Polizei Virus Österreich

franzfranz · 26.08.2012, 16:15

Hallo,
ich hab den polizei virus und hab jetzt im abgesicherten modus mit netzwerktreibern meinen Weg hierher gefunden.

Den OTL Scan hab ich ausgeführt.

Code:

ATTFilter

OTL logfile created on: 26.08.2012 16:55:29 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Dokumente und Einstellungen\Puzili\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1014,11 Mb Total Physical Memory | 515,54 Mb Available Physical Memory | 50,84% Memory free
2,38 Gb Paging File | 2,10 Gb Available in Paging File | 88,22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 5,34 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
Drive D: | 54,10 Gb Total Space | 32,88 Gb Free Space | 60,77% Space Free | Partition Type: NTFS
 
Computer Name: LADY-LYNCH | User Name: Puzili | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.26 16:34:55 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Puzili\Desktop\OTL.exe
PRC - [2012.08.26 12:57:32 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.26 12:57:32 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.12.03 16:04:56 | 006,276,768 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2006.09.16 23:19:36 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (Microsoft Corporation)
SRV - File not found [Auto | Stopped] -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2012.08.26 12:57:32 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.06 11:40:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 23:53:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.08.30 19:10:42 | 001,562,381 | ---- | M] () [Auto | Stopped] -- C:\Programme\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007.02.11 21:37:32 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006.10.04 19:25:00 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.10.04 19:15:30 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006.10.04 19:06:58 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.06.20 17:11:00 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006.01.19 10:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) [Auto | Stopped] -- c:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.05.04 01:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2005.05.03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)
SRV - [2005.03.14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011.07.06 11:40:56 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.06 11:40:56 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.10.07 10:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009.10.07 10:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009.10.07 10:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 10:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.09.22 21:07:12 | 005,915,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.08.05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007.02.13 16:03:57 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2007.02.11 21:28:14 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2006.07.24 10:38:20 | 000,990,592 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.07.24 10:38:20 | 000,727,808 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.07.24 10:38:20 | 000,208,256 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.07.03 00:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006.05.23 01:56:00 | 000,245,248 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.02.21 11:32:32 | 000,226,304 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006.02.08 15:12:00 | 000,217,216 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2006.02.08 15:12:00 | 000,017,792 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2006.01.04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005.05.26 19:48:50 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2004.10.11 19:22:02 | 000,211,712 | R--- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2004.10.11 19:18:58 | 000,022,016 | R--- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004.05.05 14:40:38 | 000,019,584 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2004.04.06 15:08:00 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004.04.06 15:07:00 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004.04.06 15:07:00 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2002.09.16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2000.12.05 17:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000.11.09 21:15:08 | 000,048,896 | R--- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\..\SearchScopes,DefaultScope = {04EA495B-96D4-40C4-892D-3E084869F025}
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\..\SearchScopes\{04EA495B-96D4-40C4-892D-3E084869F025}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\..\SearchScopes\{A3F393A5-915F-4AA3-944A-D2DC1FC9F543}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:5.6
FF - prefs.js..keyword.URL: "hxxp://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.01 20:22:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.26 12:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.26 12:57:37 | 000,000,000 | ---D | M]
 
[2008.08.29 21:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\Mozilla\Extensions
[2012.08.22 23:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\Mozilla\Firefox\Profiles\ocu9v29d.default\extensions
[2009.09.04 19:14:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\Mozilla\Firefox\Profiles\ocu9v29d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007.06.26 22:37:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\Mozilla\Firefox\Profiles\ocu9v29d.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2007.06.26 23:26:02 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\Mozilla\Firefox\Profiles\ocu9v29d.default\searchplugins\icqplugin.gif
[2010.02.19 23:20:39 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\Mozilla\Firefox\Profiles\ocu9v29d.default\searchplugins\icqplugin.src
[2012.08.21 22:15:21 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\Mozilla\Firefox\Profiles\ocu9v29d.default\searchplugins\icqplugin.xml
[2012.08.26 12:57:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.26 12:57:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.08.26 12:57:28 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.26 12:57:28 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.08.26 12:57:28 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.26 12:57:28 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.26 12:57:28 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.26 12:57:28 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Yahoo! Suche (Enabled)
CHR - default_search_provider: search_url = hxxp://at.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Puzili\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Programme\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Puzili\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Puzili\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Puzili\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Puzili\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2008.12.17 21:22:36 | 000,290,363 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 9998 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Pinnacle WebUpdater] C:\Programme\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe (Pinnacle Systems)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PMCRemote] C:\Programme\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Update 3] C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
O4 - HKU\S-1-5-21-448539723-1214440339-682003330-1004..\Run: [{E44DEB8A-E94B-2380-635F-BFE6E026794C}] "C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\Zeisko\lyty.exe" File not found
O4 - HKU\S-1-5-21-448539723-1214440339-682003330-1004..\Run: [gStart] C:\Garmin\gStart.exe File not found
O4 - HKU\S-1-5-21-448539723-1214440339-682003330-1004..\Run: [Logitech Vid] C:\Programme\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-448539723-1214440339-682003330-1004..\Run: [PMCS] C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe (Pinnacle Systems)
O4 - HKU\S-1-5-21-448539723-1214440339-682003330-1004..\Run: [SsAAD.exe] C:\Programme\Sony\SonicStage\SSAAD.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1214440339-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171218121828 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74BE6924-81F2-4AEF-B36B-0197C6116DE2}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74BE6924-81F2-4AEF-B36B-0197C6116DE2}: NameServer = 195.34.133.21,195.34.133.22
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Puzili\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Puzili\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.02.11 19:33:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{32cbd891-dde4-11df-8e8c-0018de637b97}\Shell\AutoRun\command - "" = H:\Vado\VadoCentral.exe
O33 - MountPoints2\{424a1dc2-eec2-11db-89ff-0018de637b97}\Shell\Auto\command - "" = RavMon.exe e
O33 - MountPoints2\{424a1dc2-eec2-11db-89ff-0018de637b97}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{424a1dc2-eec2-11db-89ff-0018de637b97}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e
O33 - MountPoints2\{70e811f5-d36d-11dd-8c9b-0018de637b97}\Shell - "" = AutoRun
O33 - MountPoints2\{70e811f5-d36d-11dd-8c9b-0018de637b97}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{70e811f5-d36d-11dd-8c9b-0018de637b97}\Shell\AutoRun\command - "" = H:\OnSpcLCK.exe
O33 - MountPoints2\{a5b9efb9-8ae4-11dc-8b13-0018de637b97}\Shell - "" = AutoRun
O33 - MountPoints2\{a5b9efb9-8ae4-11dc-8b13-0018de637b97}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a5b9efb9-8ae4-11dc-8b13-0018de637b97}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{e3ba0b4b-b5e5-11df-8e83-0018de637b97}\Shell\AutoRun\command - "" = H:\Vado\VadoCentral.exe
O33 - MountPoints2\{f59da5ce-ecda-11de-8d75-0018de637b97}\Shell\AutoRun\command - "" = bzqkuh.exe
O33 - MountPoints2\{f59da5ce-ecda-11de-8d75-0018de637b97}\Shell\explore\Command - "" = bzqkuh.exe
O33 - MountPoints2\{f59da5ce-ecda-11de-8d75-0018de637b97}\Shell\open\Command - "" = bzqkuh.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.26 16:35:13 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Puzili\Desktop\OTL.exe
[2012.08.26 16:27:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012.08.26 12:57:48 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2012.08.26 12:57:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.26 16:34:55 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Puzili\Desktop\OTL.exe
[2012.08.26 16:27:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.26 16:26:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.26 16:10:53 | 083,023,306 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2012.08.26 16:09:40 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-1214440339-682003330-1004.job
[2012.08.26 16:09:36 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI
[2012.08.26 16:09:35 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.26 16:01:00 | 000,001,613 | ---- | M] () -- C:\Dokumente und Einstellungen\Puzili\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.08.26 15:30:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.26 12:37:11 | 000,049,152 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Puzili\CompiledAdapter
[2012.08.24 16:22:20 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-1214440339-682003330-1004.job
[2012.08.22 23:43:56 | 000,001,784 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.08.16 15:02:37 | 000,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.08.16 14:59:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.08.12 12:26:10 | 000,004,993 | ---- | M] () -- C:\Dokumente und Einstellungen\Puzili\Desktop\schlagerparty.JPG
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.26 16:00:59 | 000,001,613 | ---- | C] () -- C:\Dokumente und Einstellungen\Puzili\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.08.26 16:00:51 | 083,023,306 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2012.08.12 12:26:21 | 000,004,993 | ---- | C] () -- C:\Dokumente und Einstellungen\Puzili\Desktop\schlagerparty.JPG
[2012.05.07 16:14:20 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Puzili\RefEdit.exd
[2012.02.16 15:57:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.13 22:47:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.09.13 12:42:32 | 000,106,038 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2011.09.13 12:42:32 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2011.09.13 12:38:56 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011.07.06 13:13:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2011.07.06 13:13:31 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2011.07.06 13:13:30 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2011.07.06 13:13:29 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2011.07.06 13:13:28 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2011.02.16 15:41:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.10.19 22:05:50 | 000,000,042 | -H-- | C] () -- C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\iPodAccessv4_OwnerName
[2009.10.19 22:05:50 | 000,000,042 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iPodAccessv4_OwnerName
[2009.10.19 21:43:14 | 000,000,202 | ---- | C] () -- C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\iPod Access v4 Prefs
[2009.10.19 21:39:09 | 000,000,011 | -H-- | C] () -- C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\iPodAccess_Time
[2007.04.03 17:05:58 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.02.20 11:02:52 | 000,049,152 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\Puzili\CompiledAdapter
[2007.02.15 10:20:22 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MagicPlayDVD.ini
[2007.02.13 16:42:59 | 000,131,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Puzili\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.02.13 16:24:46 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\.zreglib
[2007.02.13 16:13:19 | 000,000,125 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2007.02.11 20:42:35 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Puzili\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 158 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

< End of report >

Hoffe ich hab alles richti gemacht und bitte um Hilfe.

lg
Franz

t'john · 27.08.2012, 03:22

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM) 
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) 
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) 
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) 
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) 
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) 
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) 
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) 
DRV - File not found [Kernel | System | Stopped] -- -- (Changer) 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.) 
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\..\SearchScopes,DefaultScope = {04EA495B-96D4-40C4-892D-3E084869F025} 
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\..\SearchScopes\{04EA495B-96D4-40C4-892D-3E084869F025}: "URL" = http://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} 
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC 
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\..\SearchScopes\{A3F393A5-915F-4AA3-944A-D2DC1FC9F543}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-448539723-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultenginename: "Yahoo" 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:5.6 
FF - prefs.js..keyword.URL: "http://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found 
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) 
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.) 
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found 
O4 - HKU\S-1-5-21-448539723-1214440339-682003330-1004..\Run: [{E44DEB8A-E94B-2380-635F-BFE6E026794C}] "C:\Dokumente und Einstellungen\Puzili\Anwendungsdaten\Zeisko\lyty.exe" File not found 
O4 - HKU\S-1-5-21-448539723-1214440339-682003330-1004..\Run: [gStart] C:\Garmin\gStart.exe File not found 
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) 
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-21-448539723-1214440339-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) 
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) 
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2007.02.11 19:33:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] 
O33 - MountPoints2\{32cbd891-dde4-11df-8e8c-0018de637b97}\Shell\AutoRun\command - "" = H:\Vado\VadoCentral.exe 
O33 - MountPoints2\{424a1dc2-eec2-11db-89ff-0018de637b97}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{424a1dc2-eec2-11db-89ff-0018de637b97}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e 
O33 - MountPoints2\{70e811f5-d36d-11dd-8c9b-0018de637b97}\Shell - "" = AutoRun 
O33 - MountPoints2\{70e811f5-d36d-11dd-8c9b-0018de637b97}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{70e811f5-d36d-11dd-8c9b-0018de637b97}\Shell\AutoRun\command - "" = H:\OnSpcLCK.exe 
O33 - MountPoints2\{a5b9efb9-8ae4-11dc-8b13-0018de637b97}\Shell - "" = AutoRun 
O33 - MountPoints2\{a5b9efb9-8ae4-11dc-8b13-0018de637b97}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{a5b9efb9-8ae4-11dc-8b13-0018de637b97}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a 
O33 - MountPoints2\{e3ba0b4b-b5e5-11df-8e83-0018de637b97}\Shell\AutoRun\command - "" = H:\Vado\VadoCentral.exe 
O33 - MountPoints2\{f59da5ce-ecda-11de-8d75-0018de637b97}\Shell\AutoRun\command - "" = bzqkuh.exe 
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
@Alternate Data Stream - 158 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2 
[2012.08.26 16:10:53 | 083,023,306 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad 
[2012.08.26 16:09:40 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-1214440339-682003330-1004.job 
[2012.08.26 16:09:35 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.26 16:01:00 | 000,001,613 | ---- | M] () -- C:\Dokumente und Einstellungen\Puzili\Startmenü\Programme\Autostart\ctfmon.lnk 
[2012.08.26 15:30:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.24 16:22:20 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-1214440339-682003330-1004.job 
[2011.02.16 15:41:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat 
:Files

C:\Users\Puzili\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Puzili\AppData\Local\Temp\*.exe
C:\Users\Puzili\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

t'john · 13.10.2012, 00:15

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Polizei Virus Österreich

Log-Analyse und Auswertung: Polizei Virus Österreich