Hilfe!!! GVU - neverending story - wie werde ich den los???

Schiroleba · 18.01.2013, 02:50

Hallo Boardies ...
...ich habe mir auch den GVU Trojaner eingefangen.
Systemwiederherstellung über den abgesicherten Modus funzt nicht - Der Rechner startet immer wieder neu, d.h. ich komme gar nicht in den abgesicherten Modus.
Batch Rstrui.exe über die Wiederherstellungskonsole funzt auch nicht ... das Bild läuft so ca. 1min bis die Eingabeaufforderung wieder erscheint.
Habe auch die Kapersky Rescue Disc probiert über windowsunlocker und vollständigen Scan ... ohne Erfolg ... habe OTL auch probiert ... immer wieder kommt der graue Bildschirm und dann das typische GVU Bild ... könnt ihr mir helfen? Sitze nun mittlerweile seit Stunden an der Lösung des Problems - Bitte ohne "neuaufsetzen" ... Wäre cool, wenn mir jemand helfen könnte ... Gruß Schiroleba

Hier mal das OTL-Logfile

Code:

ATTFilter

OTL logfile created on: 1/18/2013 10:24:37 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
 
1,023.00 Mb Total Physical Memory | 780.00 Mb Available Physical Memory | 76.00% Memory free
907.00 Mb Paging File | 846.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 76.69 Gb Total Space | 20.89 Gb Free Space | 27.24% Space Free | Partition Type: NTFS
Drive D: | 189.91 Gb Total Space | 48.14 Gb Free Space | 25.35% Space Free | Partition Type: NTFS
Drive E: | 119.61 Mb Total Space | 7.08 Mb Free Space | 5.92% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (xmlprov)
SRV - File not found [On_Demand] --  -- (xControlCOM)
SRV - File not found [Auto] --  -- (WZCSVC)
SRV - File not found [Auto] --  -- (WudfSvc)
SRV - File not found [Auto] --  -- (wuauserv)
SRV - File not found [Auto] --  -- (wscsvc)
SRV - File not found [On_Demand] --  -- (WMPNetworkSvc)
SRV - File not found [On_Demand] --  -- (WmiApSrv)
SRV - File not found [On_Demand] --  -- (WmdmPmSN)
SRV - File not found [Auto] --  -- (winmgmt)
SRV - File not found [Auto] --  -- (WebClient)
SRV - File not found [Auto] --  -- (W32Time)
SRV - File not found [On_Demand] --  -- (VSS)
SRV - File not found [On_Demand] --  -- (UPS)
SRV - File not found [On_Demand] --  -- (upnphost)
SRV - File not found [Auto] --  -- (UleadBurningHelper)
SRV - File not found [Auto] --  -- (TrkWks) Überwachung verteilter Verknüpfungen (Client)
SRV - File not found [Auto] --  -- (Themes)
SRV - File not found [On_Demand] --  -- (TermService)
SRV - File not found [On_Demand] --  -- (TapiSrv)
SRV - File not found [On_Demand] --  -- (SysmonLog)
SRV - File not found [On_Demand] --  -- (SwPrv)
SRV - File not found [Auto] --  -- (stisvc) Windows-Bilderfassung (WIA)
SRV - File not found [On_Demand] --  -- (SSDPSRV)
SRV - File not found [Auto] --  -- (srservice)
SRV - File not found [Auto] --  -- (Spooler)
SRV - File not found [Auto] --  -- (ShellHWDetection)
SRV - File not found [Auto] --  -- (SharedAccess)
SRV - File not found [Auto] --  -- (SENS)
SRV - File not found [Auto] --  -- (seclogon)
SRV - File not found [Auto] --  -- (Schedule)
SRV - File not found [On_Demand] --  -- (SCardSvr)
SRV - File not found [Auto] --  -- (SamSs)
SRV - File not found [On_Demand] --  -- (RSVP)
SRV - File not found [Auto] --  -- (RpcSs) Remoteprozeduraufruf (RPC)
SRV - File not found [On_Demand] --  -- (RpcLocator)
SRV - File not found [Disabled] --  -- (RemoteAccess)
SRV - File not found [On_Demand] --  -- (RDSessMgr)
SRV - File not found [On_Demand] --  -- (RasMan)
SRV - File not found [On_Demand] --  -- (RasAuto)
SRV - File not found [Auto] --  -- (ProtectedStorage)
SRV - File not found [Auto] --  -- (PolicyAgent)
SRV - File not found [Auto] --  -- (PlugPlay)
SRV - File not found [On_Demand] --  -- (ose)
SRV - File not found [On_Demand] --  -- (NtmsSvc)
SRV - File not found [On_Demand] --  -- (NtLmSsp)
SRV - File not found [On_Demand] --  -- (Nla) NLA (Network Location Awareness)
SRV - File not found [Disabled] --  -- (NetTcpPortSharing)
SRV - File not found [On_Demand] --  -- (Netman)
SRV - File not found [On_Demand] --  -- (Netlogon)
SRV - File not found [Disabled] --  -- (NetDDEdsdm)
SRV - File not found [Disabled] --  -- (NetDDE)
SRV - File not found [On_Demand] --  -- (napagent) NAP-Agent (Network Access Protection)
SRV - File not found [On_Demand] --  -- (MSIServer)
SRV - File not found [On_Demand] --  -- (MSDTC)
SRV - File not found [On_Demand] --  -- (mnmsrvc)
SRV - File not found [Auto] --  -- (MGAFGEXE)
SRV - File not found [Disabled] --  -- (Messenger)
SRV - File not found [Auto] --  -- (LmHosts)
SRV - File not found [Auto] --  -- (LanmanWorkstation)
SRV - File not found [Auto] --  -- (LanmanServer)
SRV - File not found [Auto] --  -- (JavaQuickStarterService)
SRV - File not found [On_Demand] --  -- (ImapiService)
SRV - File not found [On_Demand] --  -- (idsvc)
SRV - File not found [On_Demand] --  -- (IDriverT)
SRV - File not found [On_Demand] --  -- (HTTPFilter)
SRV - File not found [On_Demand] --  -- (hkmsvc)
SRV - File not found [Disabled] --  -- (HidServ)
SRV - File not found [On_Demand] --  -- (gusvc)
SRV - File not found [On_Demand] --  -- (gupdatem) Google Update-Dienst (gupdatem)
SRV - File not found [Auto] --  -- (gupdate) Google Update Service (gupdate)
SRV - File not found [Auto] --  -- (GB-PVR Recording Service)
SRV - File not found [On_Demand] --  -- (FontCache3.0.0.0)
SRV - File not found [On_Demand] --  -- (FastUserSwitchingCompatibility)
SRV - File not found [On_Demand] --  -- (EventSystem)
SRV - File not found [Auto] --  -- (Eventlog)
SRV - File not found [Auto] --  -- (ERSvc)
SRV - File not found [On_Demand] --  -- (EapHost)
SRV - File not found [On_Demand] --  -- (Dot3svc) Automatische Konfiguration (verkabelt)
SRV - File not found [Auto] --  -- (Dnscache)
SRV - File not found [On_Demand] --  -- (dmserver)
SRV - File not found [On_Demand] --  -- (dmadmin)
SRV - File not found [Auto] --  -- (Dhcp)
SRV - File not found [Auto] --  -- (DcomLaunch)
SRV - File not found [Auto] --  -- (CryptSvc)
SRV - File not found [On_Demand] --  -- (COMSysApp)
SRV - File not found [On_Demand] --  -- (clr_optimization_v2.0.50727_32)
SRV - File not found [On_Demand] --  -- (ClipSrv)
SRV - File not found [On_Demand] --  -- (CiSvc)
SRV - File not found [Auto] --  -- (Browser)
SRV - File not found [Auto] --  -- (BITS)
SRV - File not found [On_Demand] --  -- (Autodesk Licensing Service)
SRV - File not found [Auto] --  -- (AudioSrv)
SRV - File not found [On_Demand] --  -- (aspnet_state)
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - File not found [Auto] --  -- (AntiVirService)
SRV - File not found [Auto] --  -- (AntiVirSchedulerService)
SRV - File not found [On_Demand] --  -- (ALG)
SRV - File not found [Disabled] --  -- (Alerter)
SRV - File not found [On_Demand] --  -- (AdobeFlashPlayerUpdateSvc)
SRV - [2008/04/13 21:22:23 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto] -- D:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WudfRd)
DRV - File not found [Kernel | Boot] --  -- (WudfPf)
DRV - File not found [Kernel | On_Demand] --  -- (WSTCODEC)
DRV - File not found [Kernel | System] --  -- (WS2IFSL)
DRV - File not found [Kernel | On_Demand] --  -- (WpdUsb)
DRV - File not found [Adapter | On_Demand] --  -- (Winsock)
DRV - File not found [Kernel | On_Demand] --  -- (Wibukey2)
DRV - File not found [Kernel | Auto] --  -- (WIBUKEY)
DRV - File not found [Kernel | On_Demand] --  -- (wdmaud)
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (wceusbsh)
DRV - File not found [Kernel | On_Demand] --  -- (Wanarp)
DRV - File not found [Kernel | Boot] --  -- (VolSnap)
DRV - File not found [Kernel | System] --  -- (VgaSave)
DRV - File not found [Kernel | On_Demand] --  -- (USBSTOR)
DRV - File not found [Kernel | On_Demand] --  -- (usbprint)
DRV - File not found [Kernel | On_Demand] --  -- (usbohci)
DRV - File not found [Kernel | On_Demand] --  -- (usbhub)
DRV - File not found [Kernel | On_Demand] --  -- (usbehci)
DRV - File not found [Kernel | On_Demand] --  -- (usbccgp)
DRV - File not found [Kernel | On_Demand] --  -- (usbaudio) USB-Audiotreiber (WDM)
DRV - File not found [Kernel | On_Demand] --  -- (Update)
DRV - File not found [Kernel | System] --  -- (TermDD)
DRV - File not found [Kernel | On_Demand] --  -- (TDTCP)
DRV - File not found [Kernel | On_Demand] --  -- (TDPIPE)
DRV - File not found [Kernel | System] --  -- (Tcpip)
DRV - File not found [Kernel | On_Demand] --  -- (sysaudio)
DRV - File not found [Kernel | On_Demand] --  -- (swmidi)
DRV - File not found [Kernel | On_Demand] --  -- (swenum)
DRV - File not found [Kernel | On_Demand] --  -- (streamip)
DRV - File not found [Kernel | System] --  -- (ssmdrv)
DRV - File not found [File_System | On_Demand] --  -- (Srv)
DRV - File not found [File_System | Boot] --  -- (sr)
DRV - File not found [Kernel | On_Demand] --  -- (splitter)
DRV - File not found [Kernel | On_Demand] --  -- (SONYPVU1) Sony USB-Filtertreiber (SONYPVU1)
DRV - File not found [Kernel | On_Demand] --  -- (sonypvs1)
DRV - File not found [Kernel | On_Demand] --  -- (SLIP)
DRV - File not found [Kernel | On_Demand] --  -- (siusbmod)
DRV - File not found [Kernel | On_Demand] --  -- (siellif)
DRV - File not found [Kernel | System] --  -- (Sfloppy)
DRV - File not found [Kernel | System] --  -- (Serial)
DRV - File not found [Kernel | On_Demand] --  -- (serenum)
DRV - File not found [Kernel | On_Demand] --  -- (seehcri)
DRV - File not found [Kernel | On_Demand] --  -- (Secdrv)
DRV - File not found [Kernel | On_Demand] --  -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - File not found [Kernel | On_Demand] --  -- (s3017obex)
DRV - File not found [Kernel | On_Demand] --  -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - File not found [Kernel | On_Demand] --  -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - File not found [Kernel | On_Demand] --  -- (s3017mdm)
DRV - File not found [Kernel | On_Demand] --  -- (s3017mdfl)
DRV - File not found [Kernel | On_Demand] --  -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - File not found [Kernel | On_Demand] --  -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - File not found [Kernel | On_Demand] --  -- (s0017obex)
DRV - File not found [Kernel | On_Demand] --  -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - File not found [Kernel | On_Demand] --  -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - File not found [Kernel | On_Demand] --  -- (s0017mdm)
DRV - File not found [Kernel | On_Demand] --  -- (s0017mdfl)
DRV - File not found [Kernel | On_Demand] --  -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - File not found [Kernel | On_Demand] --  -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - File not found [Kernel | On_Demand] --  -- (RTL8023xp)
DRV - File not found [Kernel | System] --  -- (redbook)
DRV - File not found [Kernel | On_Demand] --  -- (RDPWD)
DRV - File not found [Kernel | System] --  -- (RDPCDD)
DRV - File not found [File_System | System] --  -- (Rdbss)
DRV - File not found [Kernel | On_Demand] --  -- (Raspti) Parallelanschluss (direkt)
DRV - File not found [Kernel | On_Demand] --  -- (RasPppoe)
DRV - File not found [Kernel | On_Demand] --  -- (Rasl2tp) WAN-Miniport (L2TP)
DRV - File not found [Kernel | System] --  -- (RasAcd)
DRV - File not found [Kernel | On_Demand] --  -- (Ptilink)
DRV - File not found [Kernel | System] --  -- (Processor)
DRV - File not found [Kernel | On_Demand] --  -- (PptpMiniport) WAN-Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] --  -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | Boot] --  -- (PCIIde)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | Boot] --  -- (PCI)
DRV - File not found [Kernel | Auto] --  -- (ParVdm)
DRV - File not found [Kernel | Boot] --  -- (PartMgr)
DRV - File not found [Kernel | On_Demand] --  -- (Parport)
DRV - File not found [Kernel | Boot] --  -- (ohci1394)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (nvnetbus)
DRV - File not found [Kernel | On_Demand] --  -- (NVENETFD)
DRV - File not found [Kernel | Boot] --  -- (nv_agp)
DRV - File not found [Kernel | System] --  -- (Null)
DRV - File not found [File_System | System] --  -- (Npfs)
DRV - File not found [Kernel | On_Demand] --  -- (nm)
DRV - File not found [Kernel | On_Demand] --  -- (NIC1394)
DRV - File not found [Kernel | System] --  -- (NetBT)
DRV - File not found [File_System | System] --  -- (NetBIOS)
DRV - File not found [Kernel | On_Demand] --  -- (NDProxy)
DRV - File not found [Kernel | On_Demand] --  -- (NdisWan)
DRV - File not found [Kernel | On_Demand] --  -- (Ndisuio)
DRV - File not found [Kernel | On_Demand] --  -- (NdisTapi)
DRV - File not found [Kernel | On_Demand] --  -- (NdisIP)
DRV - File not found [Kernel | Auto] --  -- (NDISCAPI)
DRV - File not found [Kernel | Boot] --  -- (NDIS)
DRV - File not found [Kernel | On_Demand] --  -- (NABTSFEC)
DRV - File not found [File_System | Boot] --  -- (Mup)
DRV - File not found [Kernel | On_Demand] --  -- (MTXPARH)
DRV - File not found [Kernel | On_Demand] --  -- (MSTEE)
DRV - File not found [Kernel | On_Demand] --  -- (mssmbios)
DRV - File not found [Kernel | On_Demand] --  -- (MSPQM)
DRV - File not found [Kernel | On_Demand] --  -- (MSPCLOCK)
DRV - File not found [Kernel | On_Demand] --  -- (MSKSSRV)
DRV - File not found [File_System | System] --  -- (Msfs)
DRV - File not found [Kernel | On_Demand] --  -- (MSDV)
DRV - File not found [File_System | System] --  -- (MRxSmb)
DRV - File not found [File_System | On_Demand] --  -- (MRxDAV)
DRV - File not found [Kernel | On_Demand] --  -- (MPE)
DRV - File not found [Kernel | Boot] --  -- (MountMgr)
DRV - File not found [Kernel | On_Demand] --  -- (mouhid)
DRV - File not found [Kernel | System] --  -- (Mouclass)
DRV - File not found [Kernel | On_Demand] --  -- (Modem)
DRV - File not found [Kernel | System] --  -- (mnmdd)
DRV - File not found [Kernel | On_Demand] --  -- (MgaFG)
DRV - File not found [Kernel | On_Demand] --  -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand] --  -- (LMouFlt2)
DRV - File not found [Kernel | On_Demand] --  -- (LHidFlt2)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] --  -- (L8042pr2)
DRV - File not found [Kernel | Boot] --  -- (KSecDD)
DRV - File not found [Kernel | On_Demand] --  -- (kmixer)
DRV - File not found [Kernel | System] --  -- (Kbdclass)
DRV - File not found [Kernel | On_Demand] --  -- (IUAPIWDM) ISDN USB Interface (Ver. 1.10.0021)
DRV - File not found [Kernel | Boot] --  -- (isapnp)
DRV - File not found [Kernel | On_Demand] --  -- (IRENUM)
DRV - File not found [Kernel | System] --  -- (IPSec)
DRV - File not found [Kernel | On_Demand] --  -- (IpNat)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (IpFilterDriver)
DRV - File not found [Kernel | On_Demand] --  -- (Ip6Fw)
DRV - File not found [Kernel | System] --  -- (Imapi)
DRV - File not found [Kernel | System] --  -- (i8042prt)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (HTTP)
DRV - File not found [Kernel | On_Demand] --  -- (HRCMPA) ISDN Wan driver (Ver. 1.10.0021)
DRV - File not found [Kernel | On_Demand] --  -- (HidUsb)
DRV - File not found [23|25|26]xxx) [Kernel | On_Demand] --  -- (hcwPP2)
DRV - File not found [Kernel | On_Demand] --  -- (hcw88vid)
DRV - File not found [Kernel | On_Demand] --  -- (HCW88TSE)
DRV - File not found [Kernel | On_Demand] --  -- (HCW88BDA)
DRV - File not found [Kernel | Auto] --  -- (Hardlock)
DRV - File not found [Kernel | On_Demand] --  -- (Gpc)
DRV - File not found [Kernel | On_Demand] --  -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand] --  -- (Gigusb)
DRV - File not found [Kernel | Boot] --  -- (Ftdisk)
DRV - File not found [Recognizer | System] --  -- (Fs_Rec)
DRV - File not found [File_System | Boot] --  -- (FltMgr)
DRV - File not found [Kernel | On_Demand] --  -- (Flpydisk)
DRV - File not found [Kernel | System] --  -- (Fips)
DRV - File not found [Kernel | On_Demand] --  -- (Fdc)
DRV - File not found [Kernel | On_Demand] --  -- (DSDrv4)
DRV - File not found [Kernel | On_Demand] --  -- (drmkaud)
DRV - File not found [Kernel | On_Demand] --  -- (dot4usb)
DRV - File not found [Kernel | On_Demand] --  -- (Dot4Scan)
DRV - File not found [Kernel | On_Demand] --  -- (Dot4Print)
DRV - File not found [Kernel | On_Demand] --  -- (dot4)
DRV - File not found [Kernel | On_Demand] --  -- (DMusic)
DRV - File not found [Kernel | Boot] --  -- (Disk)
DRV - File not found [Kernel | System] --  -- (CINEMSUP)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | System] --  -- (Cdrom)
DRV - File not found [Kernel | System] --  -- (cdrbsvsd)
DRV - File not found [Kernel | System] --  -- (Cdaudio)
DRV - File not found [Kernel | On_Demand] --  -- (CCDECODE)
DRV - File not found [Kernel | On_Demand] --  -- (catchme)
DRV - File not found [Kernel | Auto] --  -- (CAPI)
DRV - File not found [Kernel | System] --  -- (Beep)
DRV - File not found [Kernel | System] --  -- (avkmgr)
DRV - File not found [Kernel | System] --  -- (avipbb)
DRV - File not found [File_System | Auto] --  -- (avgntflt)
DRV - File not found [Kernel | On_Demand] --  -- (Avc)
DRV - File not found [Kernel | On_Demand] --  -- (audstub)
DRV - File not found [Kernel | On_Demand] --  -- (Atmarpc)
DRV - File not found [Kernel | Boot] --  -- (atapi)
DRV - File not found [Kernel | On_Demand] --  -- (AsyncMac)
DRV - File not found [Kernel | On_Demand] --  -- (Arp1394)
DRV - File not found [Kernel | System] --  -- (AmdK8)
DRV - File not found [Kernel | On_Demand] --  -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - File not found [Kernel | On_Demand] --  -- (aksusb)
DRV - File not found [Kernel | On_Demand] --  -- (akshasp)
DRV - File not found [Kernel | On_Demand] --  -- (AIDA32Driver)
DRV - File not found [Kernel | System] --  -- (AFD)
DRV - File not found [Kernel | On_Demand] --  -- (aec)
DRV - File not found [Kernel | On_Demand] --  -- (actser)
DRV - File not found [Kernel | Boot] --  -- (ACPI)
DRV - File not found [Kernel | On_Demand] --  -- (61883)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:9202;https=localhost:9202;socks=Localhost:9203
 
IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Gast_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} -  File not found
 
 
IE - HKU\MATTMER_ON_D\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\MATTMER_ON_D\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\MATTMER_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\MATTMER_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\MATTMER_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 81 F1 48 50 89 CA 01  [binary data]
IE - HKU\MATTMER_ON_D\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
IE - HKU\MATTMER_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} -  File not found
IE - HKU\MATTMER_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\MATTMER_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\MATTMER_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 184.106.168.253:80
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
 
 
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -  File not found
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  File not found
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -  File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  File not found
O3 - HKU\MATTMER_ON_D\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} -  File not found
O3 - HKU\MATTMER_ON_D\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} -  File not found
O3 - HKU\MATTMER_ON_D\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  File not found
O3 - HKU\MATTMER_ON_D\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} -  File not found
O3 - HKU\MATTMER_ON_D\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} -  File not found
O3 - HKU\MATTMER_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  File not found
O3 - HKU\MATTMER_ON_D\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} -  File not found
O3 - HKU\MATTMER_ON_D\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  File not found
O3 - HKU\MATTMER_ON_D\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} -  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher]  File not found
O4 - HKLM..\Run: [avgnt]  File not found
O4 - HKLM..\Run: [DWQueuedReporting]  File not found
O4 - HKLM..\Run: [IMEKRMIG6.1]  File not found
O4 - HKLM..\Run: [IMJPMIG8.1]  File not found
O4 - HKLM..\Run: [Logitech Utility]  File not found
O4 - HKLM..\Run: [Matrox PowerDesk 8]  File not found
O4 - HKLM..\Run: [QuickTime Task]  File not found
O4 - HKLM..\Run: [SoundMan]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKLM..\Run: [svñhîst]  File not found
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE]  File not found
O4 - HKU\Administrator_ON_D..\Run: [CTFMON.EXE]  File not found
O4 - HKU\Gast_ON_D..\Run: [CTFMON.EXE]  File not found
O4 - HKU\MATTMER_ON_D..\Run: [ctfmon.exe]  File not found
O4 - HKU\MATTMER_ON_D..\Run: [Facebook Update]  File not found
O4 - HKU\MATTMER_ON_D..\Run: [Sony PC Companion]  File not found
O4 - HKU\MATTMER_ON_D..\Run: [swg]  File not found
O4 - HKU\systemprofile_ON_D..\Run: [CTFMON.EXE]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Gast_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\MATTMER_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\MATTMER_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\MATTMER_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -  File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 -  File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} file://C:\Programme\AutoCAD LT 2002 Deu\InstFred.ocx (InstaFred)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163595358109 (WUWebControl Class)
O16 - DPF: {64D9B72C-E42A-490E-9181-221E1E035A14} hxxp://www.graphisoft.com/ftp/gdl/webcontrol/GDLCtl.2.0.1.299.cab (GDL Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184153946062 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Programme\AutoCAD LT 2002 Deu\AcDcToday.ocx (AcDcToday-Steuerung)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} hxxp://www.lowrance.com/Software/PCSoftware/Install/LMS-480M/isetup.cab (InstallShield International Setup Player)
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} file://C:\Programme\AutoCAD LT 2002 Deu\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} hxxp://plugin.fileopen.com/current/FileOpen.CAB (FoInstaller Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Programme\AutoCAD LT 2002 Deu\AcPreview.ocx (AcPreview-Steuerung)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} -  File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} -  File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} -  File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} -  File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} -  File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} -  File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} -  File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} -  File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} -  File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} -  File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} -  File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} -  File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} -  File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} -  File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} -  File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} -  File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} -  File not found
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} -  File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -  File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -  File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll -  File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll -  File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll -  File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll -  File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll -  File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll -  File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll -  File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll -  File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll -  File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} -  File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} -  File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  File not found
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -  File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader -  File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) -  File not found
O29 - HKLM SecurityProviders - (schannel.dll) -  File not found
O29 - HKLM SecurityProviders - (digest.dll) -  File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) -  File not found
O30 - LSA: Authentication Packages - (msv1_0) -  File not found
O30 - LSA: Security Packages - (kerberos) -  File not found
O30 - LSA: Security Packages - (msv1_0) -  File not found
O30 - LSA: Security Packages - (schannel) -  File not found
O30 - LSA: Security Packages - (wdigest) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/10 09:01:08 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.ADK -- [ NTFS ]
O32 - AutoRun File - [2005/02/22 16:30:18 | 000,000,068 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/18 00:35:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/17 10:04:14 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
 
========== Files - Modified Within 30 Days ==========
 
 
========== Files Created - No Company Name ==========
 
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
< End of report >

t'john · 18.01.2013, 13:50

Das System ist in einem sehr schlechten Zustand.

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:

Code:

ATTFilter

:OTL

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:9202;https=localhost:9202;socks=Localhost:9203 
IE - HKU\MATTMER_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost 
IE - HKU\MATTMER_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 184.106.168.253:80 

O4 - HKLM..\Run: [SunJavaUpdateSched] File not found 
O4 - HKLM..\Run: [svñhîst] File not found 
O4 - HKU\.DEFAULT..\Run: [ctfmon.EXE] File not found 
O4 - HKU\Administrator_ON_D..\Run: [ctfmon.EXE] File not found 
O4 - HKU\Gast_ON_D..\Run: [ctfmon.EXE] File not found 
O4 - HKU\MATTMER_ON_D..\Run: [ctfmon.exe] File not found 
O4 - HKU\MATTMER_ON_D..\Run: [swg] File not found 
O4 - HKU\systemprofile_ON_D..\Run: [ctfmon.EXE] File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 
O7 - HKU\MATTMER_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 
O7 - HKU\MATTMER_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 
O7 - HKU\MATTMER_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 

:Files

C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP

ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

Schiroleba · 18.01.2013, 17:32

Hi ... Windows startet wieder ... super ... vielen Dank ... hier das logfile

Code:

ATTFilter

========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\MATTMER_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\MATTMER_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svñhîst deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.EXE deleted successfully.
Registry value HKEY_USERS\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.EXE deleted successfully.
Registry value HKEY_USERS\Gast_ON_D\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.EXE deleted successfully.
Registry value HKEY_USERS\MATTMER_ON_D\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
Registry value HKEY_USERS\MATTMER_ON_D\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_USERS\systemprofile_ON_D\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\MATTMER_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\MATTMER_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\MATTMER_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.
 
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 01182013_171450

t'john · 18.01.2013, 18:17

Sehr gut!

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schiroleba · 18.01.2013, 20:56

Hier das Malwarebytes Logfile ... 5 Funde

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.18.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MATTMER :: BUERO [Administrator]

Schutz: Aktiviert

18.01.2013 18:53:26
MBAM-log-2013-01-18 (20-54-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 418984
Laufzeit: 1 Stunde(n), 44 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCR\AppID\ActiveX.DLL (Adware.180Solutions) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Dokumente und Einstellungen\MATTMER\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\42\71c98a2a-18562e8d (Trojan.Ransom) -> Keine Aktion durchgeführt.
C:\Programme\eRightSoft\SUPER\SUPER.exe (Trojan.Downloader) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\WINDOWS\system32\asteriskie.exe.vir (PUP.PSWTool.Asterisk) -> Keine Aktion durchgeführt.
C:\System Volume Information\_restore{33E4861C-56D7-41D5-8323-4038401E38F2}\RP1799\A0218373.exe (Trojan.Ransom) -> Keine Aktion durchgeführt.
C:\WINDOWS\assembly\GAC\Desktop(2).ini (Trojan.0access) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\MATTMER\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt.

(Ende)

das adwcleaner logfile:

Code:

ATTFilter

# AdwCleaner v2.106 - Datei am 18/01/2013 um 20:02:53 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\MATTMER\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\WINDOWS\system32\conduitEngine.tmp
Ordner Gelöscht : C:\Dokumente und Einstellungen\MATTMER\Anwendungsdaten\PriceGong
Ordner Gelöscht : C:\Programme\AskBarDis
Ordner Gelöscht : C:\Programme\Conduit
Ordner Gelöscht : C:\Programme\DVDVideoSoftTB

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskBarDis
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\AskBarDis
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEF11E34-5693-4650-8457-CA934735F11C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Schlüssel Gelöscht : HKCU\Software\PriceGong
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\Software\AskBarDis
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AEF11E34-5693-4650-8457-CA934735F11C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9177F4BC-CB48-4457-8DCB-E6F84E74E92C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB03F118-D285-493C-8B4E-51A944870766}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AEF11E34-5693-4650-8457-CA934735F11C}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [6293 octets] - [18/01/2013 21:02:53]

########## EOF - C:\AdwCleaner[S1].txt - [6353 octets] ##########

t'john · 19.01.2013, 15:08

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

danach:

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schiroleba · 19.01.2013, 21:42

Hier das mbar log

Code:

ATTFilter

alwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.19.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
*** :: *** [administrator]

19.01.2013 21:37:11
mbar-log-2013-01-19 (21-37-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27541
Time elapsed: 20 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hier das aswMBR Logfile:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-19 21:53:00
-----------------------------
21:53:00.796    OS Version: Windows 5.1.2600 Service Pack 3
21:53:00.796    Number of processors: 1 586 0x1F00
21:53:00.796    ComputerName: ***  UserName: 
21:53:02.468    Initialize success
21:56:41.328    AVAST engine defs: 13011900
21:57:38.671    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
21:57:38.687    Disk 0 Vendor: Maxtor_6B200M0 BANC1B10 Size: 194481MB BusType: 3
21:57:38.687    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-1f
21:57:38.687    Disk 1 Vendor: ExcelStor_Technology_J680 V32OA60A Size: 78533MB BusType: 3
21:57:38.703    Disk 0 MBR read successfully
21:57:38.734    Disk 0 MBR scan
21:57:38.781    Disk 0 Windows XP default MBR code
21:57:38.781    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       194466 MB offset 63
21:57:38.781    Disk 0 scanning sectors +398267415
21:57:38.875    Disk 0 scanning C:\WINDOWS\system32\drivers
21:58:00.250    Service scanning
21:58:06.125    Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 87
21:58:22.312    Modules scanning
21:58:58.734    Disk 0 trace - called modules:
21:58:58.765    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
21:58:58.765    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86efcab8]
21:58:58.765    3 CLASSPNP.SYS[f76cffd7] -> nt!IofCallDriver -> \Device\0000006a[0x86f02f18]
21:58:58.765    5 ACPI.sys[f7545620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x86ef8d98]
21:58:59.265    AVAST engine scan C:\WINDOWS
21:59:23.937    AVAST engine scan C:\WINDOWS\system32
22:03:20.984    AVAST engine scan C:\WINDOWS\system32\drivers
22:03:45.781    AVAST engine scan C:\Dokumente und Einstellungen\***
22:10:20.062    File: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\1\201b41-6ddbde6e  **INFECTED** Win32:Rootkit-gen [Rtk]
22:11:18.906    File: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\jar_cache2466850773043742296.tmp  **INFECTED** Win32:Rootkit-gen [Rtk]
22:14:27.265    AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:15:04.500    Scan finished successfully
22:24:14.906    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
22:24:14.921    The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"

t'john · 19.01.2013, 23:19

Combofix hattest du ausgefuehrt? Warum?

Schlechte Nachrichten!

Du hast mehr als eine schwere Infektion auf Deinem Rechner. http://www.trojaner-board.de/56634-rootkits.html
Er ist kompromittiert und ist nicht mehr vertrauenswuerdig. Du solletest von einem sauberen System aus alle deine Passwoerter aendern.
Ich empfehle dir dringendst den PC vom Netz zu trennen und neu aufzusetzen.

Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.

Hilfe!!! GVU - neverending story - wie werde ich den los???

Plagegeister aller Art und deren Bekämpfung: Hilfe!!! GVU - neverending story - wie werde ich den los???