Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   BKA-Trojaner OTL.txt (https://www.trojaner-board.de/134398-bka-trojaner-otl-txt.html)

schwarz. 02.05.2013 20:07
BKA-Trojaner OTL.txt
 
Guten Abend,

mich hat der BKA-Trojaner erwischt und bevor ich meinen Windows neu aufziehe würde ich gerne meine Daten sichern.

Kann der Trojaner auch auf eine externe Festplatte überspringen?

OTL Logfile:
Code:
OTL logfile created on: 5/2/2013 10:46:02 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 96.00 Mb Total Space | 81.66 Mb Free Space | 85.06% Space Free | Partition Type: FAT32
Drive D: | 55.90 Gb Total Space | 3.86 Gb Free Space | 6.91% Space Free | Partition Type: NTFS
Drive E: | 14.44 Gb Total Space | 6.36 Gb Free Space | 44.07% Space Free | Partition Type: FAT32
Drive F: | 465.66 Gb Total Space | 211.61 Gb Free Space | 45.44% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/09/27 21:38:16 | 000,239,616 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/22 10:09:37 | 002,787,280 | ---- | M] () [Auto] -- D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/03/15 12:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/13 00:29:07 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 07:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/23 19:20:21 | 000,075,136 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 08:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/10/23 18:01:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/09/28 05:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/27 22:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 21:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/26 09:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/21 20:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/04/12 03:09:08 | 000,131,144 | ---- | M] (ABILIS Systems) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AbilisBdaTuner.sys -- (AbilisT) EyeTV DTT Deluxe (2009)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Ferdinand_ON_D\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=FC97BC5FF4389A24
IE - HKU\Ferdinand_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=FC97BC5FF4389A24
IE - HKU\Ferdinand_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKU\Ferdinand_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Ferdinand_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 34 B7 65 20 40 CE 01  [binary data]
IE - HKU\Ferdinand_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Ferdinand_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Hola Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "google.de"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4:  File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/28 15:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: D:\Programme\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: D:\Programme\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/28 15:28:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: D:\Programme\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: D:\Programme\plugins
 
[2012/10/23 14:19:25 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Ferdinand\AppData\Roaming\Mozilla\Extensions
[2013/04/23 13:27:39 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Ferdinand\AppData\Roaming\Mozilla\Firefox\Profiles\agginfl1.default\extensions
[2013/04/23 13:27:09 | 000,000,000 | ---D | M] (HolaSearch) -- D:\Users\Ferdinand\AppData\Roaming\Mozilla\Firefox\Profiles\agginfl1.default\extensions\ffxtlbr@holasearch.com
[2013/04/23 13:27:09 | 000,001,304 | ---- | M] () -- D:\Users\Ferdinand\AppData\Roaming\Mozilla\Firefox\Profiles\agginfl1.default\searchplugins\holasearch.xml
File not found (No name found) --
() (No name found) -- D:\USERS\FERDINAND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGGINFL1.DEFAULT\EXTENSIONS\{22F6D978-67CE-4738-9201-D22DF1C32896}.XPI
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (holasearch Helper Object) - {DFF9B2DA-EF99-4B26-83CB-7058299999D8} - D:\Program Files (x86)\holasearch\holasearch\1.8.16.16\bh\holasearch.dll (holasearch.com)
O3 - HKLM\..\Toolbar: (Holasearch Toolbar) - {C510DFFB-0AFE-484C-BA40-CED5B74C4EEF} - D:\Program Files (x86)\holasearch\holasearch\1.8.16.16\holasearchTlbr.dll (holasearch.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] D:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper]  File not found
O4 - HKLM..\Run: [PC Auto Shutdown]  File not found
O4 - HKLM..\Run: [StartCCC]  File not found
O4 - HKLM..\Run: [SwitchBoard] D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\Ferdinand_ON_D..\Run: [AdobeBridge]  File not found
O4 - HKU\Ferdinand_ON_D..\Run: [DAEMON Tools Lite]  File not found
O4 - HKU\Ferdinand_ON_D..\Run: [Pando Media Booster] D:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Ferdinand_ON_D..\Run: [Spotify] D:\Users\Ferdinand\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\Ferdinand_ON_D..\Run: [Spotify Web Helper] D:\Users\Ferdinand\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\Ferdinand_ON_D..\Run: [Steam]  File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - Ferdinand_ON_D\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Ferdinand_ON_D\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Ferdinand_ON_D\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Ferdinand_ON_D\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - LocalService_ON_D\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_D\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_D\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_D\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_D\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_D\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_D\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_D\..Trusted Domains: sony.com ([]* in )
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.214 80.69.100.206
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Ferdinand_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Ferdinand_ON_D Winlogon: Shell - (C:\Users\Ferdinand\AppData\Roaming\skype.dat) - D:\Users\Ferdinand\AppData\Roaming\skype.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{fc3a3ba5-1d3f-11e2-9fe8-bc5ff4389a24}\Shell - "" = AutoRun
O33 - MountPoints2\{fc3a3ba5-1d3f-11e2-9fe8-bc5ff4389a24}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/29 18:11:10 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\searchplugins
[2013/04/29 18:11:10 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\Extensions
[2013/04/29 17:59:05 | 000,000,000 | ---D | C] -- D:\Users\Ferdinand\AppData\Local\{0E6982B9-3F04-EFCD-868E-C798643DFF9A}
[2013/04/27 18:12:02 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\directx
[2013/04/27 16:31:03 | 000,000,000 | ---D | C] -- D:\Users\Ferdinand\AppData\Local\WarThunder
[2013/04/27 16:31:03 | 000,000,000 | ---D | C] -- D:\ProgramData\WarThunder
[2013/04/27 16:30:33 | 000,000,000 | ---D | C] -- D:\Users\Ferdinand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder
[2013/04/27 16:30:32 | 000,000,000 | ---D | C] -- D:\Users\Ferdinand\Documents\My Games
[2013/04/23 13:28:28 | 000,000,000 | ---D | C] -- D:\ProgramData\PDF reDirect
[2013/04/23 13:28:15 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF reDirect v2
[2013/04/23 13:27:18 | 000,000,000 | ---D | C] -- D:\Users\Ferdinand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/04/23 13:27:17 | 000,000,000 | ---D | C] -- D:\ProgramData\BrowserProtect
[2013/04/23 13:27:13 | 000,000,000 | ---D | C] -- D:\Users\Ferdinand\AppData\Roaming\BabSolution
[2013/04/23 13:27:09 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\holasearch
[2013/04/23 13:27:01 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- D:\Windows\System32\roboot64.exe
[2013/04/23 13:27:01 | 000,000,000 | ---D | C] -- D:\Users\Ferdinand\AppData\Roaming\PerformerSoft
[2013/04/23 13:27:01 | 000,000,000 | ---D | C] -- D:\ProgramData\IBUpdaterService
[2013/04/23 13:27:01 | 000,000,000 | ---D | C] -- D:\Users\Ferdinand\AppData\Roaming\File Scout
[2013/04/23 13:27:00 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
[2013/04/23 13:27:00 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\PC Performer
[2013/04/23 13:26:55 | 000,000,000 | ---D | C] -- D:\Users\Ferdinand\AppData\Roaming\Babylon
[2013/04/23 13:26:55 | 000,000,000 | ---D | C] -- D:\ProgramData\Babylon
[2013/04/23 13:26:44 | 000,000,000 | ---D | C] -- D:\Users\Ferdinand\AppData\Roaming\PDF reDirect
[2013/04/23 13:26:43 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\PDF reDirect
[2013/04/23 13:26:31 | 007,451,448 | ---- | C] (EXP Systems LLC) -- D:\Users\Ferdinand\Desktop\Install_PDFR_v252.exe
[2013/04/23 13:24:40 | 000,000,000 | ---D | C] -- D:\output
[2013/04/23 13:22:33 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\JPG2PDF
[2013/04/23 13:13:12 | 000,000,000 | ---D | C] -- D:\Users\Ferdinand\Desktop\Neuer Ordner (3)
[2013/04/23 09:41:52 | 000,000,000 | ---D | C] -- D:\Users\Ferdinand\Desktop\LVR
[2013/04/14 09:34:27 | 000,000,000 | ---D | C] -- D:\Users\Ferdinand\AppData\Local\ElevatedDiagnostics
[2013/04/10 21:00:30 | 000,526,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/04/10 21:00:30 | 000,391,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/04/10 21:00:29 | 000,603,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/04/10 21:00:29 | 000,493,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/04/10 21:00:29 | 000,136,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2013/04/10 21:00:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2013/04/10 21:00:29 | 000,089,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2013/04/10 21:00:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/10 21:00:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2013/04/10 21:00:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2013/04/10 21:00:29 | 000,051,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2013/04/10 21:00:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2013/04/10 21:00:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2013/04/10 21:00:27 | 003,958,784 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/04/10 21:00:27 | 002,877,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/04/10 21:00:27 | 000,855,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/04/10 21:00:27 | 000,690,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/04/10 15:44:06 | 003,717,632 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mstscax.dll
[2013/04/10 15:44:06 | 003,217,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mstscax.dll
[2013/04/10 15:44:06 | 000,158,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\aaclient.dll
[2013/04/10 15:44:06 | 000,131,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\aaclient.dll
[2013/04/10 15:44:06 | 000,044,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tsgqec.dll
[2013/04/10 15:44:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tsgqec.dll
[2013/04/10 15:44:04 | 005,550,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
[2013/04/10 15:44:04 | 003,968,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 15:44:04 | 003,913,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 15:44:04 | 000,112,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\smss.exe
[2013/04/10 15:44:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\csrsrv.dll
[2013/04/10 15:44:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\apisetschema.dll
[2013/04/03 05:03:11 | 000,000,000 | ---D | C] -- D:\Windows\rescache
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/30 13:08:07 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/04/30 13:08:04 | 000,000,004 | ---- | M] () -- D:\Users\Ferdinand\AppData\Roaming\skype.ini
[2013/04/30 13:07:46 | 2133,397,503 | -HS- | M] () -- D:\hiberfil.sys
[2013/04/30 12:59:59 | 000,021,856 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/30 12:59:59 | 000,021,856 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/30 12:57:04 | 000,653,928 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/04/30 12:57:04 | 000,615,810 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/04/30 12:57:04 | 000,129,800 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/04/30 12:57:04 | 000,106,190 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/04/29 17:29:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/28 09:01:14 | 000,000,284 | ---- | M] () -- D:\Windows\tasks\PC Performer_DEFAULT.job
[2013/04/25 12:19:46 | 094,355,552 | ---- | M] () -- D:\Users\Ferdinand\Desktop\Lebenslauf.rtf
[2013/04/24 16:57:31 | 000,003,563 | ---- | M] () -- D:\Users\Ferdinand\Desktop\Beschreibung.rtf
[2013/04/24 13:27:14 | 000,000,292 | ---- | M] () -- D:\Windows\tasks\PC Performer_UPDATES.job
[2013/04/24 09:44:58 | 000,003,521 | ---- | M] () -- D:\Users\Ferdinand\Documents\Beschreibung.rtf
[2013/04/23 13:28:15 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF reDirect v2
[2013/04/23 13:27:00 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
[2013/04/23 13:26:41 | 000,592,120 | ---- | M] () -- D:\Users\Ferdinand\Desktop\pcpholasetup.exe
[2013/04/23 13:26:37 | 007,451,448 | ---- | M] (EXP Systems LLC) -- D:\Users\Ferdinand\Desktop\Install_PDFR_v252.exe
[2013/04/23 13:22:34 | 000,000,510 | ---- | M] () -- D:\Users\Ferdinand\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JPG To PDF Converter.lnk
[2013/04/23 13:22:33 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\JPG2PDF
[2013/04/18 21:29:45 | 000,288,784 | ---- | M] () -- D:\Users\Ferdinand\Desktop\paK3lGJ.png
[2013/04/18 08:39:24 | 000,214,945 | ---- | M] () -- D:\Users\Ferdinand\Desktop\432076_3534586124543_789852424_n.jpg
[2013/04/10 21:17:27 | 004,893,448 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/04/29 18:07:19 | 000,000,004 | ---- | C] () -- D:\Users\Ferdinand\AppData\Roaming\skype.ini
[2013/04/24 16:57:31 | 000,003,563 | ---- | C] () -- D:\Users\Ferdinand\Desktop\Beschreibung.rtf
[2013/04/24 11:08:02 | 094,355,552 | ---- | C] () -- D:\Users\Ferdinand\Desktop\Lebenslauf.rtf
[2013/04/24 09:44:57 | 000,003,521 | ---- | C] () -- D:\Users\Ferdinand\Documents\Beschreibung.rtf
[2013/04/23 13:27:05 | 000,000,292 | ---- | C] () -- D:\Windows\tasks\PC Performer_UPDATES.job
[2013/04/23 13:27:05 | 000,000,284 | ---- | C] () -- D:\Windows\tasks\PC Performer_DEFAULT.job
[2013/04/23 13:26:31 | 000,592,120 | ---- | C] () -- D:\Users\Ferdinand\Desktop\pcpholasetup.exe
[2013/04/23 13:22:34 | 000,000,510 | ---- | C] () -- D:\Users\Ferdinand\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JPG To PDF Converter.lnk
[2013/04/18 21:29:45 | 000,288,784 | ---- | C] () -- D:\Users\Ferdinand\Desktop\paK3lGJ.png
[2013/04/18 08:39:23 | 000,214,945 | ---- | C] () -- D:\Users\Ferdinand\Desktop\432076_3534586124543_789852424_n.jpg
[2012/12/28 15:27:47 | 000,180,908 | ---- | C] () -- D:\Windows\hpoins29.dat
[2012/12/28 15:27:47 | 000,000,457 | ---- | C] () -- D:\Windows\hpomdl29.dat
[2012/10/23 21:03:34 | 000,090,112 | ---- | C] () -- D:\Users\Ferdinand\AppData\Roaming\skype.dat
[2012/10/23 19:20:22 | 000,189,248 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2012/10/23 19:20:21 | 000,075,136 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2012/10/23 14:32:28 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2012/09/27 21:29:54 | 000,204,952 | ---- | C] () -- D:\Windows\SysWow64\ativvsvl.dat
[2012/09/27 21:29:54 | 000,157,144 | ---- | C] () -- D:\Windows\SysWow64\ativvsva.dat
[2012/05/02 08:58:10 | 000,029,184 | ---- | C] () -- D:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012/12/15 17:19:25 | 000,000,000 | ---D | M] -- D:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/10/27 17:06:05 | 000,000,000 | ---D | M] -- D:\ProgramData\Ableton
[2012/10/23 14:31:48 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2012/10/23 09:56:31 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2013/04/23 13:26:55 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2013/04/23 13:27:17 | 000,000,000 | ---D | M] -- D:\ProgramData\BrowserProtect
[2012/10/23 18:01:55 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2012/10/23 09:56:31 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2012/11/05 17:38:58 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core
[2012/11/03 19:38:17 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2012/10/23 09:56:31 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2013/04/23 13:27:01 | 000,000,000 | ---D | M] -- D:\ProgramData\IBUpdaterService
[2012/12/04 12:08:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Origin
[2012/10/23 21:39:40 | 000,000,000 | ---D | M] -- D:\ProgramData\PC Auto Shutdown
[2013/04/23 13:28:28 | 000,000,000 | ---D | M] -- D:\ProgramData\PDF reDirect
[2013/04/29 14:51:16 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2012/12/21 13:03:30 | 000,000,000 | ---D | M] -- D:\ProgramData\regid.1986-12.com.adobe
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/10/23 09:56:31 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/10/23 19:20:55 | 000,000,000 | ---D | M] -- D:\ProgramData\Ubisoft
[2012/10/23 09:56:31 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2013/04/27 18:12:32 | 000,000,000 | ---D | M] -- D:\ProgramData\WarThunder
[2013/04/28 09:01:14 | 000,000,284 | ---- | M] () -- D:\Windows\Tasks\PC Performer_DEFAULT.job
[2013/04/24 13:27:14 | 000,000,292 | ---- | M] () -- D:\Windows\Tasks\PC Performer_UPDATES.job
[2013/01/14 07:27:13 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> D:\Users\Ferdinand\Desktop\Studienbescheinung SS 2012.jpeg:3or4kl4x13tuuug3Byamue2s4b
< End of report >
--- --- ---

[/CODE]

t'john 03.05.2013 11:47
:hallo:


Fixen mit OTLpe
  • Starte den unbootbaren Computer erneut mit der OTLPE-CD,
  • warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

  • Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
  • Sollte das mangels Internet-Verbindung nicht möglich sein,
  • kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
  • Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
  • Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:


Code:
:OTL

SRV - [2013/03/22 10:09:37 | 002,787,280 | ---- | M] () [Auto] -- D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
O4 - HKU\Ferdinand_ON_D..\Run: [AdobeBridge] File not found
O4 - HKU\Ferdinand_ON_D..\Run: [DAEMON Tools Lite] File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKU\Ferdinand_ON_D Winlogon: Shell - (C:\Users\Ferdinand\AppData\Roaming\skype.dat) - D:\Users\Ferdinand\AppData\Roaming\skype.dat ()
[2012/10/23 21:03:34 | 000,090,112 | ---- | C] () -- D:\Users\Ferdinand\AppData\Roaming\skype.dat
[2013/04/28 09:01:14 | 000,000,284 | ---- | M] () -- D:\Windows\tasks\PC Performer_DEFAULT.job
[2013/04/24 13:27:14 | 000,000,292 | ---- | M] () -- D:\Windows\tasks\PC Performer_UPDATES.job

:Files

ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
  • Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
  • Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

schwarz. 03.05.2013 19:08
Total Super!

Es läuft wieder. Hier das logfile.

Code:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserProtect deleted successfully.
D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe moved successfully.
Registry key HKEY_USERS\Ferdinand_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Ferdinand_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll deleted successfully.
D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll moved successfully.
Registry value HKEY_USERS\Ferdinand_ON_D\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Ferdinand\AppData\Roaming\skype.dat deleted successfully.
D:\Users\Ferdinand\AppData\Roaming\skype.dat moved successfully.
File D:\Users\Ferdinand\AppData\Roaming\skype.dat not found.
D:\Windows\Tasks\PC Performer_DEFAULT.job moved successfully.
D:\Windows\Tasks\PC Performer_UPDATES.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
D:\cmd.bat deleted successfully.
D:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes
 
User: Default User
 
User: Ferdinand
->Temp folder emptied: 206897449 bytes
->Temporary Internet Files folder emptied: 848768097 bytes
->Java cache emptied: 1250182 bytes
->FireFox cache emptied: 426128471 bytes
->Flash cache emptied: 149602 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 205620422 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36127342 bytes
 
Total Files Cleaned = 1,645.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 05032013_235755

t'john 03.05.2013 20:05
Prima.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




dann:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

t'john 19.06.2013 07:36
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131