| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner blockiert Windows Vista Rechner, abgesicherter Modus geht auch nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.01.2013, 15:36
| #1 |
| |  Trojaner blockiert Windows Vista Rechner, abgesicherter Modus geht auch nicht Hallo ich habe mir wohl einen GVU-Trojaner eingefangen. Ich habe den Rechner mit einer OTLPE CD gebootet und einen Scan durchgeführt. Anschliessend wurden die OTL.txt und Extras.txt erstellt. Nun helfen mir jedoch keine Foren mehr weiter. Es hieß immer nur ich soll die Datein auf einen USB-Stick speichern, was ich auch getan habe. Aber wenn ich den PC neu starte kommt wieder der weiße Bildschirm. Was kann ich nun mit den Datein anfangen? |
|
31.01.2013, 15:38
| #2 |
| /// Malware-holic   | Trojaner blockiert Windows Vista Rechner, abgesicherter Modus geht auch nicht hi
__________________es stand sicher nirgens, erstelle die logs, und der pc startet, da kam immer eine auswertung, was bei dir eher schwierig is, denn logs sind ja noch keine zu sehen :-) poste sie, dann können wir anfangen
__________________ |
|
31.01.2013, 19:43
| #3 |
| | Trojaner blockiert Windows Vista Rechner, abgesicherter Modus geht auch nicht Das ist meine erste Auswertung:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 1/31/2013 3:15:02 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122.59 Gb Total Space | 34.32 Gb Free Space | 28.00% Space Free | Partition Type: NTFS
Drive D: | 26.45 Gb Total Space | 17.16 Gb Free Space | 64.90% Space Free | Partition Type: FAT32
Drive E: | 7.82 Gb Total Space | 7.14 Gb Free Space | 91.26% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/01/08 17:07:37 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/23 11:21:44 | 000,087,040 | ---- | M] (Conduit) [Auto] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2012/10/09 09:50:08 | 000,188,760 | ---- | M] () [Auto] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2012/10/02 10:20:26 | 001,008,496 | ---- | M] () [Auto] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/29 05:09:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 05:25:57 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/21 04:49:24 | 000,247,608 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/09/11 05:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/04/15 08:37:32 | 000,654,640 | ---- | M] (REINER SCT) [Auto] -- C:\Windows\System32\cjpcsc.exe -- (cjpcsc)
SRV - [2007/10/25 09:08:58 | 000,206,128 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\Common Files\AVM\De_serv.exe -- (de_serv)
SRV - [2007/07/02 20:04:00 | 000,405,504 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\avmclient\avmbtservice.exe -- (AVM BT Connection Service)
SRV - [2007/07/02 20:04:00 | 000,221,184 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\avmclient\AvmObexService.exe -- (AvmObexService)
SRV - [2007/02/12 08:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/11/02 07:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2001/11/12 07:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz132)
DRV - [2012/01/31 20:30:00 | 000,542,312 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2011/06/29 05:09:05 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 05:09:05 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/29 10:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/06/29 10:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009/05/11 03:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/09 06:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/10/09 06:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008/10/09 06:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007/10/25 09:07:24 | 000,334,640 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Netfritz.sys -- (NETFRITZ)
DRV - [2007/07/02 20:04:00 | 000,851,712 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bfhubase.sys -- (bfhubase)
DRV - [2007/07/02 20:04:00 | 000,374,144 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\capi_cip.sys -- (CAPI_CIP)
DRV - [2007/07/02 20:04:00 | 000,064,512 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2007/07/02 20:04:00 | 000,061,952 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmbtpar.sys -- (AVMBTPARALLEL)
DRV - [2007/07/02 20:04:00 | 000,060,928 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmbtser.sys -- (AVMBTSERIAL)
DRV - [2007/07/02 20:04:00 | 000,006,656 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bfhu_cfg.sys -- (BFHU_CFG)
DRV - [2007/05/31 01:38:18 | 000,023,040 | ---- | M] (REINER SCT) [Kernel | On_Demand] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb)
DRV - [2007/05/31 01:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2007/05/03 05:19:16 | 000,066,472 | ---- | M] (AVM Berlin) [Kernel | Auto] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT)
DRV - [2007/04/30 06:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/29 23:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2006/11/30 09:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/11/17 04:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={34BF4D20-C447-11E1-B63F-000777640932}
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1106241240\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\ole_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\ole_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\ole_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN17936111031968295&ctid=CT2653012
IE - HKU\ole_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\ole_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\ole_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1106241240\ICQToolBar.dll (ICQ)
IE - HKU\ole_ON_C\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
IE - HKU\ole_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\ole_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010/10/28 14:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/10/16 09:49:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.6.4\FF [2012/07/02 08:10:16 | 000,000,000 | ---D | M]
[2012/12/24 08:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ole\AppData\Roaming\Mozilla\Firefox\extensions
[2012/12/24 08:33:31 | 000,000,000 | ---D | M] (Veoh Web Player) -- C:\Users\ole\AppData\Roaming\Mozilla\Firefox\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2012/10/16 09:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2013/01/31 14:58:26 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1106241240\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\ole_ON_C\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\ole_ON_C\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
O3 - HKU\ole_ON_C\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMBlueClient] C:\Program Files\avmclient\bluefritz.exe (AVM Berlin)
O4 - HKLM..\Run: [AVMBLUEOBEX] C:\Program Files\avmclient\AvmObex.exe (AVM Berlin)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\ole_ON_C..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\ole_ON_C..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\ole_ON_C..\Run: [SearchProtect] File not found
O4 - HKU\ole_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\ole_ON_C..\Run: [Spotify Web Helper] C:\Users\ole\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\ole_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\ole_ON_C Winlogon: Shell - (C:\Users\ole\AppData\Roaming\skype.dat) - C:\Users\ole\AppData\Roaming\skype.dat ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/11 17:57:46 | 000,000,000 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{098f7770-e283-11df-a8c8-000777640932}\Shell - "" = AutoRun
O33 - MountPoints2\{098f7770-e283-11df-a8c8-000777640932}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{098f7772-e283-11df-a8c8-000777640932}\Shell - "" = AutoRun
O33 - MountPoints2\{098f7772-e283-11df-a8c8-000777640932}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{098f777b-e283-11df-a8c8-000777640932}\Shell - "" = AutoRun
O33 - MountPoints2\{098f777b-e283-11df-a8c8-000777640932}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1440f927-9754-11df-98fd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1440f927-9754-11df-98fd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O33 - MountPoints2\{3ede32f8-ec1a-11df-8664-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{3ede32f8-ec1a-11df-8664-404e57434401}\Shell\AutoRun\command - "" = G:\VTP_Manager.exe
O33 - MountPoints2\{57aac52c-ad1c-11e0-81ee-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{57aac52c-ad1c-11e0-81ee-404e57434401}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{bedd1798-12cc-11e1-8e97-000777640932}\Shell - "" = AutoRun
O33 - MountPoints2\{bedd1798-12cc-11e1-8e97-000777640932}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/31 14:58:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/31 14:15:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/31 07:39:19 | 000,000,000 | -HSD | C] -- C:\found.001
========== Files - Modified Within 30 Days ==========
[2013/01/31 09:03:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/31 09:03:21 | 000,000,004 | ---- | M] () -- C:\Users\ole\AppData\Roaming\skype.ini
[2013/01/31 09:02:17 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{15562987-C3B2-4467-B810-DDE30E73EB14}.job
[2013/01/31 09:00:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 09:00:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 09:00:45 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/31 06:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/24 05:45:08 | 000,026,624 | ---- | M] () -- C:\Users\ole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/17 13:32:27 | 000,651,644 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/17 13:32:27 | 000,618,960 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/17 13:32:27 | 000,120,318 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/17 13:32:27 | 000,106,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/08 17:07:36 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/08 17:07:36 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/08 03:00:19 | 269,560,724 | ---- | M] () -- C:\Windows\MEMORY.DMP
========== Files Created - No Company Name ==========
[2013/01/31 06:45:25 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/20 03:47:56 | 000,000,004 | ---- | C] () -- C:\Users\ole\AppData\Roaming\skype.ini
[2012/10/22 10:40:02 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2012/10/16 09:49:37 | 001,008,496 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012/10/16 09:49:37 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012/10/08 05:26:09 | 000,076,349 | ---- | C] () -- C:\ProgramData\frrehhovskejiqv
[2012/10/03 12:08:42 | 000,000,790 | ---- | C] () -- C:\Windows\wiso.ini
[2011/12/13 05:27:21 | 000,100,352 | ---- | C] () -- C:\Windows\System32\pg32conv.dll
[2011/12/13 05:27:19 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2011/12/13 05:27:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\AFFile.dll
[2011/12/13 05:27:09 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ExportModeller.dll
[2011/07/19 09:58:20 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/19 09:58:20 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/07/15 07:42:56 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2011/07/15 07:42:20 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2011/07/15 07:42:20 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2011/07/15 07:22:06 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/06/08 10:47:00 | 000,026,624 | ---- | C] () -- C:\Users\ole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/12 12:50:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/07 14:44:49 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010/11/07 14:34:43 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2010/11/07 14:34:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2010/11/07 14:34:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2010/11/07 14:13:34 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010/07/25 14:59:26 | 000,000,552 | RH-- | C] () -- C:\Users\ole\AppData\Local\d3d8caps.dat
[2010/07/24 14:21:20 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2010/07/24 14:21:20 | 000,057,344 | ---- | C] () -- C:\Windows\System32\HLVDD.DLL
[2010/07/24 14:13:05 | 000,001,356 | RH-- | C] () -- C:\Users\ole\AppData\Local\d3d9caps.dat
[2009/06/16 06:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2006/12/10 23:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 10:33:31 | 000,651,644 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 10:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 10:33:31 | 000,120,318 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 10:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,397,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,618,960 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,106,744 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:31:23 | 000,063,488 | ---- | C] () -- C:\Users\ole\AppData\Roaming\skype.dat
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
========== LOP Check ==========
[2012/11/26 04:54:25 | 000,000,000 | ---D | M] -- C:\Users\ole\AppData\Roaming\Amasfu
[2012/02/10 03:23:42 | 000,000,000 | -H-D | M] -- C:\Users\ole\AppData\Roaming\Amazon
[2012/05/29 13:07:15 | 000,000,000 | -H-D | M] -- C:\Users\ole\AppData\Roaming\AnvSoft
[2012/10/03 12:08:53 | 000,000,000 | ---D | M] -- C:\Users\ole\AppData\Roaming\Buhl Data Service
[2010/10/28 14:36:31 | 000,000,000 | -H-D | M] -- C:\Users\ole\AppData\Roaming\Bytemobile
[2012/10/08 08:59:03 | 000,000,000 | ---D | M] -- C:\Users\ole\AppData\Roaming\elsterformular
[2013/01/18 10:18:21 | 000,000,000 | ---D | M] -- C:\Users\ole\AppData\Roaming\Erwaaz
[2013/01/22 03:32:54 | 000,000,000 | ---D | M] -- C:\Users\ole\AppData\Roaming\Exiha
[2011/08/03 06:45:32 | 000,000,000 | -H-D | M] -- C:\Users\ole\AppData\Roaming\FRITZ!
[2012/07/02 08:12:00 | 000,000,000 | -H-D | M] -- C:\Users\ole\AppData\Roaming\ICQ
[2012/05/29 12:41:36 | 000,000,000 | -H-D | M] -- C:\Users\ole\AppData\Roaming\MOVAVI
[2012/05/29 13:07:20 | 000,000,000 | ---D | M] -- C:\Users\ole\AppData\Roaming\OpenCandy
[2012/06/03 13:30:10 | 000,000,000 | ---D | M] -- C:\Users\ole\AppData\Roaming\OpenOffice.org
[2010/07/25 11:57:08 | 000,000,000 | ---D | M] -- C:\Users\ole\AppData\Roaming\Opera
[2010/07/29 08:29:59 | 000,000,000 | -H-D | M] -- C:\Users\ole\AppData\Roaming\pokerth
[2012/12/24 12:16:43 | 000,000,000 | ---D | M] -- C:\Users\ole\AppData\Roaming\SearchProtect
[2011/06/23 08:26:55 | 000,000,000 | -H-D | M] -- C:\Users\ole\AppData\Roaming\Simfy
[2013/01/20 03:38:25 | 000,000,000 | ---D | M] -- C:\Users\ole\AppData\Roaming\Spotify
[2012/10/23 12:26:37 | 000,000,000 | ---D | M] -- C:\Users\ole\AppData\Roaming\Systweak
[2012/05/29 13:08:26 | 000,000,000 | -H-D | M] -- C:\Users\ole\AppData\Roaming\TuneUp Software
[2010/10/28 14:36:31 | 000,000,000 | -H-D | M] -- C:\Users\ole\AppData\Roaming\Vodafone
[2010/10/28 15:16:10 | 000,000,000 | ---D | M] -- C:\Users\ole\AppData\Roaming\Vodafone Mobile Connect
[2012/10/08 06:06:48 | 000,000,000 | ---D | M] -- C:\Users\ole\AppData\Roaming\XMedia Recode
[2010/07/24 14:10:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/10/03 12:20:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2012/05/29 13:08:00 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/07/24 14:10:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/10/08 05:26:17 | 000,000,000 | ---D | M] -- C:\ProgramData\edbziymysdduhbl
[2012/10/08 08:58:09 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2010/07/24 14:10:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/06/24 05:40:09 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2011/08/03 06:45:45 | 000,000,000 | ---D | M] -- C:\ProgramData\ISDNWatch
[2010/07/26 14:52:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2010/12/27 06:35:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Phenomedia
[2011/07/15 07:42:19 | 000,000,000 | ---D | M] -- C:\ProgramData\REINER SCT
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/07/24 14:10:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/07/02 08:10:23 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM
[2012/10/22 10:40:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Systweak
[2012/06/06 14:45:22 | 000,000,000 | ---D | M] -- C:\ProgramData\TechSmith
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/05/29 13:09:22 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2010/10/28 14:35:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone
[2010/07/24 14:10:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/11/07 14:45:43 | 000,000,000 | ---D | M] -- C:\ProgramData\X10 Settings
[2012/05/29 13:08:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/01/31 09:03:35 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/01/31 09:02:17 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{15562987-C3B2-4467-B810-DDE30E73EB14}.job
========== Purity Check ==========
< End of report >
Und das ist meine andere Auswertung:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 1/31/2013 3:15:02 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122.59 Gb Total Space | 34.32 Gb Free Space | 28.00% Space Free | Partition Type: NTFS
Drive D: | 26.45 Gb Total Space | 17.16 Gb Free Space | 64.90% Space Free | Partition Type: FAT32
Drive E: | 7.82 Gb Total Space | 7.14 Gb Free Space | 91.26% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}" = Die ersten 10 Jahre
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.536
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}" = Snagit 11
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.0.5
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F44EAEB2-332B-48B9-B1B7-E25EAB628124}" = PowerBuilder Client Runtime
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F92CDFEB-DB96-4589-B88C-BE181D153445}" = Moorhuhn WE AYCS
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"1713EFD0409BCDF53DED33020E5FE8E4FB97BA41" = Windows Driver Package - Intel (NETw2v32) net (03/06/2007 9.1.1.15)
"826B99A85CD4868B9A3FAED5E017F71E18E06320" = Windows Driver Package - Intel (NETw4v32) net (04/30/2007 11.1.1.11)
"9D79C0A6F2EAAA6C6EE43E3C5E767B7D3877AC69" = Windows Driver Package - Intel net (04/30/2007 11.1.1.11)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVM ISDN CAPI Port" = AVM ISDN CAPI Port
"AVMBLUECLI" = AVM BlueFRITZ! USB
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AVS Media Player_is1" = AVS Media Player 4.1.9.95
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FRITZ! 2.0" = AVM FRITZ!
"Gadwin PrintScreen" = Gadwin PrintScreen
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"KTBL-Baukost" = KTBL-Baukost 2.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Opera 12.12.1707" = Opera 12.12
"PokerTH 0.7.1" = PokerTH
"PriceGong" = PriceGong 2.6.4
"SearchProtect" = Search Protect by conduit
"Simfy" = simfy
"ST6UNST #1" = KTBL-Datensammlung Landwirtschaft 2006/07
"Superkuh" = Superkuh
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
"Wajam" = Wajam
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WNLT" = IB Updater Service
"X10Hardware" = X10 Hardware(TM)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\ole_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
< End of report >
|
|
31.01.2013, 19:50
| #4 |
| /// Malware-holic | Trojaner blockiert Windows Vista Rechner, abgesicherter Modus geht auch nicht Hi an der Infektion bist du selbst schuld. Warum hat dieses Windows noch keine Updates gesehen, keine Servicepacks instaliert etc? auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O20 - HKU\ole_ON_C Winlogon: Shell - (C:\Users\ole\AppData\Roaming\skype.dat) - C:\Users\ole\AppData\Roaming\skype.dat ()
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.01.2013, 21:35
| #5 |
| | Trojaner blockiert Windows Vista Rechner, abgesicherter Modus geht auch nicht Das ist die neuste Auswertung. Oh man ist das kompliziert, vielen dank für deine Mühe ========== OTL ========== Registry value HKEY_USERS\ole_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\ole\AppData\Roaming\skype.dat deleted successfully. C:\Users\ole\AppData\Roaming\skype.dat moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: ole User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: ole User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3777456 bytes Total Files Cleaned = 4.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 01312013_212649 Ich habe heute versucht die Datei noch im UpChannel hochzuladen, wie es oben beschrieben wurde, jedoch weiß ich nicht wo der Ordner Movedfiles ist bzw. finde den nicht. Könnt ihr trotdem was mit der neusten Auswertung anfangen? oder ist es notwendig die Datei noch über den upchannel hochzuladen, denn müsstet ihr mir einmal dabei helfen. Gruß Samanta Oh man der PC funktioniert wieder. Vielen lieben Dank für deine Mühe |
|
| Themen zu Trojaner blockiert Windows Vista Rechner, abgesicherter Modus geht auch nicht |
| abgesicherter, abgesicherter modus, blockiert, datei, datein, erstell, extras.txt, foren, gvu-trojaner, kommt wieder, modus, neu, otl.txt, otlpe, rechner, scan, speicher, speichern, starte, troja, trojaner, usb-stick, vista, weiße, windows, windows vista |
Linear-Darstellung
