Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   akm Trojaner (https://www.trojaner-board.de/123928-akm-trojaner.html)

raul_p22 11.09.2012 21:19
akm Trojaner
 
Hallo leute ich habe ein großes problem, habe mir einen akm trojaner eingefangen bitte um dringende hilfeeeeeee!!!
Code:
OTL logfile created on: 9/12/2012 1:05:50 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 19.51 Gb Free Space | 34.91% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 282.20 Gb Free Space | 94.67% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 41.80 Gb Free Space | 17.95% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/08/25 16:55:44 | 000,075,384 | ---- | M] (Bitdefender) [On_Demand] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2012/08/25 16:55:39 | 001,958,960 | ---- | M] (Bitdefender) [Auto] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV:64bit: - [2012/08/25 16:55:34 | 000,067,904 | ---- | M] (Bitdefender) [Auto] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 15:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/12/14 06:46:50 | 000,035,648 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011/10/14 17:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/04 14:35:12 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/01 10:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/02/21 10:04:11 | 000,296,232 | ---- | M] (CyberLink) [Auto] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012/02/21 10:04:09 | 000,075,048 | ---- | M] (CyberLink) [Auto] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2012/02/21 10:04:07 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2011/12/14 06:47:00 | 002,123,584 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 06:46:50 | 000,028,992 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/09/23 12:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/12/28 04:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand] -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/08/19 07:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/08/25 16:55:32 | 000,093,160 | ---- | M] (BitDefender LLC) [Kernel | System] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2012/06/27 09:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/05/29 15:01:44 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2012/05/29 15:01:43 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Auto] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2012/05/28 10:32:12 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/20 14:22:46 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012/03/05 10:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/17 10:45:56 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012/01/09 11:28:20 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012/01/09 11:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012/01/09 11:28:20 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2012/01/09 11:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012/01/09 11:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012/01/09 11:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/25 09:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2011/11/17 11:38:34 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand] -- C:\Windows\System32\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011/11/14 14:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/07/13 07:59:54 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/07/13 07:59:54 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/06/10 02:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/05/20 03:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/18 03:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/19 13:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System] -- C:\Windows\System32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009/07/16 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2012/04/17 13:22:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/07/08 20:05:42] [Kernel | Auto] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({73526619-C24F-470B-9BED-53D455FBB5C6})
DRV - [2011/12/12 13:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/10/27 02:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Raul_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Raul_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\Raul_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\Raul_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D CF A1 73 D0 3C CD 01  [binary data]
IE - HKU\Raul_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_271.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Nero.com/KM: C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 18.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012/09/10 13:17:03 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 18.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012/05/29 14:03:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/28 12:42:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/05/29 14:03:37 | 000,000,000 | ---D | M]
 
[2012/05/28 08:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raul\AppData\Roaming\Mozilla\Extensions
[2012/06/06 07:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raul\AppData\Roaming\Mozilla\Firefox\Profiles\7hi15i93.default\extensions
[2012/06/01 06:14:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Raul\AppData\Roaming\Mozilla\Firefox\Profiles\7hi15i93.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/06 07:14:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Raul\AppData\Roaming\Mozilla\Firefox\Profiles\7hi15i93.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/05/28 11:12:40 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Raul\AppData\Roaming\Mozilla\Firefox\Profiles\7hi15i93.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
File not found (No name found) --
[2012/01/12 04:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Turbo Key] C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Raul_ON_C..\Run: []  File not found
O4 - HKU\Raul_ON_C..\Run: [{A5372D13-FDAF-AD41-F8CF-79CEFE2E5AD3}] C:\Users\Raul\AppData\Roaming\Joify\iguwe.exe (WinRescue)
O4 - HKU\Raul_ON_C..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\Raul_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\Raul_ON_C..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\Raul_ON_C..\Run: [ryzozogtasec] C:\Users\Raul\ryzozogtasec.exe ()
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Raul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Raul\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Raul\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Raul\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Raul\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Raul_ON_C Winlogon: Shell - (C:\Users\Raul\AppData\Roaming\1.exe) - C:\Users\Raul\AppData\Roaming\1.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2c77aa52-afc4-11e1-afc0-14dae9ee9768}\Shell - "" = AutoRun
O33 - MountPoints2\{2c77aa52-afc4-11e1-afc0-14dae9ee9768}\Shell\AutoRun\command - "" = G:\NokiaPCIA_Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/11 23:07:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/11 10:46:18 | 000,000,000 | ---D | C] -- C:\Users\Raul\AppData\Roaming\Yahoo!
[2012/09/10 15:35:02 | 000,000,000 | ---D | C] -- C:\Users\Raul\AppData\Local\Nero_AG
[2012/09/10 15:34:57 | 000,000,000 | ---D | C] -- C:\Users\Raul\AppData\Local\Nero
[2012/09/10 01:53:13 | 000,000,000 | ---D | C] -- C:\Users\Raul\AppData\Roaming\Nokia
[2012/09/09 17:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012/09/09 17:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2012/09/09 17:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2012/09/08 09:46:07 | 000,000,000 | ---D | C] -- C:\Users\Raul\Desktop\08.09.12
[2012/09/07 14:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly
[2012/09/05 16:52:41 | 000,233,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DreamScene.dll
[2012/08/25 17:22:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/25 17:22:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/25 17:22:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012/08/25 17:22:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/25 17:22:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/25 17:22:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/25 17:22:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/25 17:22:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/25 17:22:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/25 17:22:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/25 17:22:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/25 17:22:11 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012/08/25 17:22:11 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/08/25 17:22:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/25 16:29:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2012/08/25 16:29:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/08/25 16:29:02 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/25 16:29:01 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/11 17:53:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/11 17:49:23 | 000,651,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/09/11 17:49:23 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/11 17:49:23 | 000,129,468 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/09/11 17:49:23 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/11 13:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/11 13:52:46 | 000,014,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 13:52:46 | 000,014,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 13:45:45 | 000,000,376 | ---- | M] () -- C:\Users\Raul\AppData\Roamingprivacy.xml
[2012/09/11 13:02:30 | 000,000,648 | ---- | M] () -- C:\Users\Raul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012/09/11 13:02:23 | 000,391,245 | ---- | M] () -- C:\Users\Raul\AppData\Roaming\1.exe
[2012/09/09 17:07:04 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012/09/09 17:07:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012/09/07 14:00:58 | 000,000,857 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2012/09/07 14:00:58 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
[2012/09/05 16:49:33 | 000,003,339 | ---- | M] () -- C:\Users\Raul\Documents\ax_files.xml
[2012/09/04 14:35:12 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/04 14:35:12 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/26 04:01:01 | 000,274,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/25 16:55:32 | 000,093,160 | ---- | M] (BitDefender LLC) -- C:\Windows\System32\drivers\bdfndisf6.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/11 13:02:30 | 000,000,648 | ---- | C] () -- C:\Users\Raul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012/09/11 13:02:24 | 000,391,245 | ---- | C] () -- C:\Users\Raul\AppData\Roaming\1.exe
[2012/09/09 17:07:04 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012/09/07 14:00:58 | 000,000,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2012/09/07 14:00:58 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
[2012/06/01 12:52:52 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/05/30 11:54:32 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2012/05/29 16:36:40 | 000,000,300 | ---- | C] () -- C:\Windows\wininit.ini
[2012/05/29 14:14:25 | 000,000,376 | ---- | C] () -- C:\Users\Raul\AppData\Roamingprivacy.xml
[2012/05/29 14:11:38 | 000,000,385 | ---- | C] () -- C:\Users\Raul\AppData\Roaminguser_gensett.xml
[2012/05/29 14:04:35 | 000,183,532 | ---- | C] () -- C:\ProgramData\1338314522.bdinstall.bin
[2012/05/28 10:18:50 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/05/28 10:18:48 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/05/28 10:18:48 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/05/28 08:55:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/28 08:48:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/05/28 08:48:18 | 000,036,877 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/04/05 21:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 21:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 08:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/05 22:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/02/21 15:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe
 
========== LOP Check ==========
 
[2012/09/07 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Raul\AppData\Roaming\BitComet
[2012/05/29 14:03:38 | 000,000,000 | ---D | M] -- C:\Users\Raul\AppData\Roaming\Bitdefender
[2012/06/01 00:40:02 | 000,000,000 | ---D | M] -- C:\Users\Raul\AppData\Roaming\Doowk
[2012/06/06 07:14:31 | 000,000,000 | ---D | M] -- C:\Users\Raul\AppData\Roaming\DVDVideoSoft
[2012/06/06 07:14:07 | 000,000,000 | ---D | M] -- C:\Users\Raul\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/06/03 22:05:37 | 000,000,000 | ---D | M] -- C:\Users\Raul\AppData\Roaming\Izryte
[2012/06/03 15:46:44 | 000,000,000 | ---D | M] -- C:\Users\Raul\AppData\Roaming\Joify
[2012/09/10 01:53:13 | 000,000,000 | ---D | M] -- C:\Users\Raul\AppData\Roaming\Nokia
[2012/06/03 08:19:17 | 000,000,000 | ---D | M] -- C:\Users\Raul\AppData\Roaming\PC Suite
[2012/05/29 14:02:24 | 000,000,000 | ---D | M] -- C:\Users\Raul\AppData\Roaming\QuickScan
[2012/06/11 14:23:08 | 000,000,000 | ---D | M] -- C:\Users\Raul\AppData\Roaming\TeamViewer
[2012/06/10 04:38:16 | 000,000,000 | ---D | M] -- C:\Users\Raul\AppData\Roaming\TuneUp Software
[2012/05/28 08:54:49 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/05/28 10:18:52 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS OC Profiles
[2012/05/29 14:03:46 | 000,000,000 | ---D | M] -- C:\ProgramData\BDLogging
[2012/05/29 14:03:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Bitdefender
[2012/06/10 04:27:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/06/07 14:47:39 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2012/06/07 14:47:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/05/29 14:20:18 | 000,000,000 | ---D | M] -- C:\ProgramData\install_clap
[2012/06/03 08:16:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2012/06/03 08:15:04 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2012/06/03 08:43:13 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2012/05/30 16:05:42 | 000,000,000 | ---D | M] -- C:\ProgramData\PDVD
[2012/06/01 11:56:42 | 000,000,000 | ---D | M] -- C:\ProgramData\SlySoft
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/07/08 14:04:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/06/10 04:28:27 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2012/06/10 04:27:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/09/05 16:15:22 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

cosinus 12.09.2012 11:59
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

raul_p22 12.09.2012 15:37
danke für die antwort, de abgesicherte modus ist auch gespärt!

cosinus 12.09.2012 18:28
Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKU\Raul_ON_C..\Run: []  File not found
O4 - HKU\Raul_ON_C..\Run: [{A5372D13-FDAF-AD41-F8CF-79CEFE2E5AD3}] C:\Users\Raul\AppData\Roaming\Joify\iguwe.exe (WinRescue)
O4 - HKU\Raul_ON_C..\Run: [ryzozogtasec] C:\Users\Raul\ryzozogtasec.exe ()
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Raul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O20 - HKU\Raul_ON_C Winlogon: Shell - (C:\Users\Raul\AppData\Roaming\1.exe) - C:\Users\Raul\AppData\Roaming\1.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2c77aa52-afc4-11e1-afc0-14dae9ee9768}\Shell - "" = AutoRun
O33 - MountPoints2\{2c77aa52-afc4-11e1-afc0-14dae9ee9768}\Shell\AutoRun\command - "" = G:\NokiaPCIA_Autorun.exe
:Files
C:\Users\Raul\AppData\Roaming\1.exe
C:\Users\Raul\AppData\Roaming\Doowk
C:\Users\Raul\AppData\Roaming\Izryte
C:\Users\Raul\AppData\Roaming\Joify
C:\ProgramData\{*
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131