System blockiert durch GVU-Trojaner, Windows 7, schon viel selbst versucht

fjh · 23.01.2013, 00:29

Hallo Gemeinde,

ich habe mir auch so ein blödes Ding eingefangen.

Habe heute einige Stunden erfolglos versucht das Ding los zu werden und bin dabei auf das Trojaner-Board gestoßen. Die üblichen Geschichten, z.B. abgesicherter Start etc. funktionieren leider nicht. Starte ich abgesichert, fährt die Kiste einfach wieder runter.

Eine händische Entfernung via Boot von BartPE scheitert, weil ich nicht weiss, welche Files ich killen muss.

OTL-Boot-CD habe ich schon gebrannt und laufen gelassen. Logfile habe ich mir mal angesehen, sagt mir aber nichts. Kann mir jemand helfen? Wie komme ich nun weiter?

Falls es hilft: Bei hxxp://www.bka-trojaner.de/ sieht mein Trojaner so aus wie die dort 2.04 genannte Version.

Da ich mit dem PC arbeiten muss, wäre ich für Hilfe sehr dankbar.

Grüße

fjh

t'john · 23.01.2013, 11:45

Zitat:

Logfile habe ich mir mal angesehen, sagt mir aber nichts. Kann mir jemand helfen? Wie komme ich nun weiter?

wo ist das Logfile?

fjh · 23.01.2013, 13:03

Hallo zusammen,

Zitat:

Zitat von t'john

wo ist das Logfile?

hier ist die OTL.txt:

Code:

ATTFilter

OTL logfile created on: 1/23/2013 12:10:58 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 1.18 Gb Total Space | 0.51 Gb Free Space | 43.51% Space Free | Partition Type: NTFS
Drive D: | 1.80 Gb Total Space | 0.12 Gb Free Space | 6.54% Space Free | Partition Type: FAT
Drive E: | 465.75 Gb Total Space | 74.40 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
Drive F: | 10.01 Gb Total Space | 3.06 Gb Free Space | 30.56% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/01/09 17:02:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/07 12:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand] -- E:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/20 06:20:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/18 08:20:52 | 000,428,200 | ---- | M] (Avira GmbH) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/18 08:20:50 | 000,340,136 | ---- | M] (Avira GmbH) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/06/15 10:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/06 05:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/21 01:20:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/02 16:01:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/08 00:18:42 | 000,726,288 | ---- | M] () [Auto] -- E:\Program Files\Kommunikation\Netzwerk-Tools\VPN-Client\iked.exe -- (iked)
SRV - [2010/10/08 00:18:42 | 000,541,968 | ---- | M] () [Auto] -- E:\Program Files\Kommunikation\Netzwerk-Tools\VPN-Client\ipsecd.exe -- (ipsecd)
SRV - [2010/10/08 00:18:42 | 000,054,544 | ---- | M] () [Auto] -- E:\Program Files\Kommunikation\Netzwerk-Tools\VPN-Client\dtpd.exe -- (dtpd)
SRV - [2010/09/30 08:16:06 | 002,155,848 | ---- | M] () [Auto] -- E:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010/03/13 19:31:49 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2010/03/13 17:13:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto] -- E:\Program Files\tools\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/10/21 22:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto] -- E:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/21 22:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto] -- E:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/21 22:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto] -- E:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/21 21:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto] -- E:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 08:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand] -- E:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/09/30 09:47:28 | 000,242,976 | ---- | M] (Lenovo) [Auto] -- E:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009/09/30 09:47:26 | 000,124,192 | ---- | M] (Lenovo) [Auto] -- E:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/09/24 16:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto] -- E:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/09/21 09:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/09/21 09:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/08/31 17:32:20 | 000,098,304 | ---- | M] () [Auto] -- E:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009/08/31 17:32:16 | 000,106,496 | ---- | M] () [On_Demand] -- E:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/08/31 17:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) [Auto] -- E:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009/08/26 09:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) [Auto] -- E:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/23 23:00:02 | 000,172,032 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/23 13:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand] -- E:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/08/06 15:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/08/06 10:37:08 | 000,424,448 | R--- | M] () [Auto] -- E:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2009/08/04 15:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand] -- E:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/07/14 20:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto] -- E:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/03 04:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto] -- E:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/07/01 12:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto] -- E:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/04/28 21:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto] -- E:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/01/16 03:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 13:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- E:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/08/11 04:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto] -- E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/09/30 08:39:15 | 000,170,496 | ---- | M] (Acronis) [Kernel | Boot] -- E:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/08/02 11:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/06/18 08:21:23 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/18 08:21:23 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/08 16:34:07 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- E:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/09/02 02:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System] -- E:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2010/09/02 02:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand] -- E:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV - [2010/08/19 20:43:40 | 000,583,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2010/08/19 20:43:08 | 000,840,704 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2010/06/17 08:10:31 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/02 12:01:38 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/10/21 22:45:02 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/21 22:45:00 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/21 22:45:00 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/21 22:44:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/21 21:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/21 18:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/10/21 18:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/21 18:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 08:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- E:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/21 21:47:10 | 005,946,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/09/15 06:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009/09/14 23:30:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/09/14 22:36:00 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/09/07 04:00:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/08/31 19:44:16 | 000,485,376 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/08/23 23:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/08/23 23:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/08/23 22:09:56 | 000,106,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/08/23 13:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System] -- E:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/08/18 01:08:14 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- E:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{C4B36920-79E24793-06000000}_0)
DRV - [2009/07/29 14:00:42 | 000,213,032 | ---- | M] (Ericsson AB) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ)
DRV - [2009/07/22 00:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 17:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/10 09:53:22 | 000,082,984 | ---- | M] (Ericsson AB) [Kernel | On_Demand] -- E:\Windows\System32\drivers\e36wgps.sys -- (e36wgps)
DRV - [2009/07/08 01:12:52 | 000,072,320 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\5U875.sys -- (5U875UVC)
DRV - [2009/07/02 04:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009/07/01 04:05:10 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2009/06/30 09:38:52 | 000,374,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\e36gmdm.sys -- (e36gmdm) F3607gw Mobile Broadband Data Modem Driver (Win7)
DRV - [2009/06/30 09:38:52 | 000,357,376 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\e36gmgmt.sys -- (e36gmgmt) F3607gw Mobile Broadband Device Management Drivers (Win7)
DRV - [2009/06/30 09:38:52 | 000,285,056 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\e36gbus.sys -- (e36gbus) F3607gw Mobile Broadband Device driver (Win7)
DRV - [2009/06/30 09:38:52 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\e36gmdfl.sys -- (e36gmdfl) F3607gw Mobile Broadband Data Modem Filter (Win7)
DRV - [2009/06/29 07:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot] -- E:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009/06/29 07:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot] -- E:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/06/26 07:04:42 | 000,008,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewmassfilter.sys -- (hwmassfilter)
DRV - [2009/06/22 22:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/04/28 21:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/03/19 23:34:48 | 000,062,592 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand] -- E:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2009/03/19 23:34:48 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2008/05/12 04:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System] -- E:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2007/08/24 12:44:54 | 000,101,504 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/04/17 14:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto] -- E:\Windows\System32\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\franky_ON_E\Software\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\franky\Downloads
IE - HKU\franky_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKU\franky_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\franky_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\franky_ON_E\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
IE - HKU\franky_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\franky_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\LocalService_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: E:\Program Files\Multimedia\Video\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: E:\Program Files\Multimedia\Video\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: E:\Program Files\Multimedia\Video\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: E:\Program Files\Multimedia\Video\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@ascendo-inc/DataVault;version=1: E:\Program Files\Ascendo\DataVault\npapi.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\datavault@ascendo.inc: C:\Program Files\Ascendo\DataVault\firefox [2011/01/28 17:45:14 | 000,000,000 | ---D | M]
 
[2011/12/27 06:16:40 | 000,000,000 | ---D | M] (No name found) -- E:\Users\franky\AppData\Roaming\Mozilla\Extensions
[2011/12/27 06:16:40 | 000,000,000 | ---D | M] (No name found) -- E:\Users\franky\AppData\Roaming\Mozilla\Extensions\{98e95f99-2130-4870-b82a-79d274042e75}
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - E:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DataVault Bar) - {0D792CB2-2654-4E99-A597-7FC317F04D61} - E:\Program Files\Ascendo\DataVault\ie.dll (Ascendo Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\franky_ON_E\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\franky_ON_E\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKU\franky_ON_E\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AcWin7Hlpr] E:\Program Files\Lenovo\Access Connections\AcTBenabler.exe ()
O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FingerPrintSoftware] E:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [IAAnotif] E:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] E:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] E:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LenVolFx] E:\Windows\LenVolEx.exe (Lenovo)
O4 - HKLM..\Run: [PWMTRV] E:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] E:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\franky_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Save to DataVault - E:\Program Files\Ascendo\DataVault\iemenuext.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - E:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - E:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - E:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - E:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {304171C0-65EA-4B51-B5D9-93A311E26EB1} hxxp://hotzserve.rninet.de/cgi-bin/MxPEG_ActiveX.cab?dummy=5221894 (MxPEG_ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://cam6.jedermann.de/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://192.168.240.28/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.3
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\franky_ON_E Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\franky_ON_E Winlogon: Shell - (C:\Users\franky\AppData\Roaming\skype.dat) - E:\Users\franky\AppData\Roaming\skype.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 11:32:46 | 000,000,049 | -HS- | M] () - F:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9a18d355-b159-11df-95ee-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{9a18d355-b159-11df-95ee-028037ec0200}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9a18d376-b159-11df-95ee-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{9a18d376-b159-11df-95ee-028037ec0200}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a18d377-b159-11df-95ee-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{9a18d377-b159-11df-95ee-028037ec0200}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a18d38d-b159-11df-95ee-9cc710e46214}\Shell - "" = AutoRun
O33 - MountPoints2\{9a18d38d-b159-11df-95ee-9cc710e46214}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a50532a8-b08b-11df-b9fc-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{a50532a8-b08b-11df-b9fc-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a50532b6-b08b-11df-b9fc-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{a50532b6-b08b-11df-b9fc-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c3517463-df5f-11de-8616-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c3517463-df5f-11de-8616-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe
O33 - MountPoints2\{d8d0737f-ecc5-11df-894d-ff1f56f3bf50}\Shell - "" = AutoRun
O33 - MountPoints2\{d8d0737f-ecc5-11df-894d-ff1f56f3bf50}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{ec5b5640-b157-11df-99dc-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{ec5b5640-b157-11df-99dc-028037ec0200}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\R\Shell - "" = AutoRun
O33 - MountPoints2\R\Shell\AutoRun\command - "" = R:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/22 17:53:53 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/01/22 17:03:57 | 000,000,000 | ---D | C] -- E:\Users\franky\Desktop\ausgfe
[2013/01/22 17:02:09 | 000,000,000 | ---D | C] -- E:\Users\franky\AppData\Local\Temp
[2013/01/11 05:23:59 | 000,291,840 | ---- | C] (Hewlett-Packard Corporation) -- E:\Windows\System32\hpcpn117.dll
[2013/01/11 05:21:23 | 000,238,080 | ---- | C] (Hewlett-Packard) -- E:\Windows\System32\hpbcoins32.dll
[2013/01/11 05:21:17 | 000,000,000 | ---D | C] -- E:\HP_LaserJet_400_MFP_M425
[2013/01/10 02:16:50 | 002,576,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\gameux.dll
[2013/01/10 02:16:50 | 000,308,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Wpc.dll
[2013/01/10 02:16:50 | 000,046,592 | ---- | C] (Microsoft) -- E:\Windows\System32\fpb.rs
[2013/01/10 02:16:50 | 000,045,568 | ---- | C] (Microsoft) -- E:\Windows\System32\oflc-nz.rs
[2013/01/10 02:16:50 | 000,044,544 | ---- | C] (Microsoft) -- E:\Windows\System32\pegibbfc.rs
[2013/01/10 02:16:50 | 000,043,520 | ---- | C] (Microsoft) -- E:\Windows\System32\csrr.rs
[2013/01/10 02:16:50 | 000,040,960 | ---- | C] (Microsoft) -- E:\Windows\System32\cob-au.rs
[2013/01/10 02:16:50 | 000,030,720 | ---- | C] (Microsoft) -- E:\Windows\System32\usk.rs
[2013/01/10 02:16:50 | 000,021,504 | ---- | C] (Microsoft) -- E:\Windows\System32\grb.rs
[2013/01/10 02:16:50 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi-pt.rs
[2013/01/10 02:16:50 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi.rs
[2013/01/10 02:16:50 | 000,015,360 | ---- | C] (Microsoft) -- E:\Windows\System32\djctq.rs
[2013/01/10 02:16:49 | 000,055,296 | ---- | C] (Microsoft) -- E:\Windows\System32\cero.rs
[2013/01/10 02:16:49 | 000,051,712 | ---- | C] (Microsoft) -- E:\Windows\System32\esrb.rs
[2013/01/10 02:16:49 | 000,023,552 | ---- | C] (Microsoft) -- E:\Windows\System32\oflc.rs
[2013/01/10 02:16:49 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi-fi.rs
[2013/01/09 10:54:26 | 000,271,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
[2013/01/09 10:54:26 | 000,169,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsrv.dll
[2013/01/09 10:54:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 10:54:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 10:54:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 10:54:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 10:54:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 10:54:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 10:54:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 10:54:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 10:54:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 10:54:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 10:54:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 10:54:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 10:53:39 | 002,344,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2013/01/09 10:53:35 | 000,492,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32spl.dll
[2013/01/09 10:51:28 | 000,219,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ncrypt.dll
[2013/01/08 09:49:43 | 000,000,000 | ---D | C] -- E:\Program Files\Jedermann-Verlag
[2013/01/08 09:49:38 | 000,266,293 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\temp.002
[2013/01/08 09:49:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\temp.003
[2013/01/08 09:49:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msxml3a.dll
[2013/01/08 09:49:37 | 001,101,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\temp.001
[2013/01/08 09:49:37 | 000,995,383 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\temp.000
[2013/01/08 09:49:37 | 000,163,840 | ---- | C] (The Imaging Source Europe GmbH) -- E:\Windows\System32\TXClasses100.dll
[2013/01/07 10:59:12 | 000,000,000 | ---D | C] -- E:\Praktikumshilfe
[4 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/22 17:04:44 | 000,000,028 | ---- | M] () -- E:\Users\franky\Desktop\test.bat
[2013/01/22 17:04:00 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/01/22 17:03:52 | 000,016,976 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 17:03:52 | 000,016,976 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 17:03:41 | 000,000,004 | ---- | M] () -- E:\Users\franky\AppData\Roaming\skype.ini
[2013/01/22 17:02:11 | 000,001,094 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/22 17:01:06 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/22 17:00:41 | 2411,212,800 | -HS- | M] () -- E:\hiberfil.sys
[2013/01/22 11:56:00 | 000,001,098 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/22 11:00:00 | 000,000,340 | ---- | M] () -- E:\Windows\tasks\SystemToolsDailyTest.job
[2013/01/22 04:43:39 | 000,717,564 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/01/22 04:43:39 | 000,668,538 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/01/22 04:43:39 | 000,155,986 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/01/22 04:43:39 | 000,126,198 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/01/22 02:41:59 | 000,000,410 | ---- | M] () -- E:\Windows\BRWMARK.INI
[2013/01/18 14:42:37 | 000,048,752 | R--- | M] () -- E:\Users\franky\Documents\DataVault.dat
[2013/01/16 15:38:16 | 000,000,053 | ---- | M] () -- E:\Windows\brmx2001.ini
[2013/01/15 12:12:25 | 000,002,269 | ---- | M] () -- E:\Users\franky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/15 05:02:31 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/09 17:02:12 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe
[2013/01/09 17:02:12 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/09 11:50:01 | 002,419,272 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2013/01/08 10:27:20 | 000,001,617 | ---- | M] () -- E:\Users\Public\Desktop\StartCenter BG RCI.lnk
[2013/01/08 10:27:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kompendium Arbeitsschutz
[2012/12/27 07:15:38 | 000,067,584 | ---- | M] () -- E:\Users\franky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/22 17:02:53 | 000,000,028 | ---- | C] () -- E:\Users\franky\Desktop\test.bat
[2013/01/22 10:50:35 | 000,000,004 | ---- | C] () -- E:\Users\franky\AppData\Roaming\skype.ini
[2013/01/08 10:27:20 | 000,001,617 | ---- | C] () -- E:\Users\Public\Desktop\StartCenter BG RCI.lnk
[2012/01/15 15:33:20 | 000,065,536 | ---- | C] () -- E:\Windows\IFinst27.exe
[2012/01/10 23:37:02 | 000,045,568 | ---- | C] () -- E:\Users\franky\AppData\Roaming\skype.dat
[2011/09/29 14:16:41 | 000,126,112 | ---- | C] () -- E:\Windows\System32\drivers\vididr.sys
[2011/06/14 17:16:10 | 000,023,112 | ---- | C] () -- E:\Users\franky\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011/06/14 16:53:48 | 000,021,861 | ---- | C] () -- E:\Users\franky\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2011/06/05 03:56:14 | 000,000,053 | ---- | C] () -- E:\Windows\brmx2001.ini
[2011/06/05 03:56:14 | 000,000,040 | ---- | C] () -- E:\Windows\opt_9070.ini
[2011/06/05 03:55:18 | 000,000,410 | ---- | C] () -- E:\Windows\BRWMARK.INI
[2011/06/05 03:55:18 | 000,000,078 | ---- | C] () -- E:\Windows\BRPP2KA.INI
[2011/06/05 03:55:18 | 000,000,030 | ---- | C] () -- E:\Windows\System32\brss01a.ini
[2011/05/20 01:11:40 | 000,528,384 | ---- | C] () -- E:\Windows\System32\Tx32.dll
[2011/05/20 01:11:40 | 000,000,478 | ---- | C] () -- E:\Windows\System32\ic32.ini
[2011/04/19 03:59:42 | 000,000,902 | ---- | C] () -- E:\Windows\APDFPRP.INI
[2011/01/10 09:02:06 | 000,000,600 | ---- | C] () -- E:\Users\franky\AppData\Local\PUTTY.RND
[2010/12/30 00:14:08 | 000,000,040 | -HS- | C] () -- E:\ProgramData\.zreglib
[2010/09/13 08:49:53 | 000,000,000 | ---- | C] () -- E:\Windows\HPMProp.INI
[2010/09/09 09:24:38 | 000,067,584 | ---- | C] () -- E:\Users\franky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/08 22:18:34 | 000,010,670 | ---- | C] () -- E:\Windows\wincmd.ini
[2010/09/02 19:46:54 | 000,000,051 | ---- | C] () -- E:\Windows\TSetup.INI
[2010/08/04 03:21:05 | 000,000,017 | ---- | C] () -- E:\Users\franky\AppData\Local\resmon.resmoncfg
[2010/06/08 23:40:10 | 000,204,800 | ---- | C] () -- E:\Windows\System32\IVIresizeW7.dll
[2010/06/08 23:40:10 | 000,200,704 | ---- | C] () -- E:\Windows\System32\IVIresizeA6.dll
[2010/06/08 23:40:10 | 000,192,512 | ---- | C] () -- E:\Windows\System32\IVIresizeP6.dll
[2010/06/08 23:40:10 | 000,192,512 | ---- | C] () -- E:\Windows\System32\IVIresizeM6.dll
[2010/06/08 23:40:10 | 000,188,416 | ---- | C] () -- E:\Windows\System32\IVIresizePX.dll
[2010/06/08 23:40:10 | 000,020,480 | ---- | C] () -- E:\Windows\System32\IVIresize.dll
[2009/12/22 17:04:13 | 000,659,200 | ---- | C] () -- E:\Users\franky\AppData\Local\wanancsp.dat
[2009/12/02 20:26:15 | 000,717,564 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2009/12/02 20:26:15 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2009/12/02 20:26:15 | 000,155,986 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2009/12/02 20:26:15 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2009/12/02 11:42:15 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2009/12/02 11:41:47 | 000,982,220 | ---- | C] () -- E:\Windows\System32\igkrng500.bin
[2009/12/02 11:41:47 | 000,439,300 | ---- | C] () -- E:\Windows\System32\igcompkrng500.bin
[2009/12/02 11:41:47 | 000,134,592 | ---- | C] () -- E:\Windows\System32\igfcg500.bin
[2009/12/02 11:41:47 | 000,092,216 | ---- | C] () -- E:\Windows\System32\igfcg500m.bin
[2009/12/02 11:41:46 | 000,294,912 | ---- | C] () -- E:\Windows\System32\ATIODE.exe
[2009/12/02 11:41:46 | 000,197,655 | ---- | C] () -- E:\Windows\System32\atiicdxx.dat
[2009/12/02 11:41:46 | 000,045,056 | ---- | C] () -- E:\Windows\System32\ATIODCLI.exe
[2009/12/02 11:41:46 | 000,000,542 | ---- | C] () -- E:\Windows\System32\atipblag.dat
[2009/08/31 17:32:20 | 000,098,304 | ---- | C] () -- E:\Windows\System32\DTS.exe
[2009/08/31 17:32:16 | 000,106,496 | ---- | C] () -- E:\Windows\System32\ADMonitor.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 002,419,272 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,668,538 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,126,198 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- E:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2009/06/04 09:51:10 | 000,000,542 | ---- | C] () -- E:\Windows\System32\atipblup.dat
[2002/11/08 20:55:41 | 000,090,112 | ---- | C] () -- E:\Windows\AKDeInstall.exe
 
========== LOP Check ==========
 
[2010/07/30 08:34:22 | 000,000,000 | ---D | M] -- E:\ProgramData\Acronis
[2012/11/25 14:11:54 | 000,000,000 | ---D | M] -- E:\ProgramData\AirParrot
[2009/12/21 20:18:00 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2009/12/02 12:00:15 | 000,000,000 | ---D | M] -- E:\ProgramData\AT&T
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/12/21 20:18:00 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2009/12/21 20:18:00 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/08/12 06:10:18 | 000,000,000 | ---D | M] -- E:\ProgramData\InterVideo
[2010/01/07 18:25:11 | 000,000,000 | ---D | M] -- E:\ProgramData\Lenovo
[2010/03/13 19:42:09 | 000,000,000 | ---D | M] -- E:\ProgramData\Minnetonka Audio Software
[2009/12/22 16:44:08 | 000,000,000 | ---D | M] -- E:\ProgramData\PCDr
[2010/12/30 00:15:41 | 000,000,000 | ---D | M] -- E:\ProgramData\SlySoft
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2009/12/21 20:18:00 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2011/01/28 17:45:04 | 000,000,000 | ---D | M] -- E:\ProgramData\TEMP
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/12/17 08:58:48 | 000,000,000 | ---D | M] -- E:\ProgramData\TuneUpMedia
[2010/06/08 23:38:41 | 000,000,000 | ---D | M] -- E:\ProgramData\Ulead Systems
[2009/12/02 11:55:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Uninstall
[2009/12/21 20:18:00 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2012/03/09 09:21:56 | 000,000,000 | ---D | M] -- E:\ProgramData\WebEx
[2010/05/15 06:26:46 | 000,000,000 | ---D | M] -- E:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/12/16 20:59:59 | 000,000,452 | ---- | M] () -- E:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/12/15 06:51:54 | 000,032,640 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
[2013/01/22 11:00:00 | 000,000,340 | ---- | M] () -- E:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1119 bytes -> E:\ProgramData\TEMP:20454B07
< End of report >

Viele Grüße

fjh

t'john · 24.01.2013, 13:31

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:

Code:

ATTFilter

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKU\franky_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 
O20 - HKU\franky_ON_E Winlogon: Shell - (C:\Users\franky\AppData\Roaming\skype.dat) - E:\Users\franky\AppData\Roaming\skype.dat () 


@Alternate Data Stream - 1119 bytes -> E:\ProgramData\Temp:20454B07 
[2013/01/22 17:02:53 | 000,000,028 | ---- | C] () -- E:\Users\franky\Desktop\test.bat 
[2013/01/22 17:03:41 | 000,000,004 | ---- | M] () -- E:\Users\franky\AppData\Roaming\skype.ini 
[2012/01/10 23:37:02 | 000,045,568 | ---- | C] () -- E:\Users\franky\AppData\Roaming\skype.dat 

:Files

C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\franky\*.tmp
C:\Users\franky\AppData\Local\Temp\*.exe
C:\Users\franky\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

fjh · 26.01.2013, 13:40

Hallo t'john,

vielen Dank für Deine prompte Hilfe.

Nachdem ich am nächsten Tag dringend mit der Kiste arbeiten musste, hatte ich einen Kollegen gebeten, die Kiste zu entwanzen. Er arbeitete mit Kapersky Rescue, Disk 10 und hat das irgendwie hingefummelt. Da die Platte recht groß ist, dauerte das aber 14 Stunden, bis alles gescannt war.

Erfreulicherweise fand er die gleichen Files wie Du. Keine Ahnung wie ich mir das Ding trotz aktuellem Avira geangelt habe. Habe jetzt mal JAVA deinstalliert.

Keine Ahnung auch wie Du aus dem recht kyptischen Log genau die richtigen Files rausfinden konntest.

Also nochmal vielen Dank für den tollen Service. Das Trojaner-Board und seine Helfer ist eine tolle Sache.

Grüße

fjh

t'john · 26.01.2013, 19:30

Dein Rechner ist weder sauber noch abgesichert.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

t'john · 26.03.2013, 04:34

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

System blockiert durch GVU-Trojaner, Windows 7, schon viel selbst versucht

Plagegeister aller Art und deren Bekämpfung: System blockiert durch GVU-Trojaner, Windows 7, schon viel selbst versucht