCEE13-32BE-4480-A8C1-B919B14F53AD} folder moved successfully.
C:\Users\SV\AppData\Local\{1227AC69-641B-4C7E-AF46-67DF5FCC6FF5} folder moved successfully.
C:\Users\SV\AppData\Local\{419B095E-B61F-4B02-986C-5927AB45BA39} folder moved successfully.
C:\Users\SV\AppData\Local\{612F5C08-0DA6-444A-BA3F-7BAF1165EAC0} folder moved successfully.
C:\Users\SV\AppData\Local\{6381D289-8AF2-45AA-A316-70603A15D721} folder moved successfully.
C:\Users\SV\AppData\Local\{70274B8A-831C-434E-A709-8983F1C2B92F} folder moved successfully.
C:\Users\SV\AppData\Local\{9410B3A3-F493-48F8-94A1-646F708F9381} folder moved successfully.
C:\Users\SV\AppData\Local\{A26C506B-6751-4988-B441-4F2A52EC4D02} folder moved successfully.
C:\Users\SV\AppData\Local\{A9F5350B-DDEB-4216-B09B-6649D41003BB} folder moved successfully.
C:\Users\SV\AppData\Local\{B3556847-BC31-4824-A6A7-73ACC00EA2F0} folder moved successfully.
C:\Users\SV\AppData\Local\{BC28AD23-0392-4AD5-A035-A45FA04A07BC} folder moved successfully.
File\Folder C:\Users\SV\AppData\Local\Temp\*.exe not found.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 50051 bytes
->Temporary Internet Files folder emptied: 2967844 bytes
->Flash cache emptied: 56931 bytes
 
User: Public
 
User: SV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 53911624 bytes
->FireFox cache emptied: 290556544 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57397 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33198 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33468 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
 
Total Files Cleaned = 332.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 11172012_170458

Besten Dank schonmal für deine Hilfe!
Spende ans Forum kommt natürlich auch!

Beste Grüße
Krp

t'john · 17.11.2012, 23:45

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Krp · 19.11.2012, 06:13

Moin.

Hier sind die gewünschten Ergebnisse

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.18.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SV :: SV-PC [Administrator]

18.11.2012 18:49:05
mbam-log-2012-11-18 (18-49-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 620478
Laufzeit: 1 Stunde(n), 20 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\SV\Desktop\Berdi\Berdi.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\FFDownloads\ca_setup.exe (PUP.PasswordTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\FFDownloads\Berdi\Berdi.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\MusikProgramme\MagixMusicMaker\Protein\Berdi.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Video\MagixVideoDeluxe\Protein\Berdi.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

# AdwCleaner v2.008 - Datei am 18/11/2012 um 21:04:52 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : SV - SV-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\SV\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\vShare
Ordner Gefunden : C:\Users\Gast\AppData\LocalLow\vShare
Ordner Gefunden : C:\Users\SV\AppData\LocalLow\vShare
Ordner Gefunden : C:\Users\SV\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gefunden : HKCU\Software\vShare
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Schlüssel Gefunden : HKU\S-1-5-21-812983997-1204346164-4145480764-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Profilname : default 
Datei : C:\Users\SV\AppData\Roaming\Mozilla\Firefox\Profiles\7cf2m8vq.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.64

Datei : C:\Users\SV\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3538 octets] - [18/11/2012 21:04:52]

########## EOF - C:\AdwCleaner[R1].txt - [3598 octets] ##########

Beste Grüße
Krp

t'john · 19.11.2012, 07:15

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Krp · 20.11.2012, 20:22

Hi!

Hier die Logdatei von adwcleaner:

Code:

ATTFilter

# AdwCleaner v2.008 - Datei am 19/11/2012 um 16:49:07 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : SV - SV-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\SV\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\vShare
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\vShare
Ordner Gelöscht : C:\Users\SV\AppData\LocalLow\vShare
Ordner Gelöscht : C:\Users\SV\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gelöscht : HKCU\Software\vShare
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Profilname : default 
Datei : C:\Users\SV\AppData\Roaming\Mozilla\Firefox\Profiles\7cf2m8vq.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.64

Datei : C:\Users\SV\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3663 octets] - [18/11/2012 21:04:52]
AdwCleaner[R2].txt - [3723 octets] - [19/11/2012 16:48:49]
AdwCleaner[S1].txt - [3499 octets] - [19/11/2012 16:49:07]

########## EOF - C:\AdwCleaner[S1].txt - [3559 octets] ##########

und hier die Logdatei von Emsisoft-Anti-Malware:

Code:

ATTFilter

Emsisoft Anti-Malware - Version 7.0
Letztes Update: 20.11.2012 16:52:22

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, H:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	20.11.2012 16:54:42

C:\_OTL\MovedFiles\11172012_170458\C_Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\7399120e-59ba999c -> a/Test.class 	gefunden: Exploit.Java.CVE-2012-0507.N (B)
C:\_OTL\MovedFiles\11172012_170458\C_Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\7399120e-59ba999c -> a/Help.class 	gefunden: Java.Exploit.CVE-2012-0507.C (B)
C:\_OTL\MovedFiles\11172012_170458\C_Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\537cd3b8-6ea4465d -> buildService/MailAgent.class 	gefunden: Java.Exploit.CVE-2010-0840.P (B)

Gescannt	688038
Gefunden	3

Scan Ende:	20.11.2012 19:11:41
Scan Zeit:	2:16:59

Beste Grüße
Krp

t'john · 21.11.2012, 03:38

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Krp · 21.11.2012, 20:29

Hi!

Und hier ist die Log-Datei vom Eset Online-Scanner:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=def913dcb058f8449ce76a15a2679fb2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-21 07:03:07
# local_time=2012-11-21 08:03:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 94352 105146399 0 0
# compatibility_mode=8192 67108863 100 0 3962 3962 0 0
# scanned=393634
# found=4
# cleaned=4
# scan_time=8038
C:\_OTL\MovedFiles\11172012_170458\C_Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\7399120e-59ba999c	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\11172012_170458\C_Users\SV\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\537cd3b8-6ea4465d	Java/Agent.DM trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\11172012_170458\C_Users\SV\AppData\Roaming\msconfig.dat	a variant of Win32/Injector.YZH trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
D:\FFDownloads\PDFCreator-1_2_1_setup.exe	Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

Beste Grüße
Krp

t'john · 22.11.2012, 06:33

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 9 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

Krp · 22.11.2012, 19:00

Hi!

Vor der Java-Deaktivierung:

Firefox 16.0 ist aktuell

Flash 11,4,402,265 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!

Java (1,7,0,9) ist aktuell.

Adobe Reader 10,1,4,38 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 11.0

Und nach der Java-Deaktivierung:

Firefox 16.0 ist aktuell

Flash 11,4,402,265 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!

Java ist Installiert aber nicht aktiviert.

Adobe Reader 10,1,4,38 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 11.0

Beste Grüße
Krp

16.11.2012, 23:50	#4
t'john /// Helfer-Team	Win7-PC mit GVU/BSI-Trojaner infiziert Alles klar. __________________ Mfg, t'john Das TB unterstützen

Win7-PC mit GVU/BSI-Trojaner infiziert

Plagegeister aller Art und deren Bekämpfung: Win7-PC mit GVU/BSI-Trojaner infiziert