Trojaner-Board - Windows Vista GVU Trojaner

Hallo,

hab mir leider den GVU-Trojaner eingefangen.
Hab Windows Vista. Abgesicherter Modus geht leider auch nicht, nur noch weisser Bildschirm.

Anbei das OLT-Protokoll (reinkopiert, da Anhang nicht moeglich).

Vielen Dank schon mal.

Gruss

==================================================
OTL logfile created on: 5/13/2012 10:29:30 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092?:\pagefile.sys [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 36.62 Gb Total Space | 30.22 Gb Free Space | 82.52% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 5.68 Gb Free Space | 15.25% Space Free | Partition Type: NTFS
Drive F: | 45.26 Gb Total Space | 15.12 Gb Free Space | 33.41% Space Free | Partition Type: NTFS
Drive G: | 37.57 Gb Total Space | 25.79 Gb Free Space | 68.63% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2012/05/10 15:28:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/07/08 09:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto] -- E:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2009/07/21 09:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 11:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/04 07:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) [Auto] -- E:\Program Files\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/04/17 07:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) [Auto] -- E:\Program Files\Kodak\AiO\center\KodakSvc.exe -- (KodakSvc)
SRV - [2008/01/18 18:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/08 04:31:06 | 000,110,592 | ---- | M] (Digital Everywhere) [Auto] -- E:\Program Files\FireDTV\FireDTV MCE Plugin\FDTvCISvc.exe -- (FDTvCISvc)
SRV - [2005/09/07 12:18:34 | 000,049,336 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe -- (ehMonitor)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (VMnetAdapter)
DRV - File not found [Kernel | Boot] -- -- (VClone)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2010/01/08 19:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- E:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/12/08 16:08:08 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 05:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 05:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 07:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/02 06:32:26 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand] -- E:\Windows\System32\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV - [2008/01/18 16:53:28 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2007/11/02 09:40:42 | 000,061,440 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand] -- E:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2007/11/02 09:40:42 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2007/09/07 08:24:42 | 000,033,664 | ---- | M] (Digital Everywhere) [Kernel | On_Demand] -- E:\Windows\System32\drivers\FireDTV_BDA_DVBS2.sys -- (FireDTV_DVBS2)
DRV - [2007/08/21 22:08:30 | 003,076,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/08/21 22:08:30 | 003,076,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/07/06 03:32:00 | 000,046,976 | ---- | M] (Digital Everywhere) [Kernel | On_Demand] -- E:\Windows\System32\drivers\FireDTV_BDA_DVBS_MCE.sys -- (Firesat_Dvbs)
DRV - [2007/06/17 07:43:50 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand] -- E:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/05/17 05:41:12 | 000,055,040 | ---- | M] (SUNIX GROUP) [Kernel | On_Demand] -- E:\Windows\System32\drivers\golport.sys -- (GOLPORT)
DRV - [2007/05/17 05:41:00 | 000,016,512 | ---- | M] (SUNIX GROUP) [Kernel | On_Demand] -- E:\Windows\System32\drivers\golcard.sys -- (GOLCARD)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007/01/08 04:37:58 | 000,174,592 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand] -- E:\Windows\System32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/03/17 22:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand] -- E:\Windows\System32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/12/23 06:22:18 | 000,005,685 | R--- | M] () [Kernel | System] -- E:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/12/16 12:41:30 | 000,089,808 | ---- | M] (MCCI) [Kernel | On_Demand] -- E:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2004/12/16 12:40:04 | 000,055,312 | ---- | M] (MCCI) [Kernel | On_Demand] -- E:\Windows\System32\drivers\slabbus.sys -- (slabbus) CP210x USB Composite Device driver (WDM)
DRV - [2004/11/26 05:15:06 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ncfvsbus.sys -- (ncfvsbus)
DRV - [2004/11/08 12:44:16 | 000,039,284 | R--- | M] (TechnoTrend AG) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ttloophe.sys -- (TTLOOPHE)
DRV - [2004/09/13 04:13:20 | 000,065,840 | R--- | M] (TechnoTrend AG) [Kernel | On_Demand] -- E:\Windows\System32\drivers\saa7146n.sys -- (SAA7146n) TT DVB-PCI driver (SAA7146n)
DRV - [2004/08/13 14:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/07/17 10:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\db2admin_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Markus_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Markus_ON_E\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Markus_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Markus_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Markus_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 130.92.70.251:3124

IE - HKU\NetworkService_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de/"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.backup.ftp: "192.33.90.196"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "192.33.90.196"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "192.33.90.196"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "192.33.90.196"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "81.63.140.37"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "81.63.140.37"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "81.63.140.37"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "81.63.140.37"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "81.63.140.37"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: E:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: E:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: E:\Program Files\VistaCodecPack\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: E:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: E:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: E:\Program Files\VistaCodecPack\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/05/10 15:28:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/06/05 11:30:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 1.5.0.10\Extensions\\Components: D:\PROGRA~1\Mozilla Thunderbird\components\ [2007/04/19 12:11:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 1.5.0.10\Extensions\\Plugins: D:\PROGRA~1\Mozilla Thunderbird\plugins\ [2007/04/19 12:11:05 | 000,000,000 | ---D | M]

[2008/12/25 09:14:01 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Markus\AppData\Roaming\Mozilla\Extensions
[2008/12/25 09:14:01 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Markus\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/05/28 04:30:39 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\sk1wyf9h.default\extensions
[2010/12/10 16:40:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\sk1wyf9h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/01/14 13:20:55 | 000,002,382 | ---- | M] () -- E:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\sk1wyf9h.default\searchplugins\dp-suche.xml
[2012/01/28 13:40:12 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2012/05/10 15:28:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 16:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/01/27 15:15:27 | 000,024,576 | ---- | M] (RealNetworks) -- E:\Program Files\mozilla firefox\plugins\npgcplug.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- E:\Program Files\mozilla firefox\plugins\npracplug.dll
[2012/04/07 05:45:44 | 000,001,392 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/07 05:45:44 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/07 05:45:44 | 000,001,153 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/07 05:45:44 | 000,006,805 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/07 05:45:44 | 000,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/07 05:45:44 | 000,001,105 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010/02/09 14:37:35 | 000,000,784 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: :78.42.207.129 cooper
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - E:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [A2F0dnfEgERcY31] E:\Users\Markus\AppData\Roaming\spoolsrv.exe ()
O4 - HKLM..\Run: [APSDaemon] E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDTray] E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Conime] E:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] E:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NBKeyScan] File not found
O4 - HKLM..\Run: [TkBellExe] File not found
O4 - HKLM..\Run: [tvncontrol] E:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [Windows Defender] E:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\db2admin_ON_E..\Run: [A2F0dnfEgERcY31] E:\Users\db2admin\AppData\Roaming\spoolsrv.exe ()
O4 - HKU\db2admin_ON_E..\Run: [WindowsWelcomeCenter] E:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\Run: [WindowsWelcomeCenter] E:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Markus_ON_E..\Run: [A2F0dnfEgERcY31] E:\Users\Markus\AppData\Roaming\spoolsrv.exe ()
O4 - HKU\Markus_ON_E..\Run: [Eraser] E:\Program Files\Eraser\eraser.exe (Heidi Computers Ltd)
O4 - HKU\Markus_ON_E..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O4 - HKU\Markus_ON_E..\Run: [TomTomHOME.exe] File not found
O4 - HKU\Markus_ON_E..\Run: [UpgradeChecker] File not found
O4 - HKU\NetworkService_ON_E..\Run: [WindowsWelcomeCenter] E:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: E:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Connectivity Framework Lite.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = D:\WINDOWS\Resources\Themes\Royale.theme
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = D:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\Markus_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Markus_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Markus_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Markus_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175332830343 (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (D:\Users\Markus\AppData\Roaming\spoolsrv.exe) - E:\Users\Markus\AppData\Roaming\spoolsrv.exe ()
O20 - HKLM Winlogon: UserInit - (D:\Users\Markus\AppData\Roaming\spoolsrv.exe) - E:\Users\Markus\AppData\Roaming\spoolsrv.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - File not found
O20 - HKU\db2admin_ON_E Winlogon: Shell - (D:\Users\db2admin\AppData\Roaming\spoolsrv.exe) - E:\Users\db2admin\AppData\Roaming\spoolsrv.exe ()
O20 - HKU\db2admin_ON_E Winlogon: UserInit - (D:\Users\db2admin\AppData\Roaming\spoolsrv.exe) - E:\Users\db2admin\AppData\Roaming\spoolsrv.exe ()
O20 - HKU\db2admin_ON_E Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - File not found
O20 - HKU\Markus_ON_E Winlogon: Shell - (D:\Users\Markus\AppData\Roaming\spoolsrv.exe) - E:\Users\Markus\AppData\Roaming\spoolsrv.exe ()
O20 - HKU\Markus_ON_E Winlogon: UserInit - (D:\Users\Markus\AppData\Roaming\spoolsrv.exe) - E:\Users\Markus\AppData\Roaming\spoolsrv.exe ()
O20 - HKU\Markus_ON_E Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/27 14:17:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3010ef7e-1599-11df-bfcd-005056c00008}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\{a5057468-4a9a-11dd-b5b6-0018f39c64d5}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\monsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/13 21:51:24 | 002,237,440 | R--- | C] (OldTimer Tools) -- E:\OTLPE.exe
[2012/05/13 21:51:22 | 000,000,000 | ---D | C] -- E:\_OTL
[2012/05/13 21:18:39 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2012/05/11 14:47:27 | 001,172,480 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3d10warp.dll
[2012/05/11 14:47:27 | 001,069,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\DWrite.dll
[2012/05/11 14:47:27 | 000,683,008 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d2d1.dll
[2012/05/11 14:47:27 | 000,219,648 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3d10_1core.dll
[2012/05/11 14:47:27 | 000,160,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3d10_1.dll
[2012/05/11 14:46:08 | 003,602,816 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntkrnlpa.exe
[2012/05/11 14:46:08 | 003,550,080 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2012/05/11 14:46:08 | 002,044,928 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2012/05/10 15:28:23 | 000,000,000 | ---D | C] -- E:\Program Files\Mozilla Maintenance Service
[2012/05/10 15:28:23 | 000,000,000 | ---D | C] -- E:\ProgramData\Mozilla
[2012/04/14 09:14:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2012/04/14 09:14:58 | 001,799,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2012/04/14 09:14:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2012/04/14 09:14:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2012/04/14 09:14:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2012/04/14 09:14:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2012/04/14 09:14:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2007/01/27 15:15:29 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- E:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2012/05/13 15:27:00 | 000,262,232 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2012/05/13 15:18:18 | 000,000,736 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/13 15:18:18 | 000,000,736 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/13 15:18:14 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/05/13 11:38:48 | 000,642,298 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2012/05/13 11:38:48 | 000,607,332 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/05/13 11:38:48 | 000,133,220 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2012/05/13 11:38:48 | 000,109,810 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/05/13 10:39:16 | 000,290,304 | ---- | M] () -- E:\Users\Markus\AppData\Roaming\spoolsrv.exe
[2012/05/11 14:56:07 | 000,084,900 | ---- | M] () -- E:\Users\Markus\Desktop\hd-plus-0139523820121.pdf
[2012/05/10 14:33:30 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe
[2012/05/10 14:33:30 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/05/13 17:16:29 | 000,000,736 | -H-- | C] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/13 17:16:29 | 000,000,736 | -H-- | C] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/13 10:39:20 | 000,290,304 | ---- | C] () -- E:\Users\Markus\AppData\Roaming\spoolsrv.exe
[2012/05/11 14:56:06 | 000,084,900 | ---- | C] () -- E:\Users\Markus\Desktop\hd-plus-0139523820121.pdf
[2011/09/16 16:25:03 | 000,000,041 | -HS- | C] () -- E:\ProgramData\.zreglib
[2010/12/29 14:09:28 | 000,000,000 | ---- | C] () -- E:\Windows\Irremote.ini
[2010/02/14 13:05:55 | 000,000,000 | ---- | C] () -- E:\Windows\System32\cd.dat
[2009/12/30 16:51:47 | 000,012,800 | ---- | C] () -- E:\Windows\System32\EKDeviceServices.dll
[2009/10/30 13:26:46 | 000,097,716 | -H-- | C] () -- E:\Windows\System32\mlfcache.dat
[2009/08/21 12:11:06 | 000,117,248 | ---- | C] () -- E:\Windows\System32\EhStorAuthn.dll
[2009/08/21 12:11:06 | 000,107,612 | ---- | C] () -- E:\Windows\System32\StructuredQuerySchema.bin
[2009/07/04 12:31:22 | 000,000,000 | ---- | C] () -- E:\Windows\CatClient.INI
[2008/12/19 14:09:34 | 000,000,090 | ---- | C] () -- E:\Windows\AlphaCrypt.ini
[2008/11/16 08:59:02 | 000,000,035 | ---- | C] () -- E:\Windows\wcx_ftp.ini
[2008/11/16 08:58:25 | 000,000,280 | ---- | C] () -- E:\Windows\WINCMD.INI
[2008/10/04 05:34:34 | 000,000,069 | ---- | C] () -- E:\Windows\NeroDigital.ini
[2008/08/02 05:45:35 | 000,018,904 | ---- | C] () -- E:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/26 13:01:38 | 000,152,576 | ---- | C] () -- E:\Windows\System32\ProfOnFo.dll
[2008/05/26 13:01:38 | 000,149,504 | ---- | C] () -- E:\Windows\System32\Profmeas.dll
[2008/05/26 13:01:38 | 000,018,432 | ---- | C] () -- E:\Windows\System32\Profcali.dll
[2008/05/26 13:01:38 | 000,016,384 | ---- | C] () -- E:\Windows\System32\ProDVer.dll
[2008/03/22 14:17:32 | 000,001,723 | ---- | C] () -- E:\Windows\wiso.ini
[2007/12/13 15:01:54 | 000,000,306 | RHS- | C] () -- E:\ProgramData\ntuser.pol
[2007/09/26 18:07:02 | 000,007,680 | ---- | C] () -- E:\Windows\System32\ff_vfw.dll
[2007/08/21 21:29:09 | 003,107,788 | ---- | C] () -- E:\Windows\System32\atiumdva.dat
[2007/08/05 05:35:03 | 000,000,305 | ---- | C] () -- E:\ProgramData\addr_file.html
[2007/07/16 11:37:39 | 000,154,206 | ---- | C] () -- E:\Windows\System32\atiicdxx.dat
[2007/05/31 12:44:37 | 000,012,288 | ---- | C] () -- E:\Windows\System32\drivers\ncfvcom.sys
[2007/04/22 05:36:37 | 000,000,094 | ---- | C] () -- E:\Users\Markus\AppData\Local\fusioncache.dat
[2007/04/22 05:33:48 | 000,019,456 | ---- | C] () -- E:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/19 12:24:58 | 000,033,676 | ---- | C] () -- E:\Windows\System32\emptyregdb.dat
[2007/04/19 12:02:51 | 000,066,048 | R--- | C] () -- E:\Windows\System32\hcwXDS.dll
[2007/04/19 12:02:28 | 000,005,810 | R--- | C] () -- E:\Windows\System32\drivers\ASACPI.sys
[2007/03/25 05:57:17 | 000,016,354 | ---- | C] () -- E:\Windows\Ascd_log.ini
[2007/03/25 05:56:13 | 000,024,576 | R--- | C] () -- E:\Windows\System32\AsIO.dll
[2007/03/25 05:56:13 | 000,005,685 | R--- | C] () -- E:\Windows\System32\drivers\AsIO.sys
[2007/03/25 05:55:42 | 000,016,316 | ---- | C] () -- E:\Windows\Ascd_tmp.ini
[2007/03/25 05:55:33 | 000,005,824 | ---- | C] () -- E:\Windows\System32\drivers\ASUSHWIO.SYS
[2007/03/24 17:14:19 | 000,006,064 | ---- | C] () -- E:\Windows\System32\d3d9caps.dat
[2007/03/19 13:27:47 | 000,000,403 | ---- | C] () -- E:\Windows\ODBC.INI
[2007/03/15 14:26:20 | 000,000,957 | ---- | C] () -- E:\Windows\PVAStrumento.ini
[2007/03/10 07:51:48 | 000,282,624 | ---- | C] () -- E:\Windows\System32\xvidvfw.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- E:\Windows\AviSplitter.INI
[2007/01/27 06:08:03 | 000,003,303 | ---- | C] () -- E:\Windows\tm.ini
[2007/01/27 05:09:18 | 000,000,244 | ---- | C] () -- E:\Windows\BUHL.INI
[2007/01/12 05:30:09 | 000,520,192 | ---- | C] () -- E:\Windows\System32\ati2sgag.exe
[2007/01/12 05:05:21 | 000,006,344 | ---- | C] () -- E:\Windows\HCWPNP.INI
[2007/01/12 04:56:23 | 000,000,082 | ---- | C] () -- E:\Windows\RelictEPG.INI
[2007/01/12 04:34:28 | 000,000,050 | ---- | C] () -- E:\Windows\Winamp.ini
[2007/01/11 18:12:30 | 000,004,619 | ---- | C] () -- E:\Windows\mozver.dat
[2007/01/11 18:04:46 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat
[2007/01/11 17:30:37 | 000,004,161 | ---- | C] () -- E:\Windows\ODBCINST.INI
[2006/11/02 11:33:31 | 000,642,298 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,133,220 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,262,232 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- E:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,607,332 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,109,810 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- E:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- E:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2006/02/25 14:09:38 | 000,774,144 | ---- | C] () -- E:\Windows\System32\xvidcore.dll
[2001/10/28 12:42:30 | 000,116,224 | ---- | C] () -- E:\Windows\System32\pdfcmnnt.dll

========== LOP Check ==========

[2007/04/19 12:07:34 | 000,000,000 | ---D | M] -- E:\ProgramData\Acronis
[2007/04/19 12:33:05 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2009/07/11 05:48:56 | 000,000,000 | ---D | M] -- E:\ProgramData\AutomatedQA
[2008/03/22 14:18:06 | 000,000,000 | ---D | M] -- E:\ProgramData\Buhl Data Service GmbH
[2007/09/29 09:42:21 | 000,000,000 | ---D | M] -- E:\ProgramData\CMUV
[2008/04/05 17:03:19 | 000,000,000 | ---D | M] -- E:\ProgramData\CodeGear
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2007/04/19 12:33:05 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2007/04/19 12:08:39 | 000,000,000 | -HSD | M] -- E:\ProgramData\DRM
[2007/09/29 12:07:07 | 000,000,000 | ---D | M] -- E:\ProgramData\DVBViewer GE
[2009/12/30 16:52:25 | 000,000,000 | ---D | M] -- E:\ProgramData\Eastman Kodak Company
[2010/03/09 14:11:24 | 000,000,000 | ---D | M] -- E:\ProgramData\Embarcadero
[2007/04/19 12:33:05 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2008/05/12 13:55:14 | 000,000,000 | ---D | M] -- E:\ProgramData\FlashFXP
[2007/04/19 12:07:35 | 000,000,000 | ---D | M] -- E:\ProgramData\fun communications
[2009/01/10 10:41:39 | 000,000,000 | ---D | M] -- E:\ProgramData\Graboid Inc
[2011/07/27 14:37:17 | 000,000,000 | ---D | M] -- E:\ProgramData\IBM
[2009/01/10 12:25:01 | 000,000,000 | ---D | M] -- E:\ProgramData\Launcher
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2007/04/19 12:33:05 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2008/06/06 08:23:33 | 000,000,000 | ---D | M] -- E:\ProgramData\T-Online
[2007/04/19 12:07:36 | 000,000,000 | ---D | M] -- E:\ProgramData\tax
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2010/02/09 12:40:28 | 000,000,000 | ---D | M] -- E:\ProgramData\TomTom
[2007/04/19 12:33:05 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2012/04/07 07:57:46 | 000,000,000 | ---D | M] -- E:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/19 03:29:52 | 000,000,000 | ---D | M] -- E:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/09/14 06:01:59 | 000,000,000 | -H-D | M] -- E:\ProgramData\{7A0BDD12-2C4E-4120-BFFF-7B14DA13BE27}
[2008/04/05 16:59:05 | 000,000,000 | ---D | M] -- E:\ProgramData\{AB3EC276-D261-4943-A921-1CC1C6799AED}
[2008/04/05 17:10:17 | 000,000,000 | -H-D | M] -- E:\ProgramData\{B59CE2E6-B15A-4F23-BD0E-72BF2ADDC3C7}
[2008/04/05 16:59:25 | 000,000,000 | -H-D | M] -- E:\ProgramData\{BB9698C8-6CDB-4A48-90AB-23351A9EB3D0}
[2007/12/22 08:00:01 | 000,000,000 | -H-D | M] -- E:\ProgramData\{F8A40727-EACF-4A3C-98D4-35C3FE65C306}
[2007/05/17 13:50:58 | 000,000,000 | ---D | M] -- E:\ProgramData\~0
[2009/07/04 11:23:40 | 000,000,000 | -H-D | M] -- E:\ProgramData\~1
[2009/07/04 11:23:41 | 000,000,000 | -H-D | M] -- E:\ProgramData\~2
[2010/03/13 05:29:24 | 000,000,000 | -H-D | M] -- E:\ProgramData\~3
[2010/03/13 05:29:24 | 000,000,000 | -H-D | M] -- E:\ProgramData\~4
[2007/05/12 14:08:57 | 000,000,470 | ---- | M] () -- E:\Windows\Tasks\ProgDVB_StartRecord_ATV+_Notting_Hill_12052007_00_57.job
[2007/05/12 14:08:57 | 000,000,356 | ---- | M] () -- E:\Windows\Tasks\ProgDVB_StopRecord_ATV+_Notting_Hill_12052007_05_34.job
[2006/11/02 09:09:53 | 000,000,484 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> E:\Windows:5BEE7793EAE2AF26
< End of report >

Hallo help120513,

===== Punkt 1 =====

Code:

IE - HKU\S-1-5-21-1801674531-299502267-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 130.92.70.251:3124

hast Du diesen Proxy bewusst und absichtlich so eingetragen?
130.92.70.251/planetlab01.cnds.unibe.ch IP Address WHOIS | DomainTools.com

===== Punkt 2 =====

Fixen mit OTL

Hiermit fixen wir unnötige oder schädliche Einträge.

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1801674531-299502267-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1801674531-299502267-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1801674531-299502267-839522115-1003\..\SearchScopes\{4D502C4A-1AA6-44AB-8B68-204BF79009AC}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}

FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

O4 - HKU\S-1-5-21-1801674531-299502267-839522115-1003..\Run: [UpgradeChecker] D:\Users\Markus\AppData\Roaming\Dropbox\{CEBBD3BF-2A60-4BDD-BE78-18D9A2CE59F2}\UpgradeChecker.exe File not found

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175332830343 (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

 

:Files

ipconfig /flushdns /c

 

:Reg

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"

 

:Commands

[emptytemp]

Schließe alle Programme ink. z. B. Verhaltensüberwachung von Antivirus-Programmen.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

===== Punkt 3 =====

Welche Java-Version ist installiert?

Kontrolliere über Systemsteuerung => Programme, welche Java-Version installiert ist.
Falls es nicht Java Version 6 Update 32 ist:
Systemsteuerung => Java => Aktualisierung => Jetzt aktualisieren.

Unter Systemsteuerung => Java => Aktualisierung einstellen:
Benachrichtigung ausgeben => Vor der Installation
Haken bei Automatisch nach Aktualisierung suchen machen und unter Erweitert auf "Wöchentlich" einstellen.

Eventuell vorhandene ältere Versionen von Java über Systemsteuerung => Programme deinstallieren und ggfs. auch im Firefox unter Addons => Erweiterungen die alten Java-Versionen entfernen. Bei Dir sind das:

Java(TM) 6 Update 24
J2SE Runtime Environment 5.0 Update 10
Java(TM) SE Runtime Environment 6 Update 1

Auch die EntwicklerTools müssen aktuell sein.
Wenn Du sie nicht mehr brauchst, bitte deinstallieren.

J2ME Wireless Toolkit 1.0.4_02
Java(TM) SE Development Kit 6 Update 1
Java EE 5 Tools Bundle
Nokia Prototype SDK 4.0 for Java(tm) ME

Die Offline-Version von Java Version 6 Update 31 von Oracle findest Du hier. Achte bei der Installation darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

User mit 64Bit-System sollten die 32Bit-Version installieren. Es hat sich mehrfach gezeigt, dass die 64Bit-Version Probleme bereitet.

Java-Cache leeren

Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK

===== Punkt 4 =====

Filesharing

Ich poste mal folgenden Hinweis, nicht mit erhobenem Zeigefinger, sondern weil Du Dir dessen vielleicht nicht bewusst bist. Du benutzt P2P-Programme. Wenn Du ein sauberes System bekommen respektive behalten möchtest, solltest Du auf den Download von Software aus solchen Quellen verzichten, denn auch wenn das P2P-Programm selbst "sauber" ist, bewahrt es Dich nicht davor, evtl. schädliche Programme auf Deinen Rechner zu holen.

Zitat:

Filesharing P2P Programme (Internet-Tauschbörsen) wie z. B. BitTorrent, eMule, KaZaa, Morpheus, Shareaza gehören leider zu den unseriösesten Anbietern von Downloads. Es werdennders vorsichtig damit umgehen und die Downloads vor dem Entpacken/Benutzen bei VirusTotal online prüfen lassen! Laut Studien sind 45% der über Tauschbörsen zum Download angebotenen Dateien mit Viren, Trojanern, Würmern oder sonstigen Schädlinge verseucht. Wie sollen die Viren-Programmierer auch sonst ihre Schätzchen verteilen! Hinzu kommt, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind und Du als Nutzer dadurch u. U. verleitet wirst, Straftaten zu begehen!

Du siehst, die Gefahr ist sehr groß, sich über diese Wege zu infizieren. Aus diesem Grund bereinige ich ausschließlich Systeme, die keine solchen Programme installiert haben und bitte Dich daher alle Programme, die in diese Richtung gehen, während unserer Bereinigung komplett und rückstandlos über Systemsteuerung => Software zu deinstallieren => µTorrent

===== Punkt 5 =====

Scan mit SystemLook

Hiermit prüfe ich, ob für diese Infektion übliche Einträge noch vorhanden sind. Das Tool ändert nichts, wirft mir nur die nötigen Infos aus.

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop (falls noch nicht vorhanden).

Download Mirror #1 - Download Mirror #2

User mit 64Bit-Windows-Versionen benutzen diese Version => http://jpshortstuff.247fixes.com/SystemLook_x64.exe

Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista- und Windows 7-User unbedingt mit Rechtsklick und als Administrator starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

::env :filefind explorer.exe userinit.exe
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.