system repair virus

deadhorse · 14.07.2011, 18:58

system repair virus
Hallo,

bin total am verzweifeln.

Habe seit gestern einen Virus eigefangen:
Nachdem starten bleibt der Bildschirm fast schwarz und es öffnet sich ein Fenster mit dm Programm "System repair".

Ich kann keine Programme öffnen - auf der Festplatte C: zeigt er mit 'leerer ordner' an - der ganze PC läuft erheblich langsam...

Habe schon Systemwiederherstellung probiert - geht nicht. Auch Malware-Programme brechen sosfort nach dem Start ab.

Habe jtzt auch schon Trojankiller runtergeladen, installiert, upgedatet und in iexplorer.exe umbenannt und auch hier bricht der Scannvorgang nach wenigen Sekunden ab.

Ich weiss nicht mehr weiter....

Bin für jede Hilfe DANKBAR!!!

Swisstreasure · 14.07.2011, 21:20

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Falls Du kein Brennprogramm installiert hast, lade
dir bitte ISOBurner herunter.
Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen.
Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von mit der OTLPE CD.
Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

deadhorse · 14.07.2011, 21:28

Hi,

erstmal Danke. werde es morgen probieren. Habe Frühschicht und muss jetzt nach 8 std Virusbekämpfung, die nichts gebracht hat, nötig ins Bett.

deadhorse · 15.07.2011, 15:30

mein fehler

deadhorse · 15.07.2011, 15:45

OTL.txt

OTL logfile created on: 7/15/2011 5:29:21 PM - Run
OTLPE by OldTimer - Version 3.1.47.1 Folder = X:\Programs\OTLPE
Windows 7 Ultimate (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 444.18 Gb Total Space | 23.33 Gb Free Space | 5.25% Space Free | Partition Type: NTFS
Drive D: | 21.56 Gb Total Space | 5.62 Gb Free Space | 26.05% Space Free | Partition Type: FAT32
Drive X: | 436.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (PnkBstrA)
SRV - [2011/06/30 05:49:18 | 001,526,592 | -H-- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/06/30 05:46:40 | 000,029,504 | -H-- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/18 06:26:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/19 08:21:48 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/17 10:00:48 | 000,109,728 | -H-- | M] (Intel Corporation) [Auto] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2010/10/16 06:46:40 | 000,369,256 | -H-- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/08/07 11:06:55 | 000,010,240 | -H-- | M] () [Auto] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010/03/25 04:25:22 | 030,969,208 | -H-- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 08:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/20 09:49:36 | 004,710,400 | -H-- | M] () [Auto] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2009/09/14 01:00:00 | 000,155,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2009/09/14 01:00:00 | 000,123,904 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/24 09:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2001/11/12 08:31:48 | 000,024,576 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (o1394bul)
DRV - File not found [File_System | On_Demand] -- -- (MBAMProtector)
DRV - File not found [Kernel | Auto] -- -- (MacHALDriver)
DRV - File not found [Kernel | Auto] -- -- (KeyAgent)
DRV - File not found [Kernel | On_Demand] -- -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz132)
DRV - [2011/07/15 09:12:04 | 000,083,064 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\SMR200.SYS -- (SMR200)
DRV - [2011/07/13 14:36:00 | 000,014,848 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\1258377627.sys -- (1258377627)
DRV - [2011/04/26 09:30:20 | 000,010,064 | -H-- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/04/19 08:21:49 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/10 15:00:52 | 010,508,632 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/12/18 07:03:56 | 000,021,696 | -H-- | M] (Almico Software) [Kernel | Boot] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/26 11:39:14 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/26 14:29:42 | 000,856,928 | -H-- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2010/03/30 10:43:54 | 000,031,848 | -H-- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2010/03/30 10:43:54 | 000,031,848 | -H-- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2010/03/25 19:15:50 | 000,221,400 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel(R)
DRV - [2010/01/20 19:59:58 | 000,020,864 | -H-- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/20 19:59:56 | 000,024,960 | -H-- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/20 19:59:56 | 000,013,056 | -H-- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/12/10 19:05:58 | 000,691,696 | -H-- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/29 06:41:36 | 000,037,920 | -H-- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009/07/20 12:29:40 | 000,013,880 | -H-- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/13 21:19:10 | 000,175,824 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | -H-- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:18:07 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 20:14:49 | 000,020,480 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:12:38 | 000,338,944 | -H-- | M] () [Kernel | System] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2009/05/21 09:24:28 | 000,025,616 | -H-- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM)
DRV - [2009/05/12 09:53:04 | 000,016,896 | -H-- | M] (Danish Wireless Design A/S) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FlashUsb.sys -- (FlashUSB)
DRV - [2009/05/11 05:12:49 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/06 03:13:52 | 000,025,512 | -H-- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/04/06 03:13:52 | 000,013,224 | -H-- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/02/13 07:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/16 06:33:14 | 000,115,752 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 06:33:14 | 000,025,512 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 06:33:14 | 000,015,016 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 06:33:12 | 000,120,744 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 06:33:12 | 000,114,216 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 06:33:12 | 000,110,632 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 06:33:12 | 000,089,256 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/01/09 05:28:34 | 000,027,632 | -H-- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2006/11/17 05:31:04 | 000,013,976 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [1996/04/03 15:33:26 | 000,005,248 | -H-- | M] () [Kernel | Boot] -- C:\Windows\System32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 28 07 8F C7 66 CA 01 [binary data]
IE - HKU\Administrator_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\kl.Papa-PC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Papa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 54 E0 76 C3 66 CA 01 [binary data]
IE - HKU\Papa_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.allstars-2002.de/index3.html"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.6.0146
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}:1.9
FF - prefs.js..keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q="

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 00:40:50 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/20 00:40:06 | 000,000,000 | -H-D | M]

[2010/06/15 12:42:27 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/06/15 12:42:27 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/07/14 09:13:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ny9yetlb.default\extensions
[2011/04/26 06:18:48 | 000,000,000 | -H-D | M] ("Facebook PhotoZoom") -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ny9yetlb.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2011/06/20 00:37:17 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ny9yetlb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/09 04:23:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ny9yetlb.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010/05/16 08:12:58 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ny9yetlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/07/14 09:13:04 | 000,000,000 | -H-D | M] (softonic-de3 Community Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ny9yetlb.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/07/13 09:45:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ny9yetlb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/06 16:56:28 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ny9yetlb.default\extensions\DTToolbar@toolbarnet.com
[2011/07/14 09:13:03 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ny9yetlb.default\extensions\engine@conduit.com
[2011/02/04 07:05:51 | 000,000,000 | -H-D | M] (Facemoods) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ny9yetlb.default\extensions\ffxtlbr@Facemoods.com
[2010/05/08 12:34:18 | 000,000,000 | -H-D | M] (GutscheinRausch.de) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ny9yetlb.default\extensions\jl@leimbach-it.de
[2010/04/13 01:19:03 | 000,002,059 | -H-- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ny9yetlb.default\searchplugins\daemon-search.xml
[2011/04/30 02:19:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 08:56:07 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/06 08:41:05 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 09:47:45 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NY9YETLB.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NY9YETLB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NY9YETLB.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NY9YETLB.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
[2011/06/23 00:40:49 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 16:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/20 12:21:40 | 000,106,192 | -H-- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2010/01/01 04:00:00 | 000,001,392 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 04:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/12/13 08:36:54 | 000,002,035 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2010/01/01 04:00:00 | 000,006,805 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CD- und DVD-Sharing] C:\Program Files\CD- und DVD-Sharing\ODSAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\Administrator_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Administrator_ON_C..\Run: [Spyware Doctor with AntiVirus] File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\kl.Papa-PC_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\kl.Papa-PC_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\kl.Papa-PC_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\kl.Papa-PC_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Papa_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ce0bb29a-93ef-11df-92b4-001d92266d5b}\Shell - "" = AutoRun
O33 - MountPoints2\{ce0bb29a-93ef-11df-92b4-001d92266d5b}\Shell\AutoRun\command - "" = K:\USBAutoRun.exe
O33 - MountPoints2\{e6523666-e5e0-11de-8125-001d92266d5b}\Shell - "" = AutoRun
O33 - MountPoints2\{e6523666-e5e0-11de-8125-001d92266d5b}\Shell\AutoRun\command - "" = J:\soldner.exe
O33 - MountPoints2\{e876b5e9-2b3f-11df-9263-001d92266d5b}\Shell - "" = AutoRun
O33 - MountPoints2\{e876b5e9-2b3f-11df-9263-001d92266d5b}\Shell\AutoRun\command - "" = J:\cdstart.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 09:28:00 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/07/15 09:27:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2011/07/15 09:27:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0305000.017
[2011/07/15 09:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/07/15 09:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/07/15 09:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/07/15 09:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/07/15 09:13:16 | 000,000,000 | ---D | C] -- C:\Users\kl.Papa-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/07/15 09:13:01 | 000,398,984 | ---- | C] (Symantec Corporation) -- C:\Users\Administrator\Desktop\NBRT-Retail-Downloader.exe
[2011/07/15 09:12:04 | 000,083,064 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR200.SYS
[2011/07/15 09:11:13 | 002,557,656 | ---- | C] (Symantec Corporation) -- C:\Users\Administrator\Desktop\mama.exe
[2011/07/15 09:08:26 | 002,557,656 | ---- | C] (Symantec Corporation) -- C:\Users\Administrator\Desktop\NPE(2).exe
[2011/07/15 09:07:45 | 006,161,848 | ---- | C] (Symantec Corporation) -- C:\Users\kl.Papa-PC\Desktop\NPE170.exe
[2011/07/15 09:05:18 | 000,000,000 | ---D | C] -- C:\Users\kl.Papa-PC\AppData\Roaming\Malwarebytes
[2011/07/15 08:40:53 | 000,000,000 | ---D | C] -- C:\Users\kl.Papa-PC\AppData\Roaming\Epson
[2011/07/15 08:40:53 | 000,000,000 | ---D | C] -- C:\Users\kl.Papa-PC\AppData\Local\Adobe
[2011/07/15 08:40:52 | 000,000,000 | ---D | C] -- C:\Users\kl.Papa-PC\AppData\Roaming\Adobe
[2011/07/15 08:40:38 | 000,000,000 | R--D | C] -- C:\Users\kl.Papa-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/07/15 08:40:38 | 000,000,000 | R--D | C] -- C:\Users\kl.Papa-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/15 08:40:38 | 000,000,000 | -H-D | C] -- C:\Users\kl.Papa-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/07/15 08:40:06 | 000,000,000 | ---D | C] -- C:\Users\kl.Papa-PC\AppData\Roaming\Identities
[2011/07/15 08:40:00 | 000,000,000 | ---D | C] -- C:\Users\kl.Papa-PC\AppData\Local\VirtualStore
[2011/07/15 08:37:52 | 000,000,000 | --SD | C] -- C:\Users\kl.Papa-PC\AppData\Roaming\Microsoft
[2011/07/15 08:37:52 | 000,000,000 | RH-D | C] -- C:\Users\kl.Papa-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/07/15 08:37:52 | 000,000,000 | RH-D | C] -- C:\Users\kl.Papa-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/07/15 08:37:52 | 000,000,000 | -HSD | C] -- C:\Users\kl.Papa-PC\AppData\Local\Verlauf
[2011/07/15 08:37:52 | 000,000,000 | -HSD | C] -- C:\Users\kl.Papa-PC\AppData\Local\Temporary Internet Files
[2011/07/15 08:37:52 | 000,000,000 | -HSD | C] -- C:\Users\kl.Papa-PC\Documents\Eigene Videos
[2011/07/15 08:37:52 | 000,000,000 | -HSD | C] -- C:\Users\kl.Papa-PC\Documents\Eigene Musik
[2011/07/15 08:37:52 | 000,000,000 | -HSD | C] -- C:\Users\kl.Papa-PC\Documents\Eigene Bilder
[2011/07/15 08:37:52 | 000,000,000 | -HSD | C] -- C:\Users\kl.Papa-PC\AppData\Local\Anwendungsdaten
[2011/07/15 08:37:52 | 000,000,000 | -H-D | C] -- C:\Users\kl.Papa-PC\AppData\Local\Temp
[2011/07/15 08:37:52 | 000,000,000 | -H-D | C] -- C:\Users\kl.Papa-PC\AppData\Roaming
[2011/07/15 08:37:52 | 000,000,000 | -H-D | C] -- C:\Users\kl.Papa-PC\AppData\Local\Microsoft
[2011/07/15 08:37:52 | 000,000,000 | -H-D | C] -- C:\Users\kl.Papa-PC\AppData\Roaming\Media Center Programs
[2011/07/15 08:37:52 | 000,000,000 | -H-D | C] -- C:\Users\kl.Papa-PC\AppData\Roaming\Macromedia
[2011/07/15 08:37:52 | 000,000,000 | -H-D | C] -- C:\Users\kl.Papa-PC\AppData\Local
[2011/07/15 08:37:52 | 000,000,000 | ---D | C] -- C:\Users\kl.Papa-PC\AppData\LocalLow
[2011/07/15 08:37:51 | 000,000,000 | ---D | C] -- C:\Users\kl.Papa-PC
[2011/07/14 17:03:31 | 000,000,000 | ---D | C] -- C:\Users\kl
[2011/07/14 17:01:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CrashDumps
[2011/07/14 16:05:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Norton
[2011/07/14 16:04:43 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Local\NPE
[2011/07/14 16:02:49 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~LS
[2011/07/14 15:52:59 | 000,000,000 | ---D | C] -- C:\$UPGRADE.~OS
[2011/07/14 15:49:05 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2011/07/14 14:22:24 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Desktop\Downloads
[2011/07/14 14:22:21 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2011/07/14 10:02:31 | 000,000,000 | -H-D | C] -- C:\Windows\pss
[2011/07/14 09:52:45 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Desktop\GridinSoft Trojan Killer
[2011/07/14 09:45:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011/07/14 09:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/07/14 09:30:26 | 009,435,312 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.51.0.1200[2].exe
[2011/07/14 09:25:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loaris Trojan Remover
[2011/07/14 09:25:38 | 000,000,000 | -H-D | C] -- C:\Program Files\Loaris
[2011/07/14 09:17:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mal
[2011/07/14 09:17:00 | 000,000,000 | -H-D | C] -- C:\Program Files\Mal
[2011/07/14 09:15:36 | 009,435,312 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.51.0.1200[1].exe
[2011/07/14 09:15:25 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Local\Conduit
[2011/07/14 09:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/07/14 09:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/07/14 09:13:04 | 000,000,000 | -H-D | C] -- C:\Program Files\softonic-de3
[2011/07/14 09:11:19 | 009,435,312 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/14 08:55:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools
[2011/07/13 15:54:53 | 000,141,120 | -H-- | C] (GridinSoft) -- C:\Users\Administrator\Desktop\unhider.exe
[2011/07/13 14:56:57 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
[2011/07/13 14:56:42 | 000,362,496 | -H-- | C] (The Wireshark developer community) -- C:\ProgramData\26599160.exe
[2011/07/13 14:36:07 | 000,446,464 | -H-- | C] (The Wireshark developer community) -- C:\ProgramData\yxJTUiXVvg.exe
[2011/07/alles markieren

deadhorse · 15.07.2011, 15:46

Extras.txt kann ich nicht finden.

deadhorse · 15.07.2011, 20:54

Keiner Rat??

Swisstreasure · 15.07.2011, 23:24

Sorry fürs warten. Werde das Log anschauen und am Morgen eine Anleitung posten.

deadhorse · 15.07.2011, 23:33

Danke - ich habe übrigens mit unhide den Desktop soweit wiederhergestellt.

Swisstreasure · 16.07.2011, 08:07

Starte bitte OTLPEVista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
DRV - [2011/07/13 14:36:00 | 000,014,848 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\1258377627.sys -- (1258377627)
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ce0bb29a-93ef-11df-92b4-001d92266d5b}\Shell - "" = AutoRun
O33 - MountPoints2\{ce0bb29a-93ef-11df-92b4-001d92266d5b}\Shell\AutoRun\command - "" = K:\USBAutoRun.exe
O33 - MountPoints2\{e6523666-e5e0-11de-8125-001d92266d5b}\Shell - "" = AutoRun
O33 - MountPoints2\{e6523666-e5e0-11de-8125-001d92266d5b}\Shell\AutoRun\command - "" = J:\soldner.exe
O33 - MountPoints2\{e876b5e9-2b3f-11df-9263-001d92266d5b}\Shell - "" = AutoRun
O33 - MountPoints2\{e876b5e9-2b3f-11df-9263-001d92266d5b}\Shell\AutoRun\command - "" = J:\cdstart.exe
[2011/07/13 14:56:57 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
[2011/07/13 14:56:42 | 000,362,496 | -H-- | C] (The Wireshark developer community) -- C:\ProgramData\26599160.exe
[2011/07/13 14:36:07 | 000,446,464 | -H-- | C] (The Wireshark developer community) -- C:\ProgramData\yxJTUiXVvg.exe:Commands
[purity]
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Kommst Du wieder normal auf das System?

deadhorse · 16.07.2011, 13:10

Ich kann nicht "rechts klicken" und als Admin ausführen.
Wenn ich normal öffne kommt wieder das Fenster zum scannen???

Swisstreasure · 16.07.2011, 13:15

Aber du kannst das in der Codebox in das weisse Texfeld kopieren?

deadhorse · 16.07.2011, 13:58

wenn ich OTLPE öffne, zeigt er mir das Fenster "Browse for Folder" an, wo ich die zu scannende Datei suchen soll...

Swisstreasure · 16.07.2011, 14:15

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:

Code:

ATTFilter

:OTL
DRV - [2011/07/13 14:36:00 | 000,014,848 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\1258377627.sys -- (1258377627)
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ce0bb29a-93ef-11df-92b4-001d92266d5b}\Shell - "" = AutoRun
O33 - MountPoints2\{ce0bb29a-93ef-11df-92b4-001d92266d5b}\Shell\AutoRun\command - "" = K:\USBAutoRun.exe
O33 - MountPoints2\{e6523666-e5e0-11de-8125-001d92266d5b}\Shell - "" = AutoRun
O33 - MountPoints2\{e6523666-e5e0-11de-8125-001d92266d5b}\Shell\AutoRun\command - "" = J:\soldner.exe
O33 - MountPoints2\{e876b5e9-2b3f-11df-9263-001d92266d5b}\Shell - "" = AutoRun
O33 - MountPoints2\{e876b5e9-2b3f-11df-9263-001d92266d5b}\Shell\AutoRun\command - "" = J:\cdstart.exe
[2011/07/13 14:56:57 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
[2011/07/13 14:56:42 | 000,362,496 | -H-- | C] (The Wireshark developer community) -- C:\ProgramData\26599160.exe
[2011/07/13 14:36:07 | 000,446,464 | -H-- | C] (The Wireshark developer community) -- C:\ProgramData\yxJTUiXVvg.exe:Commands
[purity]
[emptytemp]

Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

deadhorse · 16.07.2011, 14:55

Reatogo-X-PE Desktop erscheint
Doppelklick auf OTLPE yeigt er mir wieder nur das Browser-Suchfenster an...

15.07.2011, 23:24	#8
Swisstreasure /// Malwareteam	system repair virus Sorry fürs warten. Werde das Log anschauen und am Morgen eine Anleitung posten.

16.07.2011, 13:15	#12
Swisstreasure /// Malwareteam	system repair virus Aber du kannst das in der Codebox in das weisse Texfeld kopieren?

system repair virus

Plagegeister aller Art und deren Bekämpfung: system repair virus