Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Otlpe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 02.03.2012, 21:36   #1
dariiijan
 
Otlpe - Standard

Otlpe



Hallo.

Ich brauch ganz dringend hilfe.. Hab mir mal das alles durchgelesenw as ihr über das OTLPE geschrieben habts und hab versucht den Fix.txt von den anderen threads zu nehmen nur irgendwie hat es nicht geklappt... Hier mein scan:

OTL logfile created on: 3/2/2012 9:32:01 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 30.65 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 136.83 Gb Free Space | 94.99% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/12/14 06:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 06:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/30 06:28:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/08 11:23:57 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/28 11:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 03:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2008/04/15 10:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/03/21 06:22:52 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/17 22:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/04 16:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 11:35:02 | 000,081,504 | ---- | M] () [Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/06 09:15:28 | 000,110,592 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (hwusbdev)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - [2011/11/24 09:34:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/06/30 06:28:09 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 06:28:09 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/10 01:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/05/11 02:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/05/09 05:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/04/27 17:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/04/20 22:14:00 | 007,444,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/04/20 22:14:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/20 22:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/04/14 21:20:48 | 000,025,856 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVerA310USB.sys -- (A310)
DRV - [2008/04/14 21:20:38 | 000,042,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVerA310Cap.sys -- (BDASwCap)
DRV - [2008/03/21 03:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/17 05:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/02/29 02:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/16 11:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/12/16 10:57:20 | 000,075,776 | ---- | M] (Wasay) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/03/28 00:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2001/05/07 05:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0908&m=aspire_7730g
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Red_Star_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0908&m=aspire_7730g
IE - HKU\Red_Star_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\Red_Star_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Red_Star_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ig?hl=de
IE - HKU\Red_Star_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Red_Star_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\Red_Star_ON_C\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)
IE - HKU\Red_Star_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Red_Star_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/05 10:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/24 10:22:52 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/10 12:44:40 | 000,000,743 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)
O3 - HKU\Red_Star_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\Red_Star_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\Red_Star_ON_C\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Red_Star_ON_C..\Run: [12022411] File not found
O4 - HKU\Red_Star_ON_C..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\Red_Star_ON_C..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\Red_Star_ON_C..\Run: [VX2bt1oYNKCLnkO] C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O4 - HKU\Red_Star_ON_C..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: Error locating startup folders.
O7 - HKU\Red_Star_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Red_Star_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Red_Star_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Red_Star_ON_C Winlogon: Shell - (C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O20 - HKU\Red_Star_ON_C Winlogon: UserInit - (C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 20:56:57 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/03/02 20:56:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/29 11:20:39 | 000,305,152 | ---- | C] (Cutting Edge Software Inc.) -- C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe
[2012/02/08 08:28:21 | 000,000,000 | ---D | C] -- C:\Users\Red Star\AppData\Roaming\.minecraft
[2012/02/07 13:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2008/07/22 03:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2012/03/02 15:10:34 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012/03/02 15:09:08 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012/03/02 15:06:33 | 000,042,844 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/03/02 15:06:33 | 000,042,844 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/03/02 15:06:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/02 15:06:26 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/03/02 15:06:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 15:06:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 11:56:27 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/02/29 11:56:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/29 11:56:27 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/02/29 11:56:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/29 11:44:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/29 11:20:38 | 000,305,152 | ---- | M] (Cutting Edge Software Inc.) -- C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe
[2012/02/20 16:08:19 | 000,002,637 | ---- | M] () -- C:\Users\Red Star\Desktop\Microsoft Office Word 2003.lnk
[2012/02/20 14:48:31 | 000,000,564 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Red Star.job
[2012/02/19 06:17:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/19 06:09:06 | 000,000,680 | ---- | M] () -- C:\Users\Red Star\AppData\Local\d3d9caps.dat
[2012/02/11 13:05:43 | 001,274,964 | ---- | M] () -- C:\Users\Red Star\Desktop\mcpatcher-2.3.2_01.exe
[2012/02/10 10:47:01 | 000,047,993 | ---- | M] () -- C:\Users\Red Star\Desktop\TooManyItems2012_01_12.zip
[2012/02/07 16:17:39 | 000,270,142 | ---- | M] () -- C:\Users\Red Star\Desktop\Minecraft1.1.exe
[2012/02/06 07:47:43 | 000,089,249 | ---- | M] () -- C:\Users\Red Star\Desktop\ModLoader.zip
[2012/02/06 07:41:31 | 000,059,122 | ---- | M] () -- C:\Users\Red Star\Desktop\mod_thx_helicopter_m1.1_v015-bin.zip

========== Files Created - No Company Name ==========

[2012/02/19 06:09:06 | 000,000,680 | ---- | C] () -- C:\Users\Red Star\AppData\Local\d3d9caps.dat
[2012/02/11 13:05:42 | 001,274,964 | ---- | C] () -- C:\Users\Red Star\Desktop\mcpatcher-2.3.2_01.exe
[2012/02/10 10:47:00 | 000,047,993 | ---- | C] () -- C:\Users\Red Star\Desktop\TooManyItems2012_01_12.zip
[2012/02/07 16:17:37 | 000,270,142 | ---- | C] () -- C:\Users\Red Star\Desktop\Minecraft1.1.exe
[2012/02/06 08:27:26 | 000,089,249 | ---- | C] () -- C:\Users\Red Star\Desktop\ModLoader.zip
[2012/02/06 07:41:30 | 000,059,122 | ---- | C] () -- C:\Users\Red Star\Desktop\mod_thx_helicopter_m1.1_v015-bin.zip
[2011/07/04 07:16:33 | 000,107,976 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/10 13:53:43 | 000,031,007 | ---- | C] () -- C:\Users\Red Star\AppData\Roaming\UserTile.png
[2011/02/05 10:42:15 | 000,233,516 | ---- | C] () -- C:\Windows\hpoins47.dat
[2010/10/09 10:58:04 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/03/31 18:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2009/03/23 12:41:59 | 000,004,096 | -H-- | C] () -- C:\Users\Red Star\AppData\Local\keyfile3.drm
[2008/12/06 15:45:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/10 11:09:57 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/11/10 11:09:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/08 11:48:41 | 000,026,624 | ---- | C] () -- C:\Users\Red Star\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/03 13:17:26 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/09/13 04:02:34 | 000,042,844 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/09/13 04:02:22 | 000,042,844 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/09/13 03:28:25 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/09/13 03:28:25 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/09/13 03:28:25 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/04/18 13:25:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/18 04:49:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/04/18 04:49:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/18 03:56:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/04/18 03:52:45 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/04/18 03:42:52 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/04/18 03:42:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/04/18 03:42:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/04/18 03:42:52 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/01/21 02:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 02:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 07:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,349,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/26 09:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 16:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 09:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 15:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/12/06 15:08:16 | 000,000,000 | -HSD | M] -- C:\Users\Red Star\AppData\Roaming\.#
[2012/02/19 13:14:24 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\.minecraft
[2008/04/18 04:11:32 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\Acer GameZone Console
[2011/06/14 06:33:50 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\Babylon
[2008/11/04 08:34:19 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\Big Fish Games
[2010/09/10 13:45:47 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/08/25 14:26:04 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\DVDVideoSoft
[2011/08/25 14:18:17 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\DVDVideoSoftIEHelpers
[2008/12/14 15:02:53 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\eSobi
[2010/01/26 15:35:11 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\FloodLightGames
[2011/06/08 06:25:31 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\Program Files
[2009/11/28 16:41:18 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\SPORE
[2011/12/14 12:36:02 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\TuneUp Software
[2011/12/16 12:58:29 | 000,000,000 | ---D | M] -- C:\Users\Red Star\AppData\Roaming\Uniblue
[2010/04/27 15:07:25 | 000,000,000 | ---D | M] -- C:\ProgramData\12022411
[2008/04/18 04:11:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console
[2008/11/03 12:13:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/11/07 10:44:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Arcade Lab
[2012/02/29 11:28:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/11/03 12:13:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/08/10 09:23:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008/04/18 04:43:25 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2008/11/03 12:13:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/04/18 04:00:31 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames
[2011/12/18 10:02:43 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2008/11/03 13:18:05 | 000,000,000 | ---D | M] -- C:\ProgramData\InterAction studios
[2008/11/03 12:47:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games
[2011/12/16 12:56:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium
[2008/11/03 13:41:04 | 000,000,000 | ---D | M] -- C:\ProgramData\SpinTop Games
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/11/03 12:13:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/12/18 08:59:58 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM
[2011/12/14 12:51:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2011/01/16 14:20:51 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/01/22 08:43:39 | 000,000,000 | ---D | M] -- C:\ProgramData\TrackMania
[2011/12/14 12:36:56 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2012/02/07 13:59:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue
[2008/11/03 12:13:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/04/18 04:25:01 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/12/14 12:34:30 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/06/28 11:34:43 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/02 15:09:08 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012/02/26 06:36:24 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4F636E25
< End of report >


kann mir jemand helfen?

Danke im voraus!

Alt 03.03.2012, 15:07   #2
markusg
/// Malware-holic
 
Otlpe - Standard

Otlpe



hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - HKU\Red_Star_ON_C..\Run: [VX2bt1oYNKCLnkO] C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O7 - HKU\Red_Star_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Red_Star_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Red_Star_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKU\Red_Star_ON_C Winlogon: Shell - (C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe (Cutting
Edge Software Inc.)
O20 - HKU\Red_Star_ON_C Winlogon: UserInit - (C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe (Cutting
Edge Software Inc.)
:Files
C:\Users\Red Star\AppData\Roaming\h6s5ruij653.exe

:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.



starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Antwort

Themen zu Otlpe
alternate, antivir, autorun, avira, babylon, babylon toolbar, babylontoolbar, bho, bingbar, bonjour, conduit, dealply, defender, desktop, disabletaskmgr, download, dringend, driverscanner, error, explorer, firefox, format, helper, home, launch, logfile, microsoft office word, nvidia, object, pdf, plug-in, popup, realtek, registry, scan, security scan, software, sweetim, tarma, version=1.0, vista, yontoo



Ähnliche Themen: Otlpe


  1. OTLpe Logauswertung
    Log-Analyse und Auswertung - 06.10.2013 (4)
  2. BKA Trojaner: Otlpe fix.txt
    Log-Analyse und Auswertung - 09.04.2013 (8)
  3. OTLPE Ergebnisse hab ich, was nun?
    Log-Analyse und Auswertung - 24.01.2013 (27)
  4. Otlpe fix.txt
    Log-Analyse und Auswertung - 04.07.2012 (1)
  5. AKM-Trojaner, OTLPE
    Log-Analyse und Auswertung - 31.05.2012 (20)
  6. GVU Trojaner, OTLPE von Cd
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (17)
  7. (2x) GVU Trojaner, OTLPE von Cd
    Mülltonne - 26.03.2012 (3)
  8. Problem mit OTLPE
    Antiviren-, Firewall- und andere Schutzprogramme - 21.03.2012 (3)
  9. OTLPE Custom FIX
    Log-Analyse und Auswertung - 05.03.2012 (4)
  10. OTLPE log bei BKA-Trojaner
    Log-Analyse und Auswertung - 15.07.2011 (7)
  11. OTLPE und bundespolizeitrojaner
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (34)
  12. OTLpe
    Anleitungen, FAQs & Links - 27.08.2010 (2)

Zum Thema Otlpe - Hallo. Ich brauch ganz dringend hilfe.. Hab mir mal das alles durchgelesenw as ihr über das OTLPE geschrieben habts und hab versucht den Fix.txt von den anderen threads zu nehmen - Otlpe...
Archiv
Du betrachtest: Otlpe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.