Illegale Windowsversion- Trojaner

metalschmidt · 15.03.2012, 13:50

Hallo,

ich hab mir ebenfalls diesen Virus eingefangen, bei welchem über dem ganzen Bildschirm eine Anzeige erscheint, von wegen man hätte eine illegale Win-Version etc.

Ich bin mit OTLPENet bereits so weit verfahren bis es daran geht, das Programm zu starten. Es erscheint ein Fenster ("Browse for folder") in dem ich nun u.a. C:, Laufwerke, etc. auswählen kann. Allerdings kommt, nach bestätigung stets die Antwort: "No windows installation found", oder sinngemäß: kein Win 2000 oder aktueller vorhanden.

Könnt ihr mir helfen OTLPENet zum laufen zu kriegen?
Vielen Dank schonmal!

markusg · 15.03.2012, 13:53

hi,
klappe mal c: auf, dort sollte der ordner windows sein, den dann anklicken, und los gehts
falls der da nicht ist, die weiteren ordner aufklappen und dort suchen.

metalschmidt · 15.03.2012, 14:02

hi,
unter C: kann nur noch der Ordner "Boot" geöffnet werden und dort befinden sich nur die Ordner mit den verscheidenen Sprachausgaben.

Sonst befinden sich nur "recycle Bin" und "Systemvalue Information" auf C:

markusg · 15.03.2012, 14:04

aber unter computer sind ja sicher noch mehr ordner als boot, klappe dann alle nacheinander auf und suche den windows ordner

metalschmidt · 15.03.2012, 14:08

Auf D: befindet sich ein Windows und oldWindows ordner
allerdings sollte diesen den du meinst sicher auf C: zu finden sein?

metalschmidt · 15.03.2012, 15:31

Es hat damit funktioniert, hier ist der Report:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 3/15/2012 4:17:07 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.31 Mb Free Space | 74.32% Space Free | Partition Type: NTFS
Drive D: | 596.07 Gb Total Space | 289.71 Gb Free Space | 48.60% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/11/04 11:45:14 | 000,202,752 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/02/23 16:41:00 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/02 09:32:52 | 000,018,432 | ---- | M] () [Auto] -- D:\Users\Marc Schmidt\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe -- (ReminderFoxUpdater)
SRV - [2011/12/15 09:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/15 09:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/11/06 13:01:47 | 000,107,832 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/11/06 13:01:31 | 000,066,872 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/06 07:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 09:38:06 | 000,068,136 | ---- | M] () [Auto] -- D:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/08/04 12:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto] -- D:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/19 20:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto] -- D:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/15 13:53:28 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/15 10:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/12/15 09:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/11/13 08:29:02 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2009/11/04 12:17:30 | 006,088,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/30 07:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/17 14:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/19 20:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009/03/19 20:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- D:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2012/03/15 08:06:52 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- D:\Windows\gdrv.sys -- (gdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Marc_Schmidt_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Marc_Schmidt_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Marc_Schmidt_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 5E 25 D1 58 C6 CC 01  [binary data]
IE - HKU\Marc_Schmidt_ON_D\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - Reg Error: Key error. File not found
IE - HKU\Marc_Schmidt_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marc_Schmidt_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.18.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 09:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 12:44:13 | 000,000,000 | ---D | M]
 
[2011/10/28 13:31:22 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Marc Schmidt\AppData\Roaming\Mozilla\Extensions
[2012/02/10 10:25:03 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Marc Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\7r1r17en.default\extensions
[2011/10/29 06:25:23 | 000,000,000 | ---D | M] (Winamp Toolbar) -- D:\Users\Marc Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\7r1r17en.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/12/21 11:17:07 | 000,000,000 | ---D | M] (Speed Dial) -- D:\Users\Marc Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\7r1r17en.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2012/02/10 09:25:01 | 000,000,000 | ---D | M] (ReminderFox) -- D:\Users\Marc Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\7r1r17en.default\extensions\addon@reminderfox.org
[2011/10/29 06:25:46 | 000,002,354 | ---- | M] () -- D:\Users\Marc Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\7r1r17en.default\searchplugins\aol-web-search.xml
[2012/02/11 07:05:57 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/29 14:38:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
[2012/02/18 09:17:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/30 08:52:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/12/21 01:08:50 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/21 01:02:40 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/21 01:08:50 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/21 01:08:50 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/21 01:08:50 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/21 01:08:50 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (ReminderFox) - {7C9B39E6-6606-4ED2-8A3F-36E39C78CBDC} - D:\Users\Marc Schmidt\AppData\LocalLow\ReminderFox\IE\ReminderFox.dll (Tom Mutdosch)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKU\Marc_Schmidt_ON_D\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - D:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] D:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [BCU] D:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Marc_Schmidt_ON_D..\Run: [vasja] D:\Users\Marc Schmidt\AppData\Local\Temp\mor.exe ()
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Marc_Schmidt_ON_D\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15:64bit: - Marc_Schmidt_ON_D\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{e2cbc2b3-0185-11e1-acfe-6cf049032296}\Shell - "" = AutoRun
O33 - MountPoints2\{e2cbc2b3-0185-11e1-acfe-6cf049032296}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/14 07:10:26 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/14 06:52:32 | 001,837,568 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10warp.dll
[2012/03/14 06:52:32 | 001,541,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/14 06:52:32 | 001,170,944 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10warp.dll
[2012/03/14 06:52:32 | 001,074,176 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2012/03/14 06:52:32 | 000,902,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d2d1.dll
[2012/03/14 06:52:32 | 000,739,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d2d1.dll
[2012/03/14 06:52:32 | 000,320,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1core.dll
[2012/03/14 06:52:32 | 000,218,624 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1core.dll
[2012/03/14 06:52:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1.dll
[2012/03/14 06:52:32 | 000,161,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1.dll
[2012/03/14 06:51:30 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll
[2012/03/14 06:51:30 | 000,076,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll
[2012/03/14 06:51:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe
[2012/03/14 06:51:28 | 001,031,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll
[2012/03/14 06:51:28 | 000,826,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\rdpcore.dll
[2012/03/12 17:25:38 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\Wat
[2012/03/12 17:25:37 | 000,000,000 | ---D | C] -- D:\Windows\System32\Wat
[2012/03/09 07:30:11 | 000,000,000 | ---D | C] -- D:\Users\Marc Schmidt\Desktop\Bio
[2012/02/16 14:19:26 | 000,509,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntshrui.dll
[2012/02/16 14:18:35 | 000,515,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\timedate.cpl
[2012/02/16 14:18:35 | 000,478,208 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\timedate.cpl
[2012/02/16 14:17:01 | 000,634,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msvcrt.dll
[2012/02/16 14:16:52 | 000,703,488 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2012/02/16 14:16:52 | 000,599,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2012/02/16 14:16:52 | 000,256,000 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2012/02/16 14:16:52 | 000,247,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/02/16 14:16:52 | 000,185,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2012/02/16 14:16:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2012/02/16 14:16:52 | 000,097,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2012/02/16 14:16:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2012/02/16 14:16:51 | 000,482,816 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2012/02/16 14:16:51 | 000,386,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2012/02/16 14:16:51 | 000,134,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/02/16 14:16:51 | 000,132,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2012/02/16 14:16:51 | 000,057,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2012/02/16 14:16:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2012/02/16 14:16:51 | 000,012,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2012/02/16 14:16:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/15 08:07:10 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/15 08:06:52 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- D:\Windows\gdrv.sys
[2012/03/15 08:06:41 | 3220,037,632 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/14 18:35:34 | 000,015,152 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 18:35:34 | 000,015,152 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 17:24:25 | 000,000,456 | ---- | M] () -- D:\Users\Marc Schmidt\Documents\cc_20120314_222421.reg
[2012/03/14 07:12:46 | 000,027,054 | ---- | M] () -- D:\Users\Marc Schmidt\Documents\cc_20120314_121242.reg
[2012/03/14 07:10:26 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/14 06:58:25 | 000,288,304 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/13 17:27:06 | 000,616,276 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/03/13 17:27:06 | 000,580,514 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/13 17:27:06 | 000,122,020 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/03/13 17:27:06 | 000,098,410 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/13 15:44:28 | 000,000,838 | ---- | M] () -- D:\Users\Marc Schmidt\Documents\cc_20120313_204426.reg
[2012/02/21 18:37:30 | 000,020,626 | ---- | M] () -- D:\Users\Marc Schmidt\Documents\cc_20120221_233726.reg
[2012/02/20 04:11:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/16 18:04:40 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/15 13:53:28 | 000,132,320 | ---- | M] (Avira GmbH) -- D:\Windows\System32\drivers\avipbb.sys
[2012/02/15 02:27:54 | 001,031,680 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll
[2012/02/15 01:44:57 | 000,826,368 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\rdpcore.dll
 
========== Files Created - No Company Name ==========
 
[2012/03/14 17:24:23 | 000,000,456 | ---- | C] () -- D:\Users\Marc Schmidt\Documents\cc_20120314_222421.reg
[2012/03/14 07:12:44 | 000,027,054 | ---- | C] () -- D:\Users\Marc Schmidt\Documents\cc_20120314_121242.reg
[2012/03/13 15:44:27 | 000,000,838 | ---- | C] () -- D:\Users\Marc Schmidt\Documents\cc_20120313_204426.reg
[2012/02/21 18:37:27 | 000,020,626 | ---- | C] () -- D:\Users\Marc Schmidt\Documents\cc_20120221_233726.reg
[2011/12/27 11:55:53 | 000,000,056 | -H-- | C] () -- D:\ProgramData\ezsidmv.dat
[2011/12/21 11:35:42 | 000,000,400 | ---- | C] () -- D:\Windows\ODBC.INI
[2011/11/30 11:25:31 | 000,000,620 | ---- | C] () -- D:\Windows\eReg.dat
[2011/11/06 13:01:40 | 000,107,832 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/11/06 13:01:31 | 002,250,024 | ---- | C] () -- D:\Windows\SysWow64\pbsvc.exe
[2011/11/06 13:01:31 | 000,066,872 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2011/10/30 13:32:34 | 000,000,010 | ---- | C] () -- D:\Windows\GSetup.ini
[2011/10/30 13:28:18 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2009/08/27 03:04:12 | 000,207,400 | R--- | C] () -- D:\Windows\GSetup.exe
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/10/28 13:02:51 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/11/13 08:28:28 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/10/28 13:02:51 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2012/01/06 10:57:53 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core
[2012/01/06 10:57:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2011/10/28 13:02:51 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/10/28 13:02:51 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/11/19 05:45:48 | 000,000,000 | ---D | M] -- D:\ProgramData\Ubisoft
[2011/10/28 13:02:51 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/01/09 14:35:55 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

markusg · 15.03.2012, 15:57

hi
normalerweise c:
aber kann ja instaliert werden wo man es gerne hätte
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - HKU\Marc_Schmidt_ON_D..\Run: [vasja] D:\Users\Marc Schmidt\AppData\Local\Temp\mor.exe ()
:Files
D:\Users\Marc Schmidt\AppData\Local\Temp\mor.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

edit:
bei dir d:

15.03.2012, 13:53	#2
markusg /// Malware-holic	Illegale Windowsversion- Trojaner hi, klappe mal c: auf, dort sollte der ordner windows sein, den dann anklicken, und los gehts falls der da nicht ist, die weiteren ordner aufklappen und dort suchen. __________________ __________________

Illegale Windowsversion- Trojaner

Log-Analyse und Auswertung: Illegale Windowsversion- Trojaner