|
Log-Analyse und Auswertung: Problem mit "BKA-Virus"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.04.2011, 15:12 | #1 |
| Problem mit "BKA-Virus" Hallo, habe mir ebenfalls den BKA-Virus eingefangen und hoffe hier auf eure Hilfe.. habe bereits die Logfiles mit OTLpe erstellt. Mit freundlichen Grüßen Marc OTL logfile created on: 4/29/2011 9:01:32 PM - Run OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3, v.3264 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 6.0.2900.3264) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 94.76 Gb Total Space | 31.88 Gb Free Space | 33.64% Space Free | Partition Type: NTFS Drive D: | 69.30 Gb Total Space | 21.20 Gb Free Space | 30.60% Space Free | Partition Type: NTFS Drive E: | 68.83 Gb Total Space | 4.46 Gb Free Space | 6.49% Space Free | Partition Type: NTFS Drive F: | 7.47 Gb Total Space | 7.41 Gb Free Space | 99.19% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2011/04/02 15:41:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/01/28 12:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2010/08/02 11:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/04/30 01:52:54 | 003,795,560 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service) SRV - [2009/03/31 03:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008/04/07 03:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2005/11/13 20:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004/11/09 15:18:42 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [Auto] -- C:\Programme\TuneUpUtilities2004\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc) SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (SetupNTGLM7X) DRV - File not found [Kernel | On_Demand] -- -- (RT2500USB) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (NTACCESS) DRV - File not found [Kernel | On_Demand] -- -- (MSICPL) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2011/04/02 15:41:28 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/11/23 14:49:23 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/06/21 18:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2010/06/17 10:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/06/10 10:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009/03/31 03:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009/03/20 04:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009/03/20 04:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009/03/20 04:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2007/09/17 09:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/04/10 07:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/03/16 05:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007/03/16 05:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2007/03/06 00:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007/03/06 00:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007/01/23 09:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2006/09/18 10:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2006/09/18 10:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2006/09/18 10:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2006/09/18 10:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2006/09/18 10:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2006/09/18 10:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2006/09/18 10:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2006/09/05 15:00:54 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58obex.sys -- (se58obex) DRV - [2006/09/05 15:00:06 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58mgmt.sys -- (se58mgmt) Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM) DRV - [2006/09/05 14:59:18 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58mdm.sys -- (se58mdm) DRV - [2006/09/05 14:59:14 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58mdfl.sys -- (se58mdfl) DRV - [2006/09/05 14:58:26 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM) DRV - [2006/09/05 14:57:54 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58nd5.sys -- (se58nd5) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS) DRV - [2006/09/05 14:57:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58unic.sys -- (se58unic) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM) DRV - [2006/03/13 13:52:32 | 000,085,664 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex) DRV - [2006/03/13 13:52:30 | 000,087,792 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt) DRV - [2006/03/13 13:52:24 | 000,096,224 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm) DRV - [2006/03/13 13:52:22 | 000,009,264 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl) DRV - [2006/03/13 13:52:16 | 000,060,768 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM) DRV - [2006/03/13 13:35:28 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex) DRV - [2006/03/13 13:35:26 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2006/03/13 13:35:20 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm) DRV - [2006/03/13 13:35:18 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2006/03/13 13:35:12 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2006/02/20 13:59:36 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex) DRV - [2006/02/20 13:59:34 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm) DRV - [2006/02/20 13:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) DRV - [2006/02/20 13:59:32 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl) DRV - [2006/02/20 13:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM) DRV - [2005/12/01 05:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drhard.sys -- (drhard) DRV - [2005/08/24 09:55:48 | 000,066,560 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2004/08/23 08:20:06 | 000,158,720 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus) DRV - [2004/08/11 12:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004/08/09 07:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004/08/09 07:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2004/07/19 10:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1) DRV - [2004/04/30 04:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi) DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2002/09/16 12:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [2000/09/18 06:00:00 | 000,160,073 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\AV, = hxxp://www.altavista.com/sites/search/web?q=%s IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\FM, = hxxp://www.filemirrors.com/search.src?file=%s IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\GGL, = hxxp://www.google.com/search?q=%s IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\MSKB, = hxxp://support.microsoft.com/?kbid=%s IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\MSN, = hxxp://search.msn.com/results.asp?q=%s IE - HKU\S.Marc_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S.Marc_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S.Marc_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/04/03 10:46:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/04/03 10:46:30 | 000,000,000 | ---D | M] [2008/08/22 08:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\mozilla\Extensions [2011/04/25 05:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\mozilla\Firefox\Profiles\hiao3qeh.default\extensions [2009/09/24 14:50:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\mozilla\Firefox\Profiles\hiao3qeh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2008/08/25 20:41:39 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\mozilla\Firefox\Profiles\hiao3qeh.default\extensions\NPDyyno@dyyno.com [2011/04/24 16:25:34 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Mozilla\Firefox\Profiles\hiao3qeh.default\searchplugins\icqplugin.xml [2011/04/25 05:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011/02/23 17:12:30 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM [2009/11/03 13:16:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/02/23 17:12:30 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF [2010/12/03 14:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/12/03 14:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010/12/03 14:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/12/03 14:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/12/03 14:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001/08/18 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ViewerHelper Class) - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe () O4 - HKU\S.Marc_ON_C..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S.Marc_ON_C..\Run: [GAINWARD] C:\Programme\EXPERTool\TBPanel.exe (Gainward Co.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S.Marc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data] O7 - HKU\S.Marc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O9 - Extra 'Tools' menuitem : @C:\Programme\Microsoft\Rights Management Add-on\rma_resource.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation) O9 - Extra Button: @C:\Programme\Microsoft\Rights Management Add-on\rma_resource.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Programme\Microsoft\Rights Management Add-on\rma_resource.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\rmh {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/msword {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation) O18 - Protocol\Filter\application/vnd.ms-excel {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation) O18 - Protocol\Filter\application/vnd.ms-powerpoint {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation) O18 - Protocol\Filter\application/vnd-viewer {CD4527E8-4FC7-48DB-9806-10537B501237} - C:\Programme\Microsoft\Rights Management Add-on\rmadoc.exe (Microsoft Corporation) O18 - Protocol\Filter\application/x-microsoft-rpmsg-message {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\DOKUME~1\SFDDA~1.MAR\LOKALE~1\Temp\0.47524972723101433.exe) - C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Temp\0.47524972723101433.exe () O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/03/15 17:07:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{c613df13-12c5-11dd-b902-001d60af2e6d}\Shell\AutoRun\command - "" = J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe O33 - MountPoints2\{f375968c-027e-11dd-b8c9-001d60af2e6d}\Shell\AutoRun\command - "" = J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/11 11:03:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\OvtCam [2011/04/11 11:02:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S.Marc\Startmenü\Programme\USB Camera Manager [2011/04/11 11:02:43 | 000,160,073 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\drivers\omcamvid.sys [2011/04/11 11:02:43 | 000,135,168 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\omcamcap.exe [2011/04/11 11:02:43 | 000,073,728 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\omcamdib.dll [2011/04/11 11:02:43 | 000,053,248 | ---- | C] (OmniVision Technologies Inc.) -- C:\WINDOWS\System32\omcamext.dll [2011/04/11 11:02:43 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\omniuns.exe [2011/04/11 11:02:43 | 000,038,925 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\Omcamext.ax [2011/04/11 11:02:43 | 000,025,390 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\ovtcamd.sys [2011/04/11 11:02:43 | 000,022,278 | ---- | C] (OmniVision Technologies) -- C:\WINDOWS\System32\OmCamUSD.dll [2011/04/11 11:02:15 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System\Omniuns.exe [2011/04/11 11:01:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll [2011/04/11 11:01:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll [2011/04/11 10:57:35 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSPROXY.AX [2011/04/11 10:57:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSUSER.DLL [2011/04/11 10:57:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSVPINTF.AX [2011/04/11 10:57:35 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSCLOCKF.AX [2011/04/11 10:57:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSINTERF.AX [2011/04/11 10:57:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSDATA.AX [2011/04/11 10:57:34 | 000,260,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSH263.DRV [2011/04/11 10:57:34 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSTVTUNE.AX [2011/04/11 10:57:34 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VFWWDM32.DLL [2011/04/11 10:57:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSXBAR.AX [2011/04/11 10:57:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSWDMCAP.AX [2011/04/11 10:57:34 | 000,015,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VFWWDM.DRV [2011/04/11 10:57:32 | 000,135,168 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\OMCAMCAP.EXE [2011/04/11 10:57:32 | 000,073,728 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\OMCAMDIB.DLL [2011/04/11 10:57:32 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\Omniuns.exe [2011/04/11 10:57:17 | 000,000,000 | ---D | C] -- C:\Treiber [2011/04/11 10:45:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\LogiShrd [2011/04/03 07:50:00 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys [2008/03/20 16:00:25 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys [2008/03/20 16:00:25 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/29 07:51:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/04/29 07:50:39 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/04/29 07:50:10 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011/04/28 17:01:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/04/25 13:41:11 | 001,301,822 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011/04/25 13:41:11 | 001,187,558 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/04/25 13:41:11 | 000,381,258 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011/04/25 13:41:11 | 000,357,906 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/04/25 09:30:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/04/24 07:23:26 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2011/04/21 09:16:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight [2011/04/11 11:03:21 | 000,000,056 | ---- | M] () -- C:\WINDOWS\setup.ini [2011/04/11 10:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Logitech [2011/04/08 09:26:25 | 000,147,968 | ---- | M] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/02 15:41:28 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/11 11:03:21 | 000,000,056 | ---- | C] () -- C:\WINDOWS\setup.ini [2011/01/05 14:36:51 | 000,235,352 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011/01/05 14:36:49 | 000,235,352 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011/01/05 14:36:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010/08/27 20:09:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI [2010/08/24 14:03:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010/08/24 14:03:53 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010/08/24 14:03:41 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\$_hpcst$.hpc [2010/08/16 04:09:59 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010/08/16 04:09:59 | 000,007,764 | ---- | C] () -- C:\WINDOWS\cadx2.ini [2010/05/01 19:16:40 | 000,000,045 | ---- | C] () -- C:\WINDOWS\tkkg_6.ini [2010/05/01 19:16:31 | 000,182,528 | ---- | C] () -- C:\WINDOWS\PI.EXE [2010/05/01 14:52:55 | 000,000,049 | ---- | C] () -- C:\WINDOWS\Tkkg_8.ini [2009/12/29 15:17:49 | 000,124,680 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2009/12/27 07:51:33 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini [2009/11/10 00:59:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/11/02 14:29:08 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009/05/06 09:49:13 | 000,005,486 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\.recently-used.xbel [2008/12/22 20:11:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2008/08/23 10:01:07 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe [2008/08/23 10:01:07 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifype.exe [2008/08/23 09:51:05 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\uharc.exe [2008/08/22 08:46:20 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2008/05/17 12:52:33 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008/05/17 12:52:28 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2008/05/17 03:34:00 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008/05/15 20:29:27 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2008/05/14 15:58:13 | 000,000,925 | ---- | C] () -- C:\WINDOWS\eReg.dat [2008/05/09 18:48:37 | 000,002,138 | ---- | C] () -- C:\WINDOWS\blueklik.ini [2008/04/18 19:26:53 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI [2008/03/20 16:08:03 | 000,000,144 | ---- | C] () -- C:\WINDOWS\winamp.ini [2008/03/20 15:54:01 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini [2008/03/17 16:20:05 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2008/03/17 10:20:46 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2008/03/16 14:17:35 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2008/03/16 14:14:36 | 000,001,424 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008/03/16 12:24:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/03/16 12:01:35 | 000,147,968 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/03/15 23:56:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/03/15 23:55:54 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/03/15 19:19:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008/03/15 19:01:12 | 000,000,851 | ---- | C] () -- C:\WINDOWS\QIII.INI [2008/03/15 18:00:52 | 000,061,440 | ---- | C] () -- C:\WINDOWS\deluser.exe [2008/03/15 17:55:45 | 000,000,477 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/03/15 17:47:30 | 000,013,249 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2008/03/15 17:43:54 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2008/03/15 17:40:38 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/03/15 17:39:23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2008/03/15 17:39:22 | 000,012,997 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2008/03/15 17:39:17 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008/03/15 17:21:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini [2008/03/15 17:18:45 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll [2008/03/15 17:18:43 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll [2008/03/15 17:18:43 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll [2008/03/15 17:18:43 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe [2008/03/15 17:18:43 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll [2008/03/15 17:18:43 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys [2008/03/15 17:18:43 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys [2008/03/15 17:18:42 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\sw20.exe [2008/03/15 17:18:42 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe [2008/03/15 17:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/03/15 17:06:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/02/20 22:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/02/20 22:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007/06/28 12:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin [2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/12/31 02:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003/08/15 15:55:52 | 000,119,392 | ---- | C] () -- C:\WINDOWS\System32\MSDRMCtrl.dll [2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/08/28 21:54:14 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002/08/28 21:43:40 | 006,094,336 | ---- | C] () -- C:\WINDOWS\System32\logonui.exe [2001/08/31 18:15:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/31 18:15:44 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/08/18 15:00:00 | 001,301,822 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2001/08/18 15:00:00 | 001,187,558 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001/08/18 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001/08/18 15:00:00 | 000,381,258 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2001/08/18 15:00:00 | 000,357,906 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001/08/18 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001/08/18 15:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2001/08/18 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001/08/18 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001/08/18 15:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2001/08/18 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001/08/18 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2008/08/25 20:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\dyyno-vlc [2008/09/07 11:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\FileZilla [2009/05/06 09:49:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\gtk-2.0 [2008/07/16 12:28:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\ICQLite [2008/10/24 12:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Leadertech [2010/08/24 14:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\PC Suite [2010/03/16 19:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\pdfforge [2010/08/24 14:03:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Samsung [2011/02/23 17:12:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Search Settings [2008/08/23 10:01:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Styler [2010/08/27 14:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Teleca [2008/03/20 16:07:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\TuneUp Software [2010/08/27 14:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HTC [2008/07/16 12:29:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2008/03/15 18:16:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN Messenger 6.1.0155 [2010/08/24 14:28:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2010/08/27 14:57:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2011/02/01 16:23:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2008/12/25 15:02:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania United ========== Purity Check ========== < End of report > |
29.04.2011, 15:31 | #2 |
/// Malware-holic | Problem mit "BKA-Virus" auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:
__________________Code:
ATTFilter :OTL O20 - HKLM Winlogon: Shell - (C:\DOKUME~1\SFDDA~1.MAR\LOKALE~1\Temp\0.47524972723101433.exe) - C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Temp\0.47524972723101433.exe () :Files C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Temp\0.47524972723101433.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
29.04.2011, 16:47 | #3 |
| Problem mit "BKA-Virus" Vielen Dank für deine Hilfe, hat geklappt! Hoffe der Upload für die Moved Files hat auch funktioniert??
__________________Sollten noch weitere Schritte eingeleitet werden, um sicher zu stellen, dass der Virus auch ganz entfernt ist? |
29.04.2011, 16:50 | #4 |
/// Malware-holic | Problem mit "BKA-Virus" jo archiv ist angekommen bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
29.04.2011, 16:52 | #5 |
| Problem mit "BKA-Virus" Vielen Dank für deine Hilfe, hat geklappt! Hoffe der Upload der Moved Files hat auch funktioniert?? Sollte noch weitere Schritte eingeleitet werden um sicher zu stellen, dass der Virus auch restlos entfernt wurde? |
29.04.2011, 16:55 | #6 |
/// Malware-holic | Problem mit "BKA-Virus" warum doppelpost? lies bitte einem über deinem letzten
__________________ --> Problem mit "BKA-Virus" |
Themen zu Problem mit "BKA-Virus" |
0x00000001, adobe, antivir, avgntflt.sys, avira, bho, bka-virus, desktop, dllcache, einstellungen, error, explorer, firefox, fontcache, format, gainward, location, mozilla, nvidia, object, oldtimer, pdfforge toolbar, performance, plug-in, problem, realtek, reatogo, registry, safer networking, scan, sched.exe, searchplugins, software, spigot, studio, temp, wallpaper, windows, windows xp, winlogon |