| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: OTLPE und bundespolizeitrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.04.2011, 21:08
| #1 |
 |  OTLPE und bundespolizeitrojaner Hallo, mein Name ist Thomas, 50 J. verfolge schon länger dieses Board und habe mir manchen Tipp hier geholt... wollte ich auch heute, da ich diesen o.g. Trojaner drauf habe. dank "markusg" habe ich auch OTLPE geöffnet, bekomme dann aber das Fenster "Browse for Folder" und somit nicht weiter. Kann mir jemand helfen? Danke dreifachpost doppelpost hallo, verfolge auch den anderen threat, bei mir kommt nach "Windows" aber kein notify.log, rkill.log und OTL.TXT. wo find ich das ? danke! Hallo, sorry, ich weiß dass doppel- und dreifachfachposts kein guter Einstieg in ein Forum sind... hatte den Beitrag auf meinem alten Rechner geschrieben der sich beim posten jedesmal scheinbar aufgehangen hatte.Sehe anschließend im Board 3x den gleichen Beitrag....... kann mir trotzdem jemand helfen?? Danke |
|
19.04.2011, 10:23
| #2 |
| /// Malware-holic   | OTLPE und bundespolizeitrojaner wähle mal dort den windows ordner aus.
__________________dann logs posten.
__________________ |
|
19.04.2011, 16:14
| #3 |
| | OTLPE und bundespolizeitrojaner ich krieg's einfach nicht hochgeladen....
__________________kannst du damit etwas anfangen???? dankeOTL Logfile: Code:
ATTFilter OTL logfile created on: 4/19/2011 5:13:17 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.07 Gb Total Space | 181.79 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
Drive E: | 20.00 Gb Total Space | 8.84 Gb Free Space | 44.18% Space Free | Partition Type: FAT32
Drive F: | 1.90 Gb Total Space | 1.90 Gb Free Space | 100.00% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2011/03/31 05:59:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/18 11:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/15 11:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/11/26 19:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/15 11:03:55 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/29 11:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/06/05 08:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/11/17 08:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001/11/12 09:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (vsdatant7)
DRV - File not found [Kernel | On_Demand] -- -- (Trufos)
DRV - File not found [Kernel | On_Demand] -- -- (Profos)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/03/31 05:59:33 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/15 11:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/11/22 11:32:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/06 15:46:14 | 000,007,551 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\U3sHlpDr.sys -- (U3sHlpDr)
DRV - [2010/05/15 10:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 02:32:55 | 000,226,280 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/04 14:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 17:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 20:17:24 | 000,133,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/25 00:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007/07/31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006/11/17 06:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Claudia_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Claudia_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\Claudia_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Thomas_ON_C\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\Thomas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Thomas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/04/18 14:42:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/09 07:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/09 07:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/04/16 05:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011/04/18 14:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/18 06:51:32 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Program Files\Mozilla Firefox\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/07/18 06:51:35 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Program Files\Mozilla Firefox\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010/12/28 13:19:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/07/18 06:51:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Program Files\Mozilla Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/07/18 06:51:31 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Program Files\Mozilla Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/07/18 06:51:33 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Program Files\Mozilla Firefox\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] ("COMPUTER BILD Fox Config Helper") -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] ("Metaswitcher") -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\chrome
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\defaults
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\chrome
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\defaults
[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/09 07:34:24 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/04/09 07:34:24 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/04/09 07:34:24 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/04/09 07:34:24 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/04/09 07:34:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKU\Thomas_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Thomas_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ALDI_SUED_FotoSuite_Download] C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Thomas_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Thomas_ON_C Winlogon: Shell - (C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe) - C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe (Wxpekwgc Nfnsy)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/18 14:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011/04/18 14:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2011/04/18 14:53:39 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\InstallShield Installation Information
[2011/04/18 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/04/18 14:21:44 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Avira
[2011/04/18 14:21:41 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2011/04/18 14:21:41 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2011/04/18 14:02:55 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sparbuch
[2011/04/18 14:01:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl
[2011/04/18 14:01:12 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl Data Service
[2011/04/18 11:16:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes
[2011/04/18 11:01:32 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/16 06:03:35 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/16 06:03:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/16 06:03:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/16 06:03:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/16 06:03:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/16 06:03:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/16 06:03:24 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/16 06:03:24 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/16 06:03:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/16 06:03:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/16 06:03:23 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/16 06:03:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/16 06:03:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/16 06:03:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/16 06:03:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/16 06:03:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/16 06:03:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/16 06:03:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/16 06:03:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/16 06:03:11 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/16 06:03:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/16 06:03:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/16 06:03:01 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/16 06:02:56 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/16 06:02:56 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/15 12:47:57 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sony PMB
[2011/04/15 12:19:55 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon(1388).dll
[2011/04/15 12:19:54 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil(1355).dll
[2011/04/15 12:19:54 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet(1395).dll
[2011/04/15 12:19:46 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi(1338).dll
[2011/04/15 12:19:46 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr(1340).dll
[2011/04/13 12:12:32 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/04/13 12:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011/04/13 12:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\myphotobook.de
[2011/04/13 12:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/08 14:40:20 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Sony Corporation
[2011/04/08 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2011/04/08 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011/04/04 11:48:37 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\Documents\CyberLink
[2011/03/31 06:06:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/31 06:06:51 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/31 06:06:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/31 06:06:45 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/31 06:06:44 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/31 06:06:44 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/19 09:58:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/19 09:58:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 09:58:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 09:57:57 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 09:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/04/19 09:30:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/19 09:30:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/19 09:30:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/19 09:30:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/19 09:27:51 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/19 09:27:51 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011/04/19 09:18:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 14:22:14 | 000,421,441 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Claudia\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Administrator\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/04/18 14:21:57 | 000,011,954 | ---- | M] () -- C:\Windows\System32\vsconfig.xml
[2011/04/18 12:54:03 | 000,000,604 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/18 12:17:38 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011/04/18 12:16:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/18 12:03:32 | 000,164,314 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011/04/16 12:29:18 | 000,037,888 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/16 10:22:17 | 000,364,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 06:27:54 | 000,011,100 | ---- | M] () -- C:\Users\Thomas\Documents\hijackthis 2
[2011/04/13 12:12:17 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\myphotobook.de.lnk
[2011/04/13 12:12:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011/04/01 13:46:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/03/31 11:13:06 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/31 06:14:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/03/31 06:12:55 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/31 06:12:55 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/31 05:59:33 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/18 14:21:58 | 000,000,875 | ---- | C] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011/04/18 13:59:39 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/18 12:03:29 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011/04/16 13:38:29 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011/04/16 06:27:54 | 000,011,100 | ---- | C] () -- C:\Users\Thomas\Documents\hijackthis 2
[2011/04/13 12:12:17 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\myphotobook.de.lnk
[2010/07/06 15:46:14 | 000,007,551 | ---- | C] () -- C:\Windows\System32\drivers\U3sHlpDr.sys
[2010/04/17 12:39:49 | 000,000,680 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2010/04/11 08:02:46 | 000,164,314 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/04/11 08:02:33 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/04/09 11:17:26 | 000,000,042 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\default.pls
[2010/04/02 06:14:56 | 000,003,584 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 09:52:44 | 000,000,645 | ---- | C] () -- C:\Windows\wiso.ini
[2009/09/11 07:51:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 07:51:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 07:50:53 | 000,226,280 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2009/08/03 11:36:13 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/08/03 11:35:53 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/04/13 09:52:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/13 09:52:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/09 10:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/09 06:50:27 | 000,037,888 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 11:20:30 | 000,000,394 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\wklnhst.dat
[2008/12/17 23:38:08 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008/12/17 23:36:10 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008/12/15 02:53:24 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/12/09 07:15:52 | 000,009,336 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2008/12/09 05:34:45 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2008/12/08 18:26:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/12/08 18:26:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/12/08 18:26:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/12/08 18:26:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/12/08 12:21:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 08:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,364,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
========== LOP Check ==========
[2010/09/12 10:20:56 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\CheckPoint
[2011/04/08 14:39:29 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011/04/18 14:53:41 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011/01/27 13:56:06 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org
[2011/04/08 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2010/12/29 05:39:24 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird
[2010/01/22 09:52:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Buhl Data Service
[2010/08/12 09:40:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\CheckPoint
[2011/04/13 12:12:32 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/02/22 11:28:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\elsterformular
[2011/02/21 12:15:26 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Image Zone Express
[2011/01/01 12:52:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2010/04/11 08:30:15 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Printer Info Cache
[2009/04/08 11:21:00 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Template
[2011/04/16 05:44:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2011/04/19 09:58:36 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/19 09:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/04/19 09:27:51 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Thomas-Startup.job
========== Purity Check ==========
< End of report >
|
|
19.04.2011, 16:14
| #4 |
| | OTLPE und bundespolizeitrojaner ich krieg's einfach nicht hochgeladen.... kannst du damit etwas anfangen???? danke OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/19/2011 5:13:17 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.07 Gb Total Space | 181.79 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
Drive E: | 20.00 Gb Total Space | 8.84 Gb Free Space | 44.18% Space Free | Partition Type: FAT32
Drive F: | 1.90 Gb Total Space | 1.90 Gb Free Space | 100.00% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2011/03/31 05:59:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/18 11:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/15 11:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/11/26 19:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/15 11:03:55 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/29 11:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/06/05 08:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/11/17 08:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001/11/12 09:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (vsdatant7)
DRV - File not found [Kernel | On_Demand] -- -- (Trufos)
DRV - File not found [Kernel | On_Demand] -- -- (Profos)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/03/31 05:59:33 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/15 11:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/11/22 11:32:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/06 15:46:14 | 000,007,551 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\U3sHlpDr.sys -- (U3sHlpDr)
DRV - [2010/05/15 10:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 02:32:55 | 000,226,280 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/04 14:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 17:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 20:17:24 | 000,133,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/25 00:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007/07/31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006/11/17 06:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Claudia_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Claudia_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\Claudia_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Thomas_ON_C\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\Thomas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Thomas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/04/18 14:42:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/09 07:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/09 07:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/04/16 05:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011/04/18 14:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/18 06:51:32 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Program Files\Mozilla Firefox\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/07/18 06:51:35 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Program Files\Mozilla Firefox\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010/12/28 13:19:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/07/18 06:51:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Program Files\Mozilla Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/07/18 06:51:31 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Program Files\Mozilla Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/07/18 06:51:33 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Program Files\Mozilla Firefox\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] ("COMPUTER BILD Fox Config Helper") -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] ("Metaswitcher") -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\chrome
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\defaults
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\chrome
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\defaults
[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/09 07:34:24 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/04/09 07:34:24 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/04/09 07:34:24 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/04/09 07:34:24 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/04/09 07:34:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKU\Thomas_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Thomas_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ALDI_SUED_FotoSuite_Download] C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Thomas_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Thomas_ON_C Winlogon: Shell - (C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe) - C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe (Wxpekwgc Nfnsy)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/18 14:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011/04/18 14:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2011/04/18 14:53:39 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\InstallShield Installation Information
[2011/04/18 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/04/18 14:21:44 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Avira
[2011/04/18 14:21:41 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2011/04/18 14:21:41 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2011/04/18 14:02:55 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sparbuch
[2011/04/18 14:01:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl
[2011/04/18 14:01:12 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl Data Service
[2011/04/18 11:16:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes
[2011/04/18 11:01:32 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/16 06:03:35 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/16 06:03:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/16 06:03:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/16 06:03:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/16 06:03:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/16 06:03:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/16 06:03:24 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/16 06:03:24 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/16 06:03:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/16 06:03:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/16 06:03:23 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/16 06:03:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/16 06:03:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/16 06:03:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/16 06:03:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/16 06:03:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/16 06:03:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/16 06:03:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/16 06:03:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/16 06:03:11 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/16 06:03:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/16 06:03:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/16 06:03:01 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/16 06:02:56 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/16 06:02:56 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/15 12:47:57 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sony PMB
[2011/04/15 12:19:55 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon(1388).dll
[2011/04/15 12:19:54 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil(1355).dll
[2011/04/15 12:19:54 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet(1395).dll
[2011/04/15 12:19:46 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi(1338).dll
[2011/04/15 12:19:46 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr(1340).dll
[2011/04/13 12:12:32 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/04/13 12:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011/04/13 12:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\myphotobook.de
[2011/04/13 12:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/08 14:40:20 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Sony Corporation
[2011/04/08 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2011/04/08 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011/04/04 11:48:37 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\Documents\CyberLink
[2011/03/31 06:06:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/31 06:06:51 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/31 06:06:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/31 06:06:45 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/31 06:06:44 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/31 06:06:44 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/19 09:58:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/19 09:58:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 09:58:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 09:57:57 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 09:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/04/19 09:30:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/19 09:30:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/19 09:30:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/19 09:30:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/19 09:27:51 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/19 09:27:51 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011/04/19 09:18:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 14:22:14 | 000,421,441 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Claudia\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Administrator\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/04/18 14:21:57 | 000,011,954 | ---- | M] () -- C:\Windows\System32\vsconfig.xml
[2011/04/18 12:54:03 | 000,000,604 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/18 12:17:38 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011/04/18 12:16:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/18 12:03:32 | 000,164,314 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011/04/16 12:29:18 | 000,037,888 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/16 10:22:17 | 000,364,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 06:27:54 | 000,011,100 | ---- | M] () -- C:\Users\Thomas\Documents\hijackthis 2
[2011/04/13 12:12:17 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\myphotobook.de.lnk
[2011/04/13 12:12:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011/04/01 13:46:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/03/31 11:13:06 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/31 06:14:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/03/31 06:12:55 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/31 06:12:55 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/31 05:59:33 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/18 14:21:58 | 000,000,875 | ---- | C] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011/04/18 13:59:39 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/18 12:03:29 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011/04/16 13:38:29 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011/04/16 06:27:54 | 000,011,100 | ---- | C] () -- C:\Users\Thomas\Documents\hijackthis 2
[2011/04/13 12:12:17 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\myphotobook.de.lnk
[2010/07/06 15:46:14 | 000,007,551 | ---- | C] () -- C:\Windows\System32\drivers\U3sHlpDr.sys
[2010/04/17 12:39:49 | 000,000,680 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2010/04/11 08:02:46 | 000,164,314 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/04/11 08:02:33 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/04/09 11:17:26 | 000,000,042 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\default.pls
[2010/04/02 06:14:56 | 000,003,584 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 09:52:44 | 000,000,645 | ---- | C] () -- C:\Windows\wiso.ini
[2009/09/11 07:51:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 07:51:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 07:50:53 | 000,226,280 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2009/08/03 11:36:13 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/08/03 11:35:53 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/04/13 09:52:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/13 09:52:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/09 10:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/09 06:50:27 | 000,037,888 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 11:20:30 | 000,000,394 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\wklnhst.dat
[2008/12/17 23:38:08 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008/12/17 23:36:10 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008/12/15 02:53:24 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/12/09 07:15:52 | 000,009,336 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2008/12/09 05:34:45 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2008/12/08 18:26:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/12/08 18:26:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/12/08 18:26:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/12/08 18:26:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/12/08 12:21:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 08:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,364,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
========== LOP Check ==========
[2010/09/12 10:20:56 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\CheckPoint
[2011/04/08 14:39:29 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011/04/18 14:53:41 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011/01/27 13:56:06 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org
[2011/04/08 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2010/12/29 05:39:24 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird
[2010/01/22 09:52:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Buhl Data Service
[2010/08/12 09:40:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\CheckPoint
[2011/04/13 12:12:32 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/02/22 11:28:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\elsterformular
[2011/02/21 12:15:26 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Image Zone Express
[2011/01/01 12:52:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2010/04/11 08:30:15 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Printer Info Cache
[2009/04/08 11:21:00 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Template
[2011/04/16 05:44:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2011/04/19 09:58:36 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/19 09:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/04/19 09:27:51 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Thomas-Startup.job
========== Purity Check ==========
< End of report >
|
|
19.04.2011, 16:26
| #5 |
| /// Malware-holic | OTLPE und bundespolizeitrojaner auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O20 - HKU\Thomas_ON_C Winlogon: Shell - (C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe) - C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe (Wxpekwgc Nfnsy)
:Files
C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. das archiv nach anleitung hochladen: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.04.2011, 17:24
| #6 |
| /// Malware-holic | OTLPE und bundespolizeitrojaner ich wollte nicht die otl.txt lies bitte was da eindeutig steht.
__________________ --> OTLPE und bundespolizeitrojaner |
|
19.04.2011, 17:53
| #7 |
| | OTLPE und bundespolizeitrojaner hallo markusg, erstmal vielen dank für Deine Hilfe und Deine Geduld! Bin jetzt wieder auf meinem Account, doch so ganz ist das Thema, glaube ich noch nicht erledigt.... nach dem fixen wurde ich gefragt ob der PC neu gestartet werden soll, was ich bestätigte. das Programm blieb jedoch offen (keine Rückmeldung), ich schloss es manuell. Beim Neustart kam ich sofort wieder auf meinen Account, aber die otl.txt Seite öffnete sich nicht. Auch die _OTL kann ich unter C nicht finden, nur die Anwendung ist da eingetragen. größeres Problem??? Gruß Thomas |
|
19.04.2011, 18:08
| #8 |
| /// Malware-holic | OTLPE und bundespolizeitrojaner bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.04.2011, 18:26
| #9 |
| | OTLPE und bundespolizeitrojaner dauert wohl noch etwas...... dafür ist 'ne kleine Spende auf dem Weg ;-)) Geändert von welsch01 (19.04.2011 um 18:30 Uhr) Grund: Dank |
|
19.04.2011, 18:44
| #10 |
| /// Malware-holic | OTLPE und bundespolizeitrojaner danke. bitte unterlasse aber solche posts wie "dauert aber" das sparrt dir zeit, und ich muss nicht extra hier rein schauen :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.04.2011, 18:52
| #11 |
| | OTLPE und bundespolizeitrojaner so, jetzt komm ich aber in kein programm mehr rein!!?? es erscheint ei Fenster :Z.B C:/ProgrammFiles/Mozilla Firefox/firefox.exe Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen,der zum Löschen markiert wurde. Hiiilfe,das bei jedem Program!!! |
|
19.04.2011, 18:57
| #12 |
| /// Malware-holic | OTLPE und bundespolizeitrojaner neustarten dann gehts
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.04.2011, 18:58
| #13 |
| | OTLPE und bundespolizeitrojaner sorry, war ja nicht bös gemeint... jetz hab ich aber ein richtiges Problem: kann gar kein Programm mehr starten, immer erscheint die Meldung: Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde. Hiiilfe |
|
19.04.2011, 19:05
| #14 |
| | OTLPE und bundespolizeitrojaner war mal wieder zu ungeduldig... hier das combo log Combofix Logfile: Code:
ATTFilter ComboFix 11-04-19.01 - Thomas 20.04.2011 0:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2064 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-19 bis 2011-04-19 ))))))))))))))))))))))))))))))
.
.
2011-04-20 03:31 . 2011-03-06 22:12 2234368 ----a-r- C:\OTLPE.exe
2011-04-20 03:29 . 2011-04-20 03:29 -------- d-----w- C:\_OTL
2011-04-19 22:32 . 2011-04-19 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-19 22:32 . 2011-04-19 22:32 -------- d-----w- c:\users\Claudia\AppData\Local\temp
2011-04-19 22:32 . 2011-04-19 22:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-04-19 22:16 . 2011-04-19 22:17 -------- d-----w- C:\32788R22FWJFW
2011-04-18 18:53 . 2011-04-18 18:53 -------- d-----w- c:\users\Claudia\AppData\Roaming\LSoft Technologies
2011-04-18 18:53 . 2011-04-18 18:53 -------- d-----w- c:\users\Claudia\AppData\Roaming\InstallShield Installation Information
2011-04-18 18:21 . 2011-04-18 18:21 -------- d-----w- c:\users\Claudia\AppData\Roaming\Avira
2011-04-18 18:21 . 2011-02-18 15:28 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-04-18 18:21 . 2011-02-18 15:28 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-04-18 18:01 . 2011-04-18 18:02 -------- d-----w- c:\users\Claudia\AppData\Local\Buhl
2011-04-18 18:01 . 2011-04-18 18:01 -------- d-----w- c:\users\Claudia\AppData\Local\Buhl Data Service
2011-04-18 15:16 . 2011-04-18 15:16 -------- d-----w- c:\users\Claudia\AppData\Roaming\Malwarebytes
2011-04-18 15:01 . 2011-04-18 15:01 -------- d-----w- c:\windows\Sun
2011-04-16 10:02 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-16 10:02 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-16 10:00 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-15 16:19 . 2011-02-22 06:21 1210880 ----a-w- c:\windows\system32\urlmon(1388).dll
2011-04-15 16:19 . 2011-02-22 06:21 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-15 16:19 . 2011-02-22 06:21 916480 ----a-w- c:\windows\system32\wininet(1395).dll
2011-04-15 16:19 . 2011-02-22 06:16 1991680 ----a-w- c:\windows\system32\iertutil(1355).dll
2011-04-15 16:19 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 16:19 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr(1340).dll
2011-04-15 16:19 . 2011-03-02 15:44 168448 ----a-w- c:\windows\system32\dnsapi(1338).dll
2011-04-13 16:12 . 2011-04-13 16:12 -------- d--h--w- c:\users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2011-04-13 16:11 . 2011-04-13 16:11 -------- d-----w- c:\program files\myphotobook.de
2011-04-13 16:11 . 2011-04-13 16:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-04-08 18:40 . 2011-04-08 18:40 -------- d-----w- c:\users\Claudia\AppData\Roaming\Sony Corporation
2011-04-08 18:39 . 2011-04-08 18:39 -------- d-----w- c:\users\Claudia\AppData\Roaming\Image Zone Express
2011-04-08 18:39 . 2011-04-08 18:39 -------- d-----w- c:\users\Claudia\AppData\Roaming\Printer Info Cache
2011-03-31 10:06 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-31 10:06 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-31 10:06 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-31 10:06 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-31 10:06 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-31 10:06 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-31 10:06 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-31 10:06 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-31 10:06 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 09:59 . 2009-04-10 23:17 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-18 15:28 . 2010-08-12 13:39 46592 ----a-w- c:\windows\system32\vsutil_loc0407.dll
2011-02-18 15:28 . 2010-08-12 13:38 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-02-02 16:11 . 2009-10-09 11:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 16:13 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 16:13 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 16:13 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 16:13 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 16:13 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 16:13 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-09 16:13 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 16:13 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 16:13 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 16:13 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 16:13 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 16:13 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 16:13 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 16:13 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 16:13 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 16:13 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 16:13 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 16:13 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 16:13 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 16:13 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 16:13 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 16:13 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 16:13 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 16:13 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 16:13 683008 ----a-w- c:\windows\system32\d2d1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2010-05-09 09:50 2517088 ----a-w- c:\program files\ZoneAlarm-Sicherheit\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1111336]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdatePDRShortCut"="c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"BsMnt"="c:\program files\BisonCam\BsMnt.exe" [2008-11-03 217088]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-10-14 20480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-15 281768]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"ALDI_SUED_FotoSuite_Download"="c:\program files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" [2008-11-13 1257472]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-21 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-21 92704]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2011\mshaktuell.exe [2011-1-27 1224304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-15 135336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 488952]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 resetWinService;Reset Reader;c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [2008-10-29 70656]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-05-19 380416]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-25 45600]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 14:01]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 14:01]
.
2011-04-19 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-04-16 04:43]
.
2011-04-19 c:\windows\Tasks\WebReg Officejet 5600 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 19:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ler29hml.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - Nachrichten - Service - Shopping bei t-online.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{488cc790-b879-4329-b57c-2f4ad6c146e6}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6998b588-4bdb-4d44-9e40-8c46d677b31b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:100015af
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c739a3c4-8d8c-43a1-b681-730324ca0703}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ced3874c-5ea8-4050-9d42-9731b9564d21}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a001f16
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d60f1b53-5c1f-49c8-b316-3b5b617e80c5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1a000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(3160)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-20 00:43:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-19 22:43
.
Vor Suchlauf: 9 Verzeichnis(se), 200.534.413.312 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 200.125.399.040 Bytes frei
.
- - End Of File - - 4C5AD0CF2B4F90E906A1CE72EABDF941
|
|
19.04.2011, 19:28
| #15 |
| /// Malware-holic | OTLPE und bundespolizeitrojaner und schau mal was meine müden augen sehen: C:\_OTL das was ich haben wollte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu OTLPE und bundespolizeitrojaner |
| aufgehangen, board, bundespolizei, bundespolizeitrojaner, fenster, folder, heute, länger, markusg, otlpe, thomas, troja, trojaner |
Linear-Darstellung
