OTLPE und bundespolizeitrojaner

welsch01 · 19.04.2011, 19:37

ob's du's glaubst oder nicht: war vorhin nicht da ?? aber jetzt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 19.04.2011 23:42:22 - Run 
OTLPE by OldTimer - Version 3.1.46.0     Folder = C:\
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,07 Gb Total Space | 187,03 Gb Free Space | 67,26% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,84 Gb Free Space | 44,18% Space Free | Partition Type: FAT32
 
Computer Name: THOMAS-PC | User Name: Thomas
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.31 11:59:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010.11.27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.11.15 17:03:55 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.29 17:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (vsdatant7)
DRV - File not found [Kernel | On_Demand] --  -- (Trufos)
DRV - File not found [Kernel | On_Demand] --  -- (Profos)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011.03.31 11:59:33 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.02.15 17:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010.11.22 17:32:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.07.06 21:46:14 | 000,007,551 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\U3sHlpDr.sys -- (U3sHlpDr)
DRV - [2010.05.15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.04 20:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008.11.21 23:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.10.04 02:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.09.25 06:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007.07.31 18:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006.11.17 12:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2291480634-4272144294-1738126718-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-2291480634-4272144294-1738126718-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
IE - HKU\S-1-5-21-2291480634-4272144294-1738126718-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2291480634-4272144294-1738126718-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2291480634-4272144294-1738126718-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2291480634-4272144294-1738126718-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2291480634-4272144294-1738126718-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-2291480634-4272144294-1738126718-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\S-1-5-21-2291480634-4272144294-1738126718-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.t-online.de"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.04.18 20:42:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.09 13:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.09 13:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.16 11:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.11.01 15:00:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2010.11.01 15:00:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.18 20:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\ler29hml.default\extensions
[2011.04.16 11:44:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\ler29hml.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.16 11:44:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\ler29hml.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.16 11:44:30 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\ler29hml.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2010.06.15 00:31:50 | 000,000,943 | -H-- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ler29hml.default\searchplugins\conduit.xml
[2011.04.18 20:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.18 12:51:32 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Programme\Mozilla Firefox\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009.07.18 12:51:35 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Programme\Mozilla Firefox\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010.12.28 19:19:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009.07.18 12:51:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Programme\Mozilla Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009.07.18 12:51:31 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Programme\Mozilla Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.07.18 12:51:33 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Programme\Mozilla Firefox\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009.07.18 12:51:19 | 000,000,000 | ---D | M] ("COMPUTER BILD Fox Config Helper") -- C:\Programme\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de
[2009.07.18 12:51:29 | 000,000,000 | ---D | M] ("Metaswitcher") -- C:\Programme\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de
[2009.07.18 12:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\chrome
[2009.07.18 12:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\defaults
[2009.07.18 12:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\chrome
[2009.07.18 12:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\defaults
[2011.04.18 20:42:08 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010.12.28 19:19:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.04.09 13:34:24 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.09 13:34:24 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.04.09 13:34:24 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.04.09 13:34:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.04.09 13:34:25 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2291480634-4272144294-1738126718-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2291480634-4272144294-1738126718-1000\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ALDI_SUED_FotoSuite_Download] C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2291480634-4272144294-1738126718-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2291480634-4272144294-1738126718-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2291480634-4272144294-1738126718-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img32.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img32.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.20 05:31:12 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011.04.20 05:29:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.19 20:05:03 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\WinRAR
[2011.04.18 20:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011.04.18 20:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2011.04.18 20:53:39 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\InstallShield Installation Information
[2011.04.18 20:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011.04.18 20:21:44 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Avira
[2011.04.18 20:02:55 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sparbuch
[2011.04.18 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl
[2011.04.18 20:01:12 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl Data Service
[2011.04.18 17:16:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes
[2011.04.18 17:01:32 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.15 18:47:57 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sony PMB
[2011.04.13 18:12:32 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.04.13 18:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011.04.13 18:11:56 | 000,000,000 | ---D | C] -- C:\Programme\myphotobook.de
[2011.04.13 18:11:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2011.04.08 20:40:20 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Sony Corporation
[2011.04.08 20:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2011.04.08 20:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011.04.04 17:48:37 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\Documents\CyberLink
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.19 23:44:59 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011.04.19 23:41:58 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.19 23:41:58 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.19 23:41:58 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.19 23:41:58 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.19 23:38:06 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.19 23:38:06 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011.04.19 23:35:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.19 23:35:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.19 23:35:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.19 23:34:54 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.19 20:11:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.19 18:03:00 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011.04.18 20:22:14 | 000,421,441 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.04.18 20:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011.04.18 20:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Claudia\Desktop\ZoneAlarm Security.lnk
[2011.04.18 20:21:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011.04.18 20:21:57 | 000,011,954 | ---- | M] () -- C:\Windows\System32\vsconfig.xml
[2011.04.18 18:16:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.18 18:03:32 | 000,164,314 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011.04.16 18:29:18 | 000,037,888 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.16 16:22:17 | 000,364,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.16 12:27:54 | 000,011,100 | ---- | M] () -- C:\Users\Thomas\Documents\hijackthis 2
[2011.04.13 18:12:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011.04.01 19:46:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.03.31 12:14:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.03.31 12:12:55 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.03.31 11:59:33 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
 
========== Files Created - No Company Name ==========
 
[2011.04.18 20:21:58 | 000,000,875 | ---- | C] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011.04.18 19:59:39 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.18 18:03:29 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011.04.16 19:38:29 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011.04.16 12:27:54 | 000,011,100 | ---- | C] () -- C:\Users\Thomas\Documents\hijackthis 2
[2010.07.06 21:46:14 | 000,007,551 | ---- | C] () -- C:\Windows\System32\drivers\U3sHlpDr.sys
[2010.04.17 18:39:49 | 000,000,680 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2010.04.11 14:02:46 | 000,164,314 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010.04.11 14:02:33 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.04.09 17:17:26 | 000,000,042 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\default.pls
[2010.04.02 12:14:56 | 000,003,584 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.22 15:52:44 | 000,000,645 | ---- | C] () -- C:\Windows\wiso.ini
[2009.09.11 13:51:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.11 13:51:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 17:36:13 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.08.03 17:35:53 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.04.13 15:52:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.04.13 15:52:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.04.09 16:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.04.09 12:50:27 | 000,037,888 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.08 17:20:30 | 000,000,394 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\wklnhst.dat
[2008.12.18 05:38:08 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008.12.18 05:36:10 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.12.15 08:53:24 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008.12.09 13:15:52 | 000,009,336 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2008.12.09 11:34:45 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2008.12.09 00:26:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.12.09 00:26:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.12.09 00:26:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.12.09 00:26:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.12.08 18:21:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.06.05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,364,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010.01.22 15:52:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Buhl Data Service
[2010.08.12 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\CheckPoint
[2011.04.13 18:12:32 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.02.22 17:28:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\elsterformular
[2011.02.21 18:15:26 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Image Zone Express
[2011.01.01 18:52:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2010.04.11 14:30:15 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Printer Info Cache
[2009.04.08 17:21:00 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Template
[2011.04.16 11:44:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2010.09.12 16:20:56 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\CheckPoint
[2011.04.08 20:39:29 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011.04.18 20:53:41 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011.01.27 19:56:06 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org
[2011.04.08 20:39:28 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2010.12.29 11:39:24 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird
[2011.04.19 20:47:46 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.19 23:44:59 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011.04.19 23:38:06 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Thomas-Startup.job
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

OTLPE und bundespolizeitrojaner

Plagegeister aller Art und deren Bekämpfung: OTLPE und bundespolizeitrojaner

OTLPE und bundespolizeitrojaner

Ähnliche Themen: OTLPE und bundespolizeitrojaner