| |  BKA-Trojaner
 Hallo liebe Trojaner Board Gemeinde,
leider habe ich mir den BKA-Trojaner einfangen und nach langem suchen bin ich auf Euch gestoßen:-)
Soweit so gut, bisher habe ich mich an Eure Anleitung gehalten und ich bin jetzt an dem Punkt wo ich die otl.txt gesichert habe. Zuerst habe ich mir gedacht, na ja, dat bekommste schon alleine hin aber manchmal ist man doch in der Gemeinschaft stärker 
Ich hoffe Ihr könnt mir hier weiterhelfen und natürlich
schonmal vielen Dank 
Achso falls es wichtig ist, die jashla.exe habe ich schon manuell entfernt.
Viele Grüße Andy
Hier die gescanten Daten PHP-Code: OTL logfile created on: 9/6/2011 7:51:10 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19.54 Gb Total Space | 1.52 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
Drive D: | 34.92 Gb Total Space | 23.70 Gb Free Space | 67.88% Space Free | Partition Type: NTFS
Drive E: | 17.72 Gb Total Space | 11.28 Gb Free Space | 63.65% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2011/07/01 09:36:44 | 000,337,872 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/04/06 10:53:36 | 001,117,144 | ---- | M] (PC Tools) [Auto] -- C:\Programme\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/02/18 05:14:04 | 000,371,472 | ---- | M] (PC Tools) [Auto] -- C:\Programme\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/01/20 07:27:12 | 000,070,928 | ---- | M] (PC Tools) [On_Demand] -- C:\Programme\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/10/29 10:07:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/03/04 18:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/07/21 08:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/15 15:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto] -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2009/05/13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/03 19:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/04/13 22:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 22:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 22:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/03/04 05:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/26 12:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/25 04:56:12 | 000,106,496 | ---- | M] () [Auto] -- C:\WINDOWS\CBTWlanSrv.exe -- (CBTWlanSrv)
SRV - [2007/05/24 18:19:16 | 003,373,432 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Microsoft Virtual Server\vssrvc.exe -- (Virtual Server)
SRV - [2007/05/24 18:18:54 | 000,166,808 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Microsoft Virtual Server\vmh.exe -- (vmh)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/09/20 11:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/08/22 09:26:23 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2011/07/11 06:02:34 | 000,263,888 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/03/10 03:08:22 | 000,233,976 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/01/20 07:27:12 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2011/01/20 07:27:12 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2011/01/20 07:27:12 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/18 16:20:24 | 000,449,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athrusb.sys -- (athrusb)
DRV - [2010/10/08 10:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/07/16 08:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 08:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/07/09 08:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/01/27 16:55:10 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/12 09:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/05/11 04:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/06 01:59:12 | 004,069,376 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/30 04:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/05/04 23:25:02 | 000,059,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007/05/04 23:25:02 | 000,025,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vhdbus.sys -- (vhdbus)
DRV - [2007/02/19 01:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/06/27 08:32:02 | 000,450,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(Siemens)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Siemens)
DRV - [2005/11/18 21:13:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CBPSp50.sys -- (CBPSp50)
DRV - [2003/07/16 16:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Administrator_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Flummi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Flummi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Flummi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Flummi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A E9 A8 EB 7C 4F CC 01 [binary data]
IE - HKU\Flummi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Püpsi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Püpsi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Püpsi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Püpsi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A D3 9F 0B A4 4F CC 01 [binary data]
IE - HKU\Püpsi_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\Püpsi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Programme\VideoLAN\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Programme\PC Tools Security\BDT\Firefox\ [2011/08/19 13:21:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010/11/17 15:16:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/04/13 14:45:07 | 000,000,000 | ---D | M]
[2010/11/17 15:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010/10/27 01:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/10/27 01:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010/10/27 01:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/10/27 01:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/10/27 01:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004/11/11 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Flummi_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\Püpsi_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Programme\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [PCTools FGuard] C:\Programme\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\Administrator_ON_C..\Run: [NativePad90] File not found
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\BUFFALO NAS Navigator2.lnk = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\NAS Scheduler.lnk = C:\Programme\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = C:\Programme\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Gigaset 54\Gigaset USB Stick 54.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Flummi_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Püpsi_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280500826937 (WUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} hxxp://wurm/VirtualServer/activex/VMRCActiveXClient.cab (Microsoft Virtual Server VMRC Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\DOKUME~1\PPSI~1\LOKALE~1\Temp\wpbt0.dll) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/21 03:30:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d76c1294-4bbc-11de-b0aa-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d76c1294-4bbc-11de-b0aa-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d76c1294-4bbc-11de-b0aa-806d6172696f}\Shell\AutoRun\command - "" = Z:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/09/06 10:26:50 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/09/06 10:26:50 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/09/06 10:26:50 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/08/24 03:12:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/22 09:26:23 | 000,229,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VMM.sys
[2011/08/21 08:21:44 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/08/21 08:21:22 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/08/21 08:20:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/08/21 08:19:19 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/21 08:19:17 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/08/21 08:16:03 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/21 08:15:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/08/21 08:09:21 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/08/21 08:09:21 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/08/21 08:06:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Püpsi\Eigene Dateien\Dokumente
[2011/08/19 13:20:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PC Tools Security
[2011/08/19 13:18:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Startmenü
[2011/08/10 15:27:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Püpsi\Anwendungsdaten\AdobeUM
[2011/08/10 15:27:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Püpsi\Lokale Einstellungen\Anwendungsdaten\Adobe
[2011/08/10 15:27:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Püpsi\Eigene Dateien\Eigene eBooks
[2011/07/04 14:27:20 | 001,866,752 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\uoxwcimwkx.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/09/06 12:41:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/06 12:40:50 | 000,657,416 | ---- | M] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011/09/06 12:34:00 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/06 12:31:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/09/06 12:24:38 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/06 09:05:02 | 000,178,544 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/09/06 09:04:57 | 2146,488,320 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/25 03:15:50 | 000,611,294 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/08/24 03:23:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office
[2011/08/22 10:40:27 | 000,516,524 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/08/22 10:40:27 | 000,487,880 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/22 10:40:27 | 000,101,854 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/08/22 10:40:27 | 000,087,492 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/22 10:22:29 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/22 09:58:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/22 09:26:23 | 000,229,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VMM.sys
[2011/08/21 07:45:05 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/19 13:20:38 | 000,001,614 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk
[2011/08/19 13:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PC Tools Security
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/09/04 13:58:43 | 2146,488,320 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/19 13:20:38 | 000,001,614 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk
[2011/07/21 01:37:33 | 000,657,416 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011/07/17 14:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/07/04 15:42:12 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0859.old
[2011/07/04 15:42:12 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/07/04 14:27:20 | 000,000,048 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WURM.cfg
[2011/05/24 14:05:12 | 000,002,347 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\.recently-used.xbel
[2011/01/24 10:00:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/30 15:45:44 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010/12/30 12:09:11 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/12/18 15:19:53 | 000,004,924 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe
[2010/12/13 14:11:24 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/12/13 14:11:24 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/12/13 14:09:38 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/12/13 14:09:37 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/12/13 14:09:34 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/11/17 15:16:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/15 15:03:18 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/09/08 03:08:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\CBTWlanSrv.exe
[2010/08/04 09:28:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/08/04 09:19:49 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/08/04 09:10:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/07/30 14:00:56 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/07 18:12:06 | 000,015,022 | ---- | C] () -- C:\WINDOWS\UN060501.INI
[2010/03/07 09:20:27 | 000,007,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 13:35:29 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/10/19 14:36:48 | 000,004,366 | ---- | C] () -- C:\WINDOWS\UN090928.INI
[2009/05/05 22:54:10 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/05/05 22:54:10 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/04/23 15:04:54 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/02/18 13:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 16:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2009/01/21 03:37:19 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/01/21 03:32:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/21 03:27:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/21 03:21:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/21 03:20:36 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
[2004/11/11 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/11/11 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/11/11 08:00:00 | 000,516,524 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/11/11 08:00:00 | 000,487,880 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/11/11 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/11/11 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/11/11 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/11/11 08:00:00 | 000,101,854 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/11/11 08:00:00 | 000,087,492 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/11/11 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/11/11 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/11/11 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/11/11 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/11/11 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/11 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/11/11 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/16 12:02:58 | 000,000,600 | ---- | C] () -- C:\WINDOWS\System32\smsc.ini
[2003/10/15 05:45:12 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvr223A.ini
[2003/09/16 13:31:32 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP3.ini
[2003/09/16 13:31:10 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP2.ini
[2003/08/06 10:23:08 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[color=#E56717]========== LOP Check ==========[/color]
[2011/09/06 12:19:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\-1347845062
[2010/11/15 15:03:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited
[2010/12/18 15:19:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Carambis
[2010/07/30 14:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CheckPoint
[2011/05/24 14:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
[2010/12/18 14:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Gutscheinmieze
[2010/02/07 04:16:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ
[2010/11/30 14:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NASNaviator2
[2010/11/15 15:03:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenCandy
[2010/09/09 11:17:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TS3Client
[2010/12/18 15:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Uniblue
[2010/12/02 15:03:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Wireshark
[2011/07/17 14:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 14:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 14:49:08 | 000,000,000 | R--D | M] -- \SFX
[2010/11/15 15:03:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010/11/19 15:07:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender
[2010/02/07 04:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011/01/23 08:45:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2011/09/06 12:41:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011/09/06 12:34:00 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/06 12:31:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 188 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:430C6D84
< End of report >
|
08.09.2011, 13:25
Baum-Darstellung