Erneut Bundespolizeitrojaner

wernat · 18.04.2011, 19:38

Hallo,
jetzt hat es mich auch erwischt.

Wenn ich OTLPE (frisch runtergeladen) starte, erscheint ein kleiner Bildschirm, der Browse For Folder überschrieben ist. My Computer wird angeboten. Wennich dann ok sage erscheint die Meldung "No windows installations found.

Habe ein Toshiba Notebook mit Windows Vista.

Kann mir jemand helfen?

Danke schon mal im voraus.
Werner

markusg · 18.04.2011, 19:46

wähle mal bei my computer c: und dann windows

wernat · 18.04.2011, 20:03

Läuft. Danke markusg!
Ich hoffe, Du hilfst mir noch etwas weiter (ich bin schon ein älteres Semester). Ich sehe jetzt
notify.log,
rkill.log und
OTL.TXT.

markusg · 18.04.2011, 20:05

na sicher. heute bin ich aber nicht mehr lange online.
ich hätte gern
OTL.TXT

wernat · 18.04.2011, 20:08

Hier ist der ziemliche lange Text:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 4/18/2011 9:47:44 PM - Run 
OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 75.87 Gb Free Space | 54.30% Space Free | Partition Type: NTFS
Drive D: | 138.26 Gb Total Space | 54.89 Gb Free Space | 39.70% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet008
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (TOSHIBA Bluetooth Service)
SRV - [2011/04/03 13:11:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/10 08:23:04 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/04 17:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008/12/16 16:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/04/24 04:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/17 14:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 04:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 14:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 07:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 10:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 13:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/17 08:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (TpChoice)
DRV - File not found [Kernel | On_Demand] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/04/03 13:11:40 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 08:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/29 10:16:34 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/17 08:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/22 12:04:40 | 000,262,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/06/30 04:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/12/17 02:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 02:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/17 01:53:44 | 002,686,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/12/17 01:53:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/12/16 16:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007/11/08 23:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/11 21:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2007/07/13 22:30:00 | 000,742,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/05/15 19:16:20 | 002,602,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/04/27 14:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/01/24 08:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/18 10:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/18 10:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/12/26 08:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/11/28 10:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 06:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/08/30 04:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 10:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2005/07/28 02:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\J_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\J_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\J_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKU\J_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\J_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\J_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\J_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\J_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\J_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\J_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/12 14:48:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/26 11:57:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 11:57:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/11 09:27:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/03/11 09:27:50 | 000,000,000 | ---D | M]
 
[2010/09/03 07:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J\AppData\Roaming\Mozilla\Extensions
[2010/09/03 07:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/26 11:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\nq4h9v2j.default\extensions
[2010/08/30 16:43:49 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\nq4h9v2j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/08/30 16:43:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\nq4h9v2j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/30 16:43:49 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\nq4h9v2j.default\extensions\firefox@tvunetworks.com
[2010/06/08 06:29:10 | 000,000,927 | ---- | M] () -- C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\nq4h9v2j.default\searchplugins\conduit.xml
[2010/08/30 16:43:57 | 000,000,687 | ---- | M] () -- C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\nq4h9v2j.default\searchplugins\icq-search.xml
[2010/09/16 13:22:24 | 000,000,950 | ---- | M] () -- C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\nq4h9v2j.default\searchplugins\icqplugin-1.xml
[2010/10/20 13:01:32 | 000,000,950 | ---- | M] () -- C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\nq4h9v2j.default\searchplugins\icqplugin-2.xml
[2010/10/29 17:10:44 | 000,000,950 | ---- | M] () -- C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\nq4h9v2j.default\searchplugins\icqplugin-3.xml
[2010/12/09 17:20:34 | 000,000,950 | ---- | M] () -- C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\nq4h9v2j.default\searchplugins\icqplugin-4.xml
[2011/01/07 17:27:37 | 000,000,950 | ---- | M] () -- C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\nq4h9v2j.default\searchplugins\icqplugin-5.xml
[2010/09/09 15:50:39 | 000,000,950 | ---- | M] () -- C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\nq4h9v2j.default\searchplugins\icqplugin.xml
[2008/07/12 04:55:01 | 000,001,196 | ---- | M] () -- C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\nq4h9v2j.default\searchplugins\winamp-search.xml
[2011/04/03 13:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2011/03/26 11:56:54 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/26 11:56:59 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/03/26 11:56:59 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/03/26 11:56:59 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/03/26 11:57:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/03/26 11:57:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/03/26 11:57:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\J_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKU\J_ON_C\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\J_ON_C..\Run: [TOSCDSPD]  File not found
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\J_ON_C Winlogon: Shell - (C:\Program Files\Mozilla Firefox\null0.42707417480409227.exe) - C:\Program Files\Mozilla Firefox\null0.42707417480409227.exe (Wxpekwgc Nfnsy)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{13531655-81c2-11de-9039-001eec342cce}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL hxxp://www.garmin.com/agent
O33 - MountPoints2\{1ac194ad-8389-11df-a133-001eec342cce}\Shell - "" = AutoRun
O33 - MountPoints2\{1ac194ad-8389-11df-a133-001eec342cce}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{fbda87fd-c865-11de-ad1f-001eec342cce}\Shell - "" = AutoRun
O33 - MountPoints2\{fbda87fd-c865-11de-ad1f-001eec342cce}\Shell\AutoRun\command - "" = D:\autorun_ETKA7.2.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/08 14:03:11 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Malwarebytes
[2011/04/08 14:03:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/08 14:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 14:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/08 14:02:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/08 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/03 13:16:43 | 000,000,000 | ---D | C] -- C:\Windows\PIF
[2011/04/03 13:15:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/03 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Avira
[2011/04/03 13:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/04/03 13:09:20 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/03 13:09:20 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/04/03 13:09:19 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/04/03 13:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/04/03 13:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/03/15 14:58:40 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\J\AppData\Roaming\AcroIEHelpe.dll
[2009/01/30 12:30:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\J\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\J\AppData\Roaming\*.tmp files -> C:\Users\J\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/18 14:03:34 | 000,003,952 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/18 14:03:34 | 000,003,952 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/18 14:03:18 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 14:03:17 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2011/04/18 14:03:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/18 14:02:27 | 3219,177,472 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/18 13:13:01 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/17 11:43:12 | 000,633,836 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/17 11:43:12 | 000,591,872 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/17 11:43:12 | 000,127,582 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/17 11:43:12 | 000,105,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/12 16:41:26 | 000,120,320 | ---- | M] () -- C:\Users\J\Documents\Run.xlr
[2011/04/12 16:40:50 | 000,002,633 | ---- | M] () -- C:\Users\J\Desktop\Microsoft Office Excel 2007.lnk
[2011/04/09 17:54:46 | 000,000,136 | ---- | M] () -- C:\ProgramData\~42589960r
[2011/04/09 17:54:46 | 000,000,104 | ---- | M] () -- C:\ProgramData\~42589960
[2011/04/09 05:46:16 | 000,069,120 | ---- | M] () -- C:\Users\J\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 14:03:04 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/08 14:03:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 12:17:24 | 000,000,336 | ---- | M] () -- C:\ProgramData\42589960
[2011/04/08 12:11:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/04/08 12:11:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2011/04/08 12:11:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodei Multimedia Processor
[2011/04/08 12:11:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/08 12:11:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TVUPlayer
[2011/04/08 12:11:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba TEMPRO
[2011/04/08 12:11:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA DVD PLAYER
[2011/04/08 12:11:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2011/04/08 12:11:20 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2011/04/08 12:11:20 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/08 12:11:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/04/08 12:11:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/04/08 12:11:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/04/08 12:11:19 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/04/08 12:11:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/04/08 12:11:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotomatixPro3
[2011/04/08 12:11:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office-Bibliothek
[2011/04/08 12:11:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
[2011/04/08 12:11:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/04/08 12:11:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/04/08 12:11:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011/04/08 12:11:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/04/08 12:11:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP
[2011/04/08 12:11:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/04/08 12:11:14 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2011/04/08 12:11:14 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
[2011/04/08 12:11:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2011/04/08 12:11:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ETKA
[2011/04/08 12:11:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2011/04/08 12:11:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD MovieFactory for TOSHIBA
[2011/04/08 12:11:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/04/08 12:11:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011/04/08 12:11:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop SMS
[2011/04/08 12:11:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/04/08 12:11:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
[2011/04/08 12:11:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst-Installationsmanager
[2011/04/08 12:11:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Install Manager
[2011/04/08 12:11:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/04/08 12:11:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP510
[2011/04/08 12:11:11 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/04/08 12:11:11 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/04/05 10:57:49 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/04/05 10:57:49 | 000,001,428 | ---- | M] () -- C:\Users\J\Desktop\DivX Movies.lnk
[2011/04/03 13:11:40 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/03 13:09:35 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/03 13:09:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\J\AppData\Roaming\*.tmp files -> C:\Users\J\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/08 14:03:04 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/08 12:17:29 | 000,000,136 | ---- | C] () -- C:\ProgramData\~42589960r
[2011/04/08 12:17:29 | 000,000,104 | ---- | C] () -- C:\ProgramData\~42589960
[2011/04/08 12:17:24 | 000,000,336 | ---- | C] () -- C:\ProgramData\42589960
[2011/04/03 13:09:35 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/10/02 06:57:59 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/30 12:57:11 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/30 12:57:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/08/30 12:57:10 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/08/30 12:57:10 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/30 12:57:09 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/07/21 10:04:50 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/06/29 10:23:23 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe
[2010/06/29 10:21:36 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini
[2010/06/01 06:23:53 | 000,000,363 | ---- | C] () -- C:\Windows\pipeline.ini
[2010/03/11 13:40:19 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/04/17 11:29:55 | 000,811,040 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2.dat
[2009/04/14 11:16:41 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009/04/14 11:16:41 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009/04/14 11:16:41 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009/04/14 11:16:41 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009/04/14 11:16:41 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009/01/30 12:36:26 | 000,000,668 | ---- | C] () -- C:\Users\J\AppData\Roaming\vso_ts_preview.xml
[2009/01/30 12:30:46 | 000,087,608 | ---- | C] () -- C:\Users\J\AppData\Roaming\inst.exe
[2009/01/30 12:30:46 | 000,007,887 | ---- | C] () -- C:\Users\J\AppData\Roaming\pcouffin.cat
[2009/01/30 12:30:46 | 000,001,144 | ---- | C] () -- C:\Users\J\AppData\Roaming\pcouffin.inf
[2009/01/24 07:53:55 | 000,081,110 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/01/06 15:20:10 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/16 16:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/12/16 16:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008/09/02 11:41:38 | 000,000,016 | ---- | C] () -- C:\Users\J\AppData\Roaming\mxfilerelatedcache.mxc2
[2008/09/02 11:41:38 | 000,000,016 | ---- | C] () -- C:\Users\J\AppData\mxfilerelatedcache.mxc2
[2008/09/02 11:41:38 | 000,000,016 | ---- | C] () -- C:\Users\J\AppData\Local\mxfilerelatedcache.mxc2
[2008/08/31 03:29:46 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2008/08/27 10:57:42 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/27 10:57:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/12 07:00:40 | 002,047,416 | ---- | C] () -- C:\Program Files\qip8070.exe
[2008/07/11 08:31:58 | 000,069,120 | ---- | C] () -- C:\Users\J\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/09 12:50:24 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/09 12:50:23 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/07/09 12:22:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/07/09 11:07:15 | 029,612,832 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2008/07/09 09:18:21 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/07/09 09:18:21 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/07/09 09:18:21 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/07/09 09:18:21 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/05/31 10:05:10 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/05/31 09:41:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/31 09:41:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/31 09:41:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/31 09:41:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/31 09:41:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/31 09:41:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/31 09:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/31 09:20:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/05/31 08:49:39 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/05/31 08:49:39 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/05/31 08:49:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2007/05/31 08:48:33 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/05/31 08:48:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/05/31 08:48:32 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/04/27 04:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2006/12/05 07:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 11:33:31 | 000,633,836 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,127,582 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,409,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,591,872 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,752 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/08 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 07:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 15:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== LOP Check ==========
 
[2009/06/13 06:12:24 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Amazon
[2008/07/13 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Azureus
[2010/07/21 10:05:09 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Canneverbe Limited
[2009/07/10 05:32:40 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Canon
[2010/06/29 10:21:26 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\DAEMON Tools Lite
[2009/11/03 06:51:11 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\DAEMON Tools Pro
[2008/12/26 18:13:37 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\DeepBurner
[2009/07/21 14:41:43 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Duden
[2010/02/14 05:57:55 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\elsterformular
[2009/08/05 10:30:06 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\GARMIN
[2009/01/04 14:06:25 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\ICQLite
[2010/04/28 10:48:39 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\IrfanView
[2010/03/12 09:40:36 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\JonDo
[2011/03/15 14:57:57 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\kock
[2009/01/09 09:48:26 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Leadertech
[2010/10/02 05:47:32 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\MAGIX
[2009/12/31 09:20:35 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\PeerNetworking
[2009/09/05 13:28:01 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Sony
[2010/09/03 07:56:07 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Thunderbird
[2008/09/28 13:28:20 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\TOSHIBA
[2009/02/27 09:48:12 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\TuneUp Software
[2011/03/21 12:15:53 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\UAs
[2011/03/27 16:30:04 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\uTorrent
[2010/04/28 13:44:29 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Vso
[2011/03/21 12:18:10 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\xmldm
[2008/07/09 10:31:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/07/11 09:53:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Azureus
[2009/07/21 14:39:34 | 000,000,000 | ---D | M] -- C:\ProgramData\BIFAB
[2010/07/21 10:05:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2008/07/09 12:38:17 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonBJ
[2010/06/29 10:15:35 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/11/03 06:43:54 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Pro
[2011/02/26 18:05:37 | 000,000,000 | ---D | M] -- C:\ProgramData\dEeEaMk06504
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/07/09 10:31:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/02/14 05:55:22 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2008/07/09 10:31:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/01/04 14:13:01 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2008/07/17 10:48:15 | 000,000,000 | ---D | M] -- C:\ProgramData\IsolatedStorage
[2010/10/02 05:44:36 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2009/07/20 13:52:58 | 000,000,000 | ---D | M] -- C:\ProgramData\SlySoft
[2009/09/05 13:28:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/07/09 10:31:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/07/09 10:37:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2008/07/09 10:35:24 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2009/02/27 09:47:40 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2007/05/31 09:40:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2007/05/31 09:25:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Vista64
[2008/07/09 10:31:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/01/31 13:28:45 | 000,000,000 | ---D | M] -- C:\ProgramData\vsosdk
[2007/05/31 09:25:52 | 000,000,000 | ---D | M] -- C:\ProgramData\XP
[2010/04/12 16:13:55 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/02/27 09:46:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/09/14 16:28:32 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/19 06:44:13 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/18 13:03:48 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

markusg · 18.04.2011, 20:23

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:

ATTFilter

:OTL
O20 - HKU\J_ON_C Winlogon: Shell - (C:\Program Files\Mozilla Firefox\null0.42707417480409227.exe) - C:\Program Files\Mozilla Firefox\null0.42707417480409227.exe
(Wxpekwgc Nfnsy)
:Files
C:\Program Files\Mozilla Firefox\null0.42707417480409227.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
das archiv nach anleitung hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html

wernat · 18.04.2011, 20:38

"wie es bereits in meinem post zu OTLPENet.exe beschrieben ist."

äh, finde ich gerade nichtr, bin schon vollkommen konfus. was muss ich anhaken?

markusg · 18.04.2011, 20:41

einfach wie dus beim ersten otl scan gemacht hast.

wernat · 18.04.2011, 21:15

Danke für die tolle und schnelle Hilfe! Hat zwar etwas gedauert bis ich alles gerafft habe, aber das ist meinem Alter geschuldet. Ich werde eine Spende überweisen!
Gruss
Werner

Hoffentlich habe ich beim Upload nun auch noch alles richtig gemacht.

markusg · 19.04.2011, 10:35

wir sind nocht nicht ganz durch.
außerdem hast du doch alles sehr schnell hinbekommen.
danke für die spende!

download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

wernat · 19.04.2011, 17:25

Hier die Logdatei:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6399

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18783

20.04.2011 18:15:17
mbam-log-2011-04-20 (18-15-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 319536
Laufzeit: 1 Stunde(n), 28 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\J\downloads\Clocd\CloneCD\clonecd 5.3.0.1\Slysoft.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\04182011_223802\c_program files\mozilla firefox\null0.42707417480409227.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

Nochmals herzlichen Dank!!!
Werner

markusg · 19.04.2011, 18:10

lade den CCleaner slim:
Piriform - Builds
falls der CCleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

wernat · 19.04.2011, 20:04

Jetzt muss ich aber doch mal fragen, warum das sein muss?
Gruss
Werner

markusg · 19.04.2011, 20:06

1. jedes alte programm bietet viele lücken die angreifer nutzen können dich zu infizieren, diese müssen wir schließen.
2. programme die du unnötiger weise drauf hast, könnten auch lücken bieten für angreifer, diese können wir beseitigen durch löschung.

wernat · 19.04.2011, 20:13

Verstehe. Die Liste ist enorm, das schaffe ich heute nicht mehr. Bin fertig von Arbeit und Sport. Melde mich morgen wieder.

18.04.2011, 19:46	#2
markusg /// Malware-holic	Erneut Bundespolizeitrojaner wähle mal bei my computer c: und dann windows __________________ __________________

18.04.2011, 20:05	#4
markusg /// Malware-holic	Erneut Bundespolizeitrojaner na sicher. heute bin ich aber nicht mehr lange online. ich hätte gern OTL.TXT __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

18.04.2011, 20:41	#8
markusg /// Malware-holic	Erneut Bundespolizeitrojaner einfach wie dus beim ersten otl scan gemacht hast. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Erneut Bundespolizeitrojaner

Plagegeister aller Art und deren Bekämpfung: Erneut Bundespolizeitrojaner