Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Desktop schwarz und alle Programme im Startmenü verschwunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.06.2012, 13:17   #1
Jürg
 
Desktop schwarz und alle Programme im Startmenü verschwunden - Standard

Desktop schwarz und alle Programme im Startmenü verschwunden



Servus Leute,

meine Mom hat sich was eingefangen, also mim PC.

Beschreibung:
Windowos 7 startet normal, nur des Desktpo-Hintergrund ist schwarz und keine Icon bzw Programme mehr am Desktop sowie im Startmenü.
Wenn ich über Umwege den Explorer öffne, kann ich auch keine Daten auf der Festplatte erkennen, es ist also nichts zu sehen.
Ich kann über das Startmenü über "Programme und Dateien durchsuchen" nur interne Windows Programme (wie zB Systemsteuerung oder Netzwerk- und Freigabecenter) offen.
Im Abgesicherten Modus ist das ganz genau so!

Brauche Hilfe allein schaff ich das nicht

Danke

Jürge

Hi Leute,

ich hab in der Zwischenzeit das Board durchforstet und festgestellt das man in meinen Fall vermutlich eine OTLPE-BootCD braucht. Hab ich also schon mal vorbereitet...

nur ich kann den PC damit nicht Booten. Es kommt:

File SETUPREG.HIV could not be loaded.
The errer code is 32768

Setup cannot continue. Press any key to exit.


liegt das an mir, der CD oder dem PC?

danke

Soooo...

Den Scan mit OTLPEhab ich hinbekommen nur leider spuckt er mit nur die OTL.txt aus, die Extras.txt find ich nirgens. Darum hab ich den Scan zweimal ausgeführt:

Versuch 1
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/22/2012 6:20:23 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,023.00 Mb Total Physical Memory | 815.00 Mb Available Physical Memory | 80.00% Memory free
907.00 Mb Paging File | 851.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75.22 Gb Total Space | 52.74 Gb Free Space | 70.12% Space Free | Partition Type: NTFS
Drive D: | 70.90 Gb Total Space | 70.81 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive E: | 2.93 Gb Total Space | 2.89 Gb Free Space | 98.70% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 3.36 Gb Free Space | 89.81% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/06/16 11:40:58 | 000,113,120 | -H-- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/06 07:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/01/15 08:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/21 08:34:28 | 000,185,089 | -H-- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/13 10:48:18 | 000,108,289 | -H-- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System] --  -- (avcodldr)
DRV - [2009/11/25 06:19:02 | 000,056,816 | -H-- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:02:53 | 000,044,032 | -H-- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009/06/10 17:19:48 | 009,853,248 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/11 04:12:20 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 04:33:03 | 000,096,104 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 06:35:01 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Jutta_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Jutta_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Jutta_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 E2 7D 18 3A D1 CC 01  [binary data]
IE - HKU\Jutta_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 11:41:00 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/14 04:29:08 | 000,000,000 | -H-D | M]
 
[2010/03/17 14:04:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\Mozilla\Extensions
[2012/05/04 02:50:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\yusm587q.default\extensions
[2011/05/30 04:16:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\yusm587q.default\extensions\nostmp
[2010/03/17 14:04:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2012/06/16 11:40:59 | 000,085,472 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/04 03:12:04 | 000,001,392 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/04 03:12:04 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/04 03:12:04 | 000,001,153 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/04 03:12:04 | 000,006,805 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/04 03:12:04 | 000,001,178 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/04 03:12:04 | 000,001,105 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [kGACsYrmPjUu.exe] C:\ProgramData\kGACsYrmPjUu.exe ()
O4 - HKLM..\Run: [wPRiPBfrACTWLNJ.exe] C:\ProgramData\wPRiPBfrACTWLNJ.exe ()
O4 - HKU\Jutta_ON_C..\Run: [344B5A00]  File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 23040 = C:\PROGRA~2\LOCALS~1\Temp\msaepf.exe (ZyXEL)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Jutta_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Jutta_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jutta_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Jutta_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 09:06:42 | 000,000,053 | ---- | M] () - F:\AUTORUN.INF -- [ FAT ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/21 09:59:29 | 000,000,000 | -H-D | C] -- C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/06/21 09:52:16 | 000,000,000 | -H-D | C] -- C:\Windows\Minidump
[2012/06/21 05:31:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Local Settings
[2012/06/19 02:47:54 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 02:47:54 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 02:47:21 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 02:47:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 02:47:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 02:46:54 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 02:46:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/14 10:32:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 10:32:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 10:32:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 10:32:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 10:31:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/06/14 10:31:58 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 10:31:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 10:31:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 05:42:38 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/14 05:42:37 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/14 05:42:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/14 05:42:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/12 02:53:38 | 000,000,000 | -H-D | C] -- C:\Users\Jutta\Documents\OneNote-Notizbücher
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/22 11:06:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/22 11:06:46 | 804,954,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 07:10:44 | 000,000,679 | -H-- | M] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/22 02:32:18 | 000,000,112 | -H-- | M] () -- C:\ProgramData\-vmZl7rkRJhEoV2r
[2012/06/22 02:32:18 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-vmZl7rkRJhEoV2
[2012/06/22 02:32:17 | 000,000,655 | -H-- | M] () -- C:\Users\Jutta\Desktop\Data_Recovery.lnk
[2012/06/22 02:32:14 | 000,000,256 | -H-- | M] () -- C:\ProgramData\vmZl7rkRJhEoV2
[2012/06/22 02:29:05 | 000,304,640 | -H-- | M] () -- C:\Users\Jutta\AppData\Local\iibyk.exe
[2012/06/22 02:29:02 | 000,344,824 | -HS- | M] () -- C:\ProgramData\wPRiPBfrACTWLNJ.exe
[2012/06/21 10:04:20 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 10:04:20 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 09:59:15 | 000,253,688 | -H-- | M] () -- C:\ProgramData\vmZl7rkRJhEoV2.exe
[2012/06/21 09:52:07 | 127,576,501 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/21 08:31:23 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/21 08:31:23 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/21 08:31:23 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/06/21 08:31:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaillant winSOFT
[2012/06/21 08:31:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/06/21 08:31:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/06/21 08:31:22 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/21 08:31:22 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/21 08:18:32 | 000,344,824 | -HS- | M] () -- C:\ProgramData\kGACsYrmPjUu.exe
[2012/06/15 02:38:44 | 000,308,704 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/14 10:36:53 | 000,653,928 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2012/06/14 10:36:53 | 000,615,810 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 10:36:53 | 000,129,800 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2012/06/14 10:36:53 | 000,106,190 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/12 02:53:37 | 000,001,322 | -H-- | M] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 09:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 09:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files Created - No Company Name ==========
 
[2012/06/22 07:10:44 | 000,000,679 | -H-- | C] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/22 02:32:17 | 000,000,655 | -H-- | C] () -- C:\Users\Jutta\Desktop\Data_Recovery.lnk
[2012/06/22 02:31:29 | 000,344,824 | -HS- | C] () -- C:\ProgramData\wPRiPBfrACTWLNJ.exe
[2012/06/22 02:29:05 | 000,304,640 | -H-- | C] () -- C:\Users\Jutta\AppData\Local\iibyk.exe
[2012/06/21 09:59:32 | 000,000,112 | -H-- | C] () -- C:\ProgramData\-vmZl7rkRJhEoV2r
[2012/06/21 09:59:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-vmZl7rkRJhEoV2
[2012/06/21 09:59:26 | 000,000,256 | -H-- | C] () -- C:\ProgramData\vmZl7rkRJhEoV2
[2012/06/21 09:59:15 | 000,253,688 | -H-- | C] () -- C:\ProgramData\vmZl7rkRJhEoV2.exe
[2012/06/21 09:52:07 | 127,576,501 | -H-- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/21 08:20:56 | 000,344,824 | -HS- | C] () -- C:\ProgramData\kGACsYrmPjUu.exe
[2012/06/12 02:53:37 | 000,001,322 | -H-- | C] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2009/07/14 04:47:43 | 000,653,928 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,129,800 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,308,704 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,615,810 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,190 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/06/11 03:59:46 | 000,070,904 | -H-- | C] () -- C:\Windows\System32\ListLabel13JNI.dll
[2006/07/18 08:51:16 | 005,304,320 | -H-- | C] () -- C:\Windows\System32\digiSealApi.dll
[2000/05/26 05:28:00 | 000,016,183 | -H-- | C] () -- C:\Windows\System32\SELF32.INI
 
========== LOP Check ==========
 
[2012/05/02 14:12:16 | 000,000,000 | -H-D | M] -- C:\Users\Jutta\AppData\Roaming\Dvyitgtks
[2012/05/07 09:50:30 | 000,000,000 | -H-D | M] -- C:\Users\Jutta\AppData\Roaming\TeamViewer
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/06/21 05:31:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\Local Settings
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/01/10 03:38:53 | 000,032,632 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---



Versuch 2
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/22/2012 6:26:24 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,023.00 Mb Total Physical Memory | 755.00 Mb Available Physical Memory | 74.00% Memory free
907.00 Mb Paging File | 819.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75.22 Gb Total Space | 52.74 Gb Free Space | 70.12% Space Free | Partition Type: NTFS
Drive D: | 70.90 Gb Total Space | 70.81 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive E: | 2.93 Gb Total Space | 2.89 Gb Free Space | 98.70% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 3.36 Gb Free Space | 89.81% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/06/16 11:40:58 | 000,113,120 | -H-- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/06 07:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/01/15 08:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/21 08:34:28 | 000,185,089 | -H-- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/13 10:48:18 | 000,108,289 | -H-- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System] --  -- (avcodldr)
DRV - [2009/11/25 06:19:02 | 000,056,816 | -H-- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:02:53 | 000,044,032 | -H-- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009/06/10 17:19:48 | 009,853,248 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/11 04:12:20 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 04:33:03 | 000,096,104 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 06:35:01 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Jutta_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Jutta_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Jutta_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 E2 7D 18 3A D1 CC 01  [binary data]
IE - HKU\Jutta_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 11:41:00 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/14 04:29:08 | 000,000,000 | -H-D | M]
 
[2010/03/17 14:04:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\Mozilla\Extensions
[2012/05/04 02:50:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\yusm587q.default\extensions
[2011/05/30 04:16:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\yusm587q.default\extensions\nostmp
[2010/03/17 14:04:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2012/06/16 11:40:59 | 000,085,472 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/04 03:12:04 | 000,001,392 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/04 03:12:04 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/04 03:12:04 | 000,001,153 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/04 03:12:04 | 000,006,805 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/04 03:12:04 | 000,001,178 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/04 03:12:04 | 000,001,105 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [kGACsYrmPjUu.exe] C:\ProgramData\kGACsYrmPjUu.exe ()
O4 - HKLM..\Run: [wPRiPBfrACTWLNJ.exe] C:\ProgramData\wPRiPBfrACTWLNJ.exe ()
O4 - HKU\Jutta_ON_C..\Run: [344B5A00]  File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 23040 = C:\PROGRA~2\LOCALS~1\Temp\msaepf.exe (ZyXEL)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Jutta_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Jutta_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jutta_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Jutta_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 09:06:42 | 000,000,053 | ---- | M] () - F:\AUTORUN.INF -- [ FAT ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/22 18:24:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/21 09:59:29 | 000,000,000 | -H-D | C] -- C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/06/21 09:52:16 | 000,000,000 | -H-D | C] -- C:\Windows\Minidump
[2012/06/21 05:31:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Local Settings
[2012/06/19 02:47:54 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 02:47:54 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 02:47:21 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 02:47:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 02:47:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 02:46:54 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 02:46:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/14 10:32:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 10:32:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 10:32:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 10:32:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 10:31:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/06/14 10:31:58 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 10:31:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 10:31:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 05:42:38 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/14 05:42:37 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/14 05:42:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/14 05:42:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/12 02:53:38 | 000,000,000 | -H-D | C] -- C:\Users\Jutta\Documents\OneNote-Notizbücher
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/22 11:06:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/22 11:06:46 | 804,954,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 07:10:44 | 000,000,679 | -H-- | M] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/22 02:32:18 | 000,000,112 | -H-- | M] () -- C:\ProgramData\-vmZl7rkRJhEoV2r
[2012/06/22 02:32:18 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-vmZl7rkRJhEoV2
[2012/06/22 02:32:17 | 000,000,655 | -H-- | M] () -- C:\Users\Jutta\Desktop\Data_Recovery.lnk
[2012/06/22 02:32:14 | 000,000,256 | -H-- | M] () -- C:\ProgramData\vmZl7rkRJhEoV2
[2012/06/22 02:29:05 | 000,304,640 | -H-- | M] () -- C:\Users\Jutta\AppData\Local\iibyk.exe
[2012/06/22 02:29:02 | 000,344,824 | -HS- | M] () -- C:\ProgramData\wPRiPBfrACTWLNJ.exe
[2012/06/21 10:04:20 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 10:04:20 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 09:59:15 | 000,253,688 | -H-- | M] () -- C:\ProgramData\vmZl7rkRJhEoV2.exe
[2012/06/21 09:52:07 | 127,576,501 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/21 08:31:23 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/21 08:31:23 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/21 08:31:23 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/06/21 08:31:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaillant winSOFT
[2012/06/21 08:31:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/06/21 08:31:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/06/21 08:31:22 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/21 08:31:22 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/21 08:18:32 | 000,344,824 | -HS- | M] () -- C:\ProgramData\kGACsYrmPjUu.exe
[2012/06/15 02:38:44 | 000,308,704 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/14 10:36:53 | 000,653,928 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2012/06/14 10:36:53 | 000,615,810 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 10:36:53 | 000,129,800 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2012/06/14 10:36:53 | 000,106,190 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/12 02:53:37 | 000,001,322 | -H-- | M] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 09:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 09:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files Created - No Company Name ==========
 
[2012/06/22 07:10:44 | 000,000,679 | -H-- | C] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/22 02:32:17 | 000,000,655 | -H-- | C] () -- C:\Users\Jutta\Desktop\Data_Recovery.lnk
[2012/06/22 02:31:29 | 000,344,824 | -HS- | C] () -- C:\ProgramData\wPRiPBfrACTWLNJ.exe
[2012/06/22 02:29:05 | 000,304,640 | -H-- | C] () -- C:\Users\Jutta\AppData\Local\iibyk.exe
[2012/06/21 09:59:32 | 000,000,112 | -H-- | C] () -- C:\ProgramData\-vmZl7rkRJhEoV2r
[2012/06/21 09:59:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-vmZl7rkRJhEoV2
[2012/06/21 09:59:26 | 000,000,256 | -H-- | C] () -- C:\ProgramData\vmZl7rkRJhEoV2
[2012/06/21 09:59:15 | 000,253,688 | -H-- | C] () -- C:\ProgramData\vmZl7rkRJhEoV2.exe
[2012/06/21 09:52:07 | 127,576,501 | -H-- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/21 08:20:56 | 000,344,824 | -HS- | C] () -- C:\ProgramData\kGACsYrmPjUu.exe
[2012/06/12 02:53:37 | 000,001,322 | -H-- | C] () -- C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2009/07/14 04:47:43 | 000,653,928 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,129,800 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,308,704 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,615,810 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,190 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/06/11 03:59:46 | 000,070,904 | -H-- | C] () -- C:\Windows\System32\ListLabel13JNI.dll
[2006/07/18 08:51:16 | 005,304,320 | -H-- | C] () -- C:\Windows\System32\digiSealApi.dll
[2000/05/26 05:28:00 | 000,016,183 | -H-- | C] () -- C:\Windows\System32\SELF32.INI
 
========== LOP Check ==========
 
[2012/05/02 14:12:16 | 000,000,000 | -H-D | M] -- C:\Users\Jutta\AppData\Roaming\Dvyitgtks
[2012/05/07 09:50:30 | 000,000,000 | -H-D | M] -- C:\Users\Jutta\AppData\Roaming\TeamViewer
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/06/21 05:31:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\Local Settings
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/03/17 13:09:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/01/10 03:38:53 | 000,032,632 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---


Ich hoffe das es schon mal was bringt...

Alt 24.06.2012, 19:04   #2
Jürg
 
Desktop schwarz und alle Programme im Startmenü verschwunden - Standard

Desktop schwarz und alle Programme im Startmenü verschwunden



Hallo Leute,

mein Problem hat sich erledigt. Hab alle Platten formatiert, der PC sollte ja morgen wieder laufen. Da der PC eigentlich nur ein Kaufmännischesprogramm als Client drauf hat installier ich das heut abend nochmal neu.

ich denk das mit Format C: auch alle Schadsoftware vernichtet ist, oder?

Ich bedanke mich trotzdem, da ich bestimmt nicht das letzte mal hier war.
Das Forum ist sehr informativ, macht weiter so.
__________________


Alt 26.08.2012, 02:05   #3
t'john
/// Helfer-Team
 
Desktop schwarz und alle Programme im Startmenü verschwunden - Standard

Desktop schwarz und alle Programme im Startmenü verschwunden



Zitat:
ich denk das mit Format C: auch alle Schadsoftware vernichtet ist, oder?
Am besten vorher Partition loeschen!
__________________
__________________

Alt 07.10.2012, 00:29   #4
t'john
/// Helfer-Team
 
Desktop schwarz und alle Programme im Startmenü verschwunden - Standard

Desktop schwarz und alle Programme im Startmenü verschwunden



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Desktop schwarz und alle Programme im Startmenü verschwunden
abgesicherten, dateien, daten, desktop, desktop schwarz, eingefangen, erkennen, explorer, festplatte, gen, icon, interne, langs, launch, leute, modus, msn deutschland, nichts, platte, programme, schwarz, security scan, servus, starte, startet, systems, systemsteuerung, verschwunden, windows



Ähnliche Themen: Desktop schwarz und alle Programme im Startmenü verschwunden


  1. schwarzer desktop und alle datein + programme verschwunden
    Log-Analyse und Auswertung - 07.10.2012 (26)
  2. Trojaner(?): Festplatte angeblich kaputt, Desktop ist schwarz, Startmenü leer
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (14)
  3. S.M.A.R.T data recovery - Desktop schwarz, Daten versteckt, Startmenü leer
    Log-Analyse und Auswertung - 14.05.2012 (3)
  4. SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (25)
  5. TaskManager weg, Desktop/Startmenü leer, Wallpaper schwarz
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  6. SecurityCenter, Desktop schwarz, Startmenü leer...
    Plagegeister aller Art und deren Bekämpfung - 19.01.2012 (3)
  7. Desktop schwarz, Startmenü leer, HDD
    Plagegeister aller Art und deren Bekämpfung - 13.12.2011 (3)
  8. dwl3gina.dll Desktop bleibt nach Login schwarz, aber trotzdem Zugriff auf alle Dateien/Programme...
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (5)
  9. Desktop schwarz, alle Dateien und viele Programme weg, falsche Fehlermeldung
    Log-Analyse und Auswertung - 12.10.2011 (9)
  10. TaskManager weg, Desktop/Startmenü leer, Wallpaper schwarz
    Plagegeister aller Art und deren Bekämpfung - 30.09.2011 (9)
  11. Alle Dateien und Programme weg, Desktop schwarz
    Plagegeister aller Art und deren Bekämpfung - 08.09.2011 (19)
  12. Desktop schwarz, Startmenü leer, HDD angeblich kaputt
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (14)
  13. Desktop schwarz, Startmenü leer, HDD
    Plagegeister aller Art und deren Bekämpfung - 07.06.2011 (23)
  14. Nach Virusmeldung Desktop schwarz & Dateien verschwunden
    Log-Analyse und Auswertung - 05.06.2011 (19)
  15. Desktop schwarz. Ordner verschwunden
    Log-Analyse und Auswertung - 24.05.2011 (5)
  16. Nach Trojaner Desktop schwarz Programme und Dateien verschwunden
    Log-Analyse und Auswertung - 23.05.2011 (39)

Zum Thema Desktop schwarz und alle Programme im Startmenü verschwunden - Servus Leute, meine Mom hat sich was eingefangen, also mim PC. Beschreibung: Windowos 7 startet normal, nur des Desktpo-Hintergrund ist schwarz und keine Icon bzw Programme mehr am Desktop sowie - Desktop schwarz und alle Programme im Startmenü verschwunden...
Archiv
Du betrachtest: Desktop schwarz und alle Programme im Startmenü verschwunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.