Problem mit "BKA-Virus"

nwtmarc · 29.04.2011, 15:12

Hallo,

habe mir ebenfalls den BKA-Virus eingefangen und hoffe hier auf eure Hilfe.. habe bereits die Logfiles mit OTLpe erstellt.

Mit freundlichen Grüßen
Marc

OTL logfile created on: 4/29/2011 9:01:32 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3, v.3264 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 94.76 Gb Total Space | 31.88 Gb Free Space | 33.64% Space Free | Partition Type: NTFS
Drive D: | 69.30 Gb Total Space | 21.20 Gb Free Space | 30.60% Space Free | Partition Type: NTFS
Drive E: | 68.83 Gb Total Space | 4.46 Gb Free Space | 6.49% Space Free | Partition Type: NTFS
Drive F: | 7.47 Gb Total Space | 7.41 Gb Free Space | 99.19% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/04/02 15:41:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/28 12:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/08/02 11:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/30 01:52:54 | 003,795,560 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2009/03/31 03:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 03:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/11/13 20:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/11/09 15:18:42 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [Auto] -- C:\Programme\TuneUpUtilities2004\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand] -- -- (RT2500USB)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (NTACCESS)
DRV - File not found [Kernel | On_Demand] -- -- (MSICPL)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/04/02 15:41:28 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/23 14:49:23 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/21 18:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/06/17 10:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/10 10:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/03/31 03:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 04:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 04:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 04:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/09/17 09:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/10 07:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/16 05:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 05:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007/03/06 00:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/03/06 00:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/01/23 09:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/09/18 10:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/09/18 10:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/09/18 10:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/09/18 10:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/18 10:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/09/18 10:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/09/18 10:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/09/05 15:00:54 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58obex.sys -- (se58obex)
DRV - [2006/09/05 15:00:06 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58mgmt.sys -- (se58mgmt) Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/05 14:59:18 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006/09/05 14:59:14 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006/09/05 14:58:26 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
DRV - [2006/09/05 14:57:54 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58nd5.sys -- (se58nd5) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS)
DRV - [2006/09/05 14:57:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58unic.sys -- (se58unic) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM)
DRV - [2006/03/13 13:52:32 | 000,085,664 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2006/03/13 13:52:30 | 000,087,792 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2006/03/13 13:52:24 | 000,096,224 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2006/03/13 13:52:22 | 000,009,264 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2006/03/13 13:52:16 | 000,060,768 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2006/03/13 13:35:28 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2006/03/13 13:35:26 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2006/03/13 13:35:20 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2006/03/13 13:35:18 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2006/03/13 13:35:12 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2006/02/20 13:59:36 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex)
DRV - [2006/02/20 13:59:34 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm)
DRV - [2006/02/20 13:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - [2006/02/20 13:59:32 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl)
DRV - [2006/02/20 13:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2005/12/01 05:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drhard.sys -- (drhard)
DRV - [2005/08/24 09:55:48 | 000,066,560 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2004/08/23 08:20:06 | 000,158,720 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)
DRV - [2004/08/11 12:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/09 07:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 07:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 10:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2004/04/30 04:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi)
DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2002/09/16 12:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2000/09/18 06:00:00 | 000,160,073 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\AV, = hxxp://www.altavista.com/sites/search/web?q=%s
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\FM, = hxxp://www.filemirrors.com/search.src?file=%s
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\GGL, = hxxp://www.google.com/search?q=%s
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\MSKB, = hxxp://support.microsoft.com/?kbid=%s
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\MSN, = hxxp://search.msn.com/results.asp?q=%s
IE - HKU\S.Marc_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S.Marc_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S.Marc_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/04/03 10:46:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/04/03 10:46:30 | 000,000,000 | ---D | M]

[2008/08/22 08:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\mozilla\Extensions
[2011/04/25 05:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\mozilla\Firefox\Profiles\hiao3qeh.default\extensions
[2009/09/24 14:50:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\mozilla\Firefox\Profiles\hiao3qeh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/08/25 20:41:39 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\mozilla\Firefox\Profiles\hiao3qeh.default\extensions\NPDyyno@dyyno.com
[2011/04/24 16:25:34 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Mozilla\Firefox\Profiles\hiao3qeh.default\searchplugins\icqplugin.xml
[2011/04/25 05:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/02/23 17:12:30 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM
[2009/11/03 13:16:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/23 17:12:30 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF
[2010/12/03 14:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/12/03 14:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/12/03 14:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/12/03 14:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/12/03 14:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2001/08/18 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ViewerHelper Class) - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKU\S.Marc_ON_C..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S.Marc_ON_C..\Run: [GAINWARD] C:\Programme\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S.Marc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O7 - HKU\S.Marc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra 'Tools' menuitem : @C:\Programme\Microsoft\Rights Management Add-on\rma_resource.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Programme\Microsoft\Rights Management Add-on\rma_resource.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Programme\Microsoft\Rights Management Add-on\rma_resource.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\rmh {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/msword {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-excel {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-powerpoint {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd-viewer {CD4527E8-4FC7-48DB-9806-10537B501237} - C:\Programme\Microsoft\Rights Management Add-on\rmadoc.exe (Microsoft Corporation)
O18 - Protocol\Filter\application/x-microsoft-rpmsg-message {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\DOKUME~1\SFDDA~1.MAR\LOKALE~1\Temp\0.47524972723101433.exe) - C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Temp\0.47524972723101433.exe ()
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/15 17:07:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c613df13-12c5-11dd-b902-001d60af2e6d}\Shell\AutoRun\command - "" = J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{f375968c-027e-11dd-b8c9-001d60af2e6d}\Shell\AutoRun\command - "" = J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 11:03:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\OvtCam
[2011/04/11 11:02:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S.Marc\Startmenü\Programme\USB Camera Manager
[2011/04/11 11:02:43 | 000,160,073 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\drivers\omcamvid.sys
[2011/04/11 11:02:43 | 000,135,168 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\omcamcap.exe
[2011/04/11 11:02:43 | 000,073,728 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\omcamdib.dll
[2011/04/11 11:02:43 | 000,053,248 | ---- | C] (OmniVision Technologies Inc.) -- C:\WINDOWS\System32\omcamext.dll
[2011/04/11 11:02:43 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\omniuns.exe
[2011/04/11 11:02:43 | 000,038,925 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\Omcamext.ax
[2011/04/11 11:02:43 | 000,025,390 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\ovtcamd.sys
[2011/04/11 11:02:43 | 000,022,278 | ---- | C] (OmniVision Technologies) -- C:\WINDOWS\System32\OmCamUSD.dll
[2011/04/11 11:02:15 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System\Omniuns.exe
[2011/04/11 11:01:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2011/04/11 11:01:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/04/11 10:57:35 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSPROXY.AX
[2011/04/11 10:57:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSUSER.DLL
[2011/04/11 10:57:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSVPINTF.AX
[2011/04/11 10:57:35 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSCLOCKF.AX
[2011/04/11 10:57:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSINTERF.AX
[2011/04/11 10:57:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSDATA.AX
[2011/04/11 10:57:34 | 000,260,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSH263.DRV
[2011/04/11 10:57:34 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSTVTUNE.AX
[2011/04/11 10:57:34 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VFWWDM32.DLL
[2011/04/11 10:57:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSXBAR.AX
[2011/04/11 10:57:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KSWDMCAP.AX
[2011/04/11 10:57:34 | 000,015,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VFWWDM.DRV
[2011/04/11 10:57:32 | 000,135,168 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\OMCAMCAP.EXE
[2011/04/11 10:57:32 | 000,073,728 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\OMCAMDIB.DLL
[2011/04/11 10:57:32 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\Omniuns.exe
[2011/04/11 10:57:17 | 000,000,000 | ---D | C] -- C:\Treiber
[2011/04/11 10:45:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\LogiShrd
[2011/04/03 07:50:00 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2008/03/20 16:00:25 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2008/03/20 16:00:25 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/29 07:51:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 07:50:39 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 07:50:10 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/28 17:01:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/25 13:41:11 | 001,301,822 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/04/25 13:41:11 | 001,187,558 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/25 13:41:11 | 000,381,258 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/04/25 13:41:11 | 000,357,906 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/25 09:30:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/24 07:23:26 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2011/04/21 09:16:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
[2011/04/11 11:03:21 | 000,000,056 | ---- | M] () -- C:\WINDOWS\setup.ini
[2011/04/11 10:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Logitech
[2011/04/08 09:26:25 | 000,147,968 | ---- | M] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 15:41:28 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/11 11:03:21 | 000,000,056 | ---- | C] () -- C:\WINDOWS\setup.ini
[2011/01/05 14:36:51 | 000,235,352 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/05 14:36:49 | 000,235,352 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/05 14:36:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/27 20:09:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2010/08/24 14:03:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/08/24 14:03:53 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/08/24 14:03:41 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\$_hpcst$.hpc
[2010/08/16 04:09:59 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/08/16 04:09:59 | 000,007,764 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2010/05/01 19:16:40 | 000,000,045 | ---- | C] () -- C:\WINDOWS\tkkg_6.ini
[2010/05/01 19:16:31 | 000,182,528 | ---- | C] () -- C:\WINDOWS\PI.EXE
[2010/05/01 14:52:55 | 000,000,049 | ---- | C] () -- C:\WINDOWS\Tkkg_8.ini
[2009/12/29 15:17:49 | 000,124,680 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009/12/27 07:51:33 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
[2009/11/10 00:59:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/02 14:29:08 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/05/06 09:49:13 | 000,005,486 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\.recently-used.xbel
[2008/12/22 20:11:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/08/23 10:01:07 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe
[2008/08/23 10:01:07 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifype.exe
[2008/08/23 09:51:05 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\uharc.exe
[2008/08/22 08:46:20 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/05/17 12:52:33 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/05/17 12:52:28 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/05/17 03:34:00 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/15 20:29:27 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/05/14 15:58:13 | 000,000,925 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/05/09 18:48:37 | 000,002,138 | ---- | C] () -- C:\WINDOWS\blueklik.ini
[2008/04/18 19:26:53 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008/03/20 16:08:03 | 000,000,144 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/03/20 15:54:01 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/03/17 16:20:05 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2008/03/17 10:20:46 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008/03/16 14:17:35 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2008/03/16 14:14:36 | 000,001,424 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/16 12:24:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/16 12:01:35 | 000,147,968 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/15 23:56:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/15 23:55:54 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/15 19:19:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/03/15 19:01:12 | 000,000,851 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2008/03/15 18:00:52 | 000,061,440 | ---- | C] () -- C:\WINDOWS\deluser.exe
[2008/03/15 17:55:45 | 000,000,477 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/15 17:47:30 | 000,013,249 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/03/15 17:43:54 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/03/15 17:40:38 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/03/15 17:39:23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/03/15 17:39:22 | 000,012,997 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/03/15 17:39:17 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/03/15 17:21:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008/03/15 17:18:45 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2008/03/15 17:18:43 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2008/03/15 17:18:43 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2008/03/15 17:18:43 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe
[2008/03/15 17:18:43 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2008/03/15 17:18:43 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2008/03/15 17:18:43 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2008/03/15 17:18:42 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\sw20.exe
[2008/03/15 17:18:42 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe
[2008/03/15 17:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/15 17:06:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/02/20 22:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/02/20 22:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/06/28 12:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/31 02:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/08/15 15:55:52 | 000,119,392 | ---- | C] () -- C:\WINDOWS\System32\MSDRMCtrl.dll
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/28 21:54:14 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/28 21:43:40 | 006,094,336 | ---- | C] () -- C:\WINDOWS\System32\logonui.exe
[2001/08/31 18:15:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/31 18:15:44 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 15:00:00 | 001,301,822 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001/08/18 15:00:00 | 001,187,558 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 15:00:00 | 000,381,258 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001/08/18 15:00:00 | 000,357,906 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 15:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/18 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 15:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/18 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2008/08/25 20:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\dyyno-vlc
[2008/09/07 11:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\FileZilla
[2009/05/06 09:49:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\gtk-2.0
[2008/07/16 12:28:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\ICQLite
[2008/10/24 12:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Leadertech
[2010/08/24 14:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\PC Suite
[2010/03/16 19:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\pdfforge
[2010/08/24 14:03:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Samsung
[2011/02/23 17:12:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Search Settings
[2008/08/23 10:01:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Styler
[2010/08/27 14:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Teleca
[2008/03/20 16:07:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\TuneUp Software
[2010/08/27 14:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HTC
[2008/07/16 12:29:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2008/03/15 18:16:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN Messenger 6.1.0155
[2010/08/24 14:28:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010/08/27 14:57:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2011/02/01 16:23:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
[2008/12/25 15:02:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania United

========== Purity Check ==========

< End of report >

markusg · 29.04.2011, 15:31

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:

ATTFilter

:OTL
O20 - HKLM Winlogon: Shell - (C:\DOKUME~1\SFDDA~1.MAR\LOKALE~1\Temp\0.47524972723101433.exe) - C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Temp\0.47524972723101433.exe
()
:Files
C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Temp\0.47524972723101433.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

nwtmarc · 29.04.2011, 16:47

Vielen Dank für deine Hilfe, hat geklappt! Hoffe der Upload für die Moved Files hat auch funktioniert??

Sollten noch weitere Schritte eingeleitet werden, um sicher zu stellen, dass der Virus auch ganz entfernt ist?

markusg · 29.04.2011, 16:50

jo archiv ist angekommen
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

nwtmarc · 29.04.2011, 16:52

Vielen Dank für deine Hilfe, hat geklappt! Hoffe der Upload der Moved Files hat auch funktioniert??

Sollte noch weitere Schritte eingeleitet werden um sicher zu stellen, dass der Virus auch restlos entfernt wurde?

markusg · 29.04.2011, 16:55

warum doppelpost? lies bitte einem über deinem letzten

29.04.2011, 16:55	#6
markusg /// Malware-holic	Problem mit "BKA-Virus" warum doppelpost? lies bitte einem über deinem letzten __________________ --> Problem mit "BKA-Virus"

Problem mit "BKA-Virus"

Log-Analyse und Auswertung: Problem mit "BKA-Virus"