Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: OTLPE und bundespolizeitrojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.04.2011, 21:08   #1
welsch01
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



Hallo,
mein Name ist Thomas, 50 J.
verfolge schon länger dieses Board und habe mir manchen Tipp hier geholt...
wollte ich auch heute, da ich diesen o.g. Trojaner drauf habe.
dank "markusg" habe ich auch OTLPE geöffnet, bekomme dann aber das Fenster "Browse for Folder" und somit nicht weiter.
Kann mir jemand helfen?
Danke

dreifachpost

doppelpost

hallo,
verfolge auch den anderen threat,
bei mir kommt nach "Windows" aber kein

notify.log,
rkill.log und
OTL.TXT.

wo find ich das ?

danke!

Hallo,
sorry, ich weiß dass doppel- und dreifachfachposts kein guter Einstieg in ein Forum sind...
hatte den Beitrag auf meinem alten Rechner geschrieben der sich beim posten jedesmal scheinbar aufgehangen hatte.Sehe anschließend im Board 3x den gleichen Beitrag.......

kann mir trotzdem jemand helfen??

Danke

Alt 19.04.2011, 10:23   #2
markusg
/// Malware-holic
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



wähle mal dort den windows ordner aus.
dann logs posten.
__________________

__________________

Alt 19.04.2011, 16:14   #3
welsch01
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



ich krieg's einfach nicht hochgeladen....
kannst du damit etwas anfangen????

dankeOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/19/2011 5:13:17 PM - Run 
OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.07 Gb Total Space | 181.79 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
Drive E: | 20.00 Gb Total Space | 8.84 Gb Free Space | 44.18% Space Free | Partition Type: FAT32
Drive F: | 1.90 Gb Total Space | 1.90 Gb Free Space | 100.00% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/03/31 05:59:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/18 11:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/15 11:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/11/26 19:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/15 11:03:55 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/29 11:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/06/05 08:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/11/17 08:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001/11/12 09:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (vsdatant7)
DRV - File not found [Kernel | On_Demand] --  -- (Trufos)
DRV - File not found [Kernel | On_Demand] --  -- (Profos)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/03/31 05:59:33 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/15 11:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/11/22 11:32:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/06 15:46:14 | 000,007,551 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\U3sHlpDr.sys -- (U3sHlpDr)
DRV - [2010/05/15 10:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 02:32:55 | 000,226,280 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/04 14:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 17:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 20:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/25 00:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007/07/31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006/11/17 06:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Claudia_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Claudia_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\Claudia_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Thomas_ON_C\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\Thomas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Thomas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/04/18 14:42:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/09 07:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/09 07:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/04/16 05:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011/04/18 14:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/18 06:51:32 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Program Files\Mozilla Firefox\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/07/18 06:51:35 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Program Files\Mozilla Firefox\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010/12/28 13:19:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/07/18 06:51:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Program Files\Mozilla Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/07/18 06:51:31 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Program Files\Mozilla Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/07/18 06:51:33 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Program Files\Mozilla Firefox\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] ("COMPUTER BILD Fox Config Helper") -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] ("Metaswitcher") -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\chrome
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\defaults
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\chrome
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\defaults
[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/09 07:34:24 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/04/09 07:34:24 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/04/09 07:34:24 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/04/09 07:34:24 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/04/09 07:34:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKU\Thomas_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Thomas_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ALDI_SUED_FotoSuite_Download] C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Thomas_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Thomas_ON_C Winlogon: Shell - (C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe) - C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe (Wxpekwgc Nfnsy)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/18 14:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011/04/18 14:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2011/04/18 14:53:39 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\InstallShield Installation Information
[2011/04/18 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/04/18 14:21:44 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Avira
[2011/04/18 14:21:41 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2011/04/18 14:21:41 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2011/04/18 14:02:55 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sparbuch
[2011/04/18 14:01:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl
[2011/04/18 14:01:12 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl Data Service
[2011/04/18 11:16:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes
[2011/04/18 11:01:32 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/16 06:03:35 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/16 06:03:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/16 06:03:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/16 06:03:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/16 06:03:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/16 06:03:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/16 06:03:24 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/16 06:03:24 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/16 06:03:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/16 06:03:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/16 06:03:23 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/16 06:03:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/16 06:03:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/16 06:03:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/16 06:03:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/16 06:03:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/16 06:03:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/16 06:03:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/16 06:03:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/16 06:03:11 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/16 06:03:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/16 06:03:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/16 06:03:01 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/16 06:02:56 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/16 06:02:56 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/15 12:47:57 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sony PMB
[2011/04/15 12:19:55 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon(1388).dll
[2011/04/15 12:19:54 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil(1355).dll
[2011/04/15 12:19:54 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet(1395).dll
[2011/04/15 12:19:46 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi(1338).dll
[2011/04/15 12:19:46 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr(1340).dll
[2011/04/13 12:12:32 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/04/13 12:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011/04/13 12:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\myphotobook.de
[2011/04/13 12:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/08 14:40:20 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Sony Corporation
[2011/04/08 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2011/04/08 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011/04/04 11:48:37 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\Documents\CyberLink
[2011/03/31 06:06:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/31 06:06:51 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/31 06:06:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/31 06:06:45 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/31 06:06:44 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/31 06:06:44 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/19 09:58:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/19 09:58:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 09:58:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 09:57:57 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 09:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/04/19 09:30:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/19 09:30:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/19 09:30:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/19 09:30:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/19 09:27:51 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/19 09:27:51 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011/04/19 09:18:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 14:22:14 | 000,421,441 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Claudia\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Administrator\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/04/18 14:21:57 | 000,011,954 | ---- | M] () -- C:\Windows\System32\vsconfig.xml
[2011/04/18 12:54:03 | 000,000,604 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/18 12:17:38 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011/04/18 12:16:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/18 12:03:32 | 000,164,314 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011/04/16 12:29:18 | 000,037,888 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/16 10:22:17 | 000,364,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 06:27:54 | 000,011,100 | ---- | M] () -- C:\Users\Thomas\Documents\hijackthis 2
[2011/04/13 12:12:17 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\myphotobook.de.lnk
[2011/04/13 12:12:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011/04/01 13:46:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/03/31 11:13:06 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/31 06:14:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/03/31 06:12:55 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/31 06:12:55 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/31 05:59:33 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/18 14:21:58 | 000,000,875 | ---- | C] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011/04/18 13:59:39 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/18 12:03:29 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011/04/16 13:38:29 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011/04/16 06:27:54 | 000,011,100 | ---- | C] () -- C:\Users\Thomas\Documents\hijackthis 2
[2011/04/13 12:12:17 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\myphotobook.de.lnk
[2010/07/06 15:46:14 | 000,007,551 | ---- | C] () -- C:\Windows\System32\drivers\U3sHlpDr.sys
[2010/04/17 12:39:49 | 000,000,680 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2010/04/11 08:02:46 | 000,164,314 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/04/11 08:02:33 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/04/09 11:17:26 | 000,000,042 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\default.pls
[2010/04/02 06:14:56 | 000,003,584 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 09:52:44 | 000,000,645 | ---- | C] () -- C:\Windows\wiso.ini
[2009/09/11 07:51:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 07:51:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 07:50:53 | 000,226,280 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2009/08/03 11:36:13 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/08/03 11:35:53 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/04/13 09:52:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/13 09:52:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/09 10:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/09 06:50:27 | 000,037,888 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 11:20:30 | 000,000,394 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\wklnhst.dat
[2008/12/17 23:38:08 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008/12/17 23:36:10 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008/12/15 02:53:24 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/12/09 07:15:52 | 000,009,336 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2008/12/09 05:34:45 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2008/12/08 18:26:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/12/08 18:26:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/12/08 18:26:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/12/08 18:26:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/12/08 12:21:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 08:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,364,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010/09/12 10:20:56 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\CheckPoint
[2011/04/08 14:39:29 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011/04/18 14:53:41 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011/01/27 13:56:06 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org
[2011/04/08 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2010/12/29 05:39:24 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird
[2010/01/22 09:52:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Buhl Data Service
[2010/08/12 09:40:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\CheckPoint
[2011/04/13 12:12:32 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/02/22 11:28:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\elsterformular
[2011/02/21 12:15:26 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Image Zone Express
[2011/01/01 12:52:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2010/04/11 08:30:15 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Printer Info Cache
[2009/04/08 11:21:00 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Template
[2011/04/16 05:44:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2011/04/19 09:58:36 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/19 09:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/04/19 09:27:51 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Thomas-Startup.job
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---
__________________

Alt 19.04.2011, 16:14   #4
welsch01
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



ich krieg's einfach nicht hochgeladen....
kannst du damit etwas anfangen????

danke

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/19/2011 5:13:17 PM - Run 
OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.07 Gb Total Space | 181.79 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
Drive E: | 20.00 Gb Total Space | 8.84 Gb Free Space | 44.18% Space Free | Partition Type: FAT32
Drive F: | 1.90 Gb Total Space | 1.90 Gb Free Space | 100.00% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/03/31 05:59:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/18 11:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/15 11:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/11/26 19:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/15 11:03:55 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/29 11:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/06/05 08:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/11/17 08:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001/11/12 09:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (vsdatant7)
DRV - File not found [Kernel | On_Demand] --  -- (Trufos)
DRV - File not found [Kernel | On_Demand] --  -- (Profos)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/03/31 05:59:33 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/15 11:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/11/22 11:32:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/06 15:46:14 | 000,007,551 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\U3sHlpDr.sys -- (U3sHlpDr)
DRV - [2010/05/15 10:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 02:32:55 | 000,226,280 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/04 14:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 17:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 20:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/25 00:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007/07/31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006/11/17 06:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Claudia_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Claudia_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\Claudia_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Thomas_ON_C\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\Thomas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Thomas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/04/18 14:42:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/09 07:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/09 07:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/04/16 05:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011/04/18 14:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/18 06:51:32 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Program Files\Mozilla Firefox\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/07/18 06:51:35 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Program Files\Mozilla Firefox\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010/12/28 13:19:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/07/18 06:51:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Program Files\Mozilla Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/07/18 06:51:31 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Program Files\Mozilla Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/07/18 06:51:33 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Program Files\Mozilla Firefox\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] ("COMPUTER BILD Fox Config Helper") -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] ("Metaswitcher") -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\chrome
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\defaults
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\chrome
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\defaults
[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/09 07:34:24 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/04/09 07:34:24 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/04/09 07:34:24 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/04/09 07:34:24 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/04/09 07:34:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKU\Thomas_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Thomas_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ALDI_SUED_FotoSuite_Download] C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Thomas_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Thomas_ON_C Winlogon: Shell - (C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe) - C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe (Wxpekwgc Nfnsy)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/18 14:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011/04/18 14:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2011/04/18 14:53:39 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\InstallShield Installation Information
[2011/04/18 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/04/18 14:21:44 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Avira
[2011/04/18 14:21:41 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2011/04/18 14:21:41 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2011/04/18 14:02:55 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sparbuch
[2011/04/18 14:01:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl
[2011/04/18 14:01:12 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl Data Service
[2011/04/18 11:16:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes
[2011/04/18 11:01:32 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/16 06:03:35 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/16 06:03:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/16 06:03:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/16 06:03:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/16 06:03:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/16 06:03:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/16 06:03:24 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/16 06:03:24 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/16 06:03:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/16 06:03:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/16 06:03:23 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/16 06:03:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/16 06:03:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/16 06:03:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/16 06:03:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/16 06:03:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/16 06:03:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/16 06:03:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/16 06:03:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/16 06:03:11 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/16 06:03:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/16 06:03:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/16 06:03:01 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/16 06:02:56 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/16 06:02:56 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/15 12:47:57 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sony PMB
[2011/04/15 12:19:55 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon(1388).dll
[2011/04/15 12:19:54 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil(1355).dll
[2011/04/15 12:19:54 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet(1395).dll
[2011/04/15 12:19:46 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi(1338).dll
[2011/04/15 12:19:46 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr(1340).dll
[2011/04/13 12:12:32 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/04/13 12:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011/04/13 12:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\myphotobook.de
[2011/04/13 12:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/08 14:40:20 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Sony Corporation
[2011/04/08 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2011/04/08 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011/04/04 11:48:37 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\Documents\CyberLink
[2011/03/31 06:06:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/31 06:06:51 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/31 06:06:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/31 06:06:45 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/31 06:06:44 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/31 06:06:44 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/19 09:58:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/19 09:58:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 09:58:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 09:57:57 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 09:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/04/19 09:30:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/19 09:30:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/19 09:30:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/19 09:30:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/19 09:27:51 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/19 09:27:51 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011/04/19 09:18:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 14:22:14 | 000,421,441 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Claudia\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Administrator\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/04/18 14:21:57 | 000,011,954 | ---- | M] () -- C:\Windows\System32\vsconfig.xml
[2011/04/18 12:54:03 | 000,000,604 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/18 12:17:38 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011/04/18 12:16:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/18 12:03:32 | 000,164,314 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011/04/16 12:29:18 | 000,037,888 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/16 10:22:17 | 000,364,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 06:27:54 | 000,011,100 | ---- | M] () -- C:\Users\Thomas\Documents\hijackthis 2
[2011/04/13 12:12:17 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\myphotobook.de.lnk
[2011/04/13 12:12:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011/04/01 13:46:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/03/31 11:13:06 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/31 06:14:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/03/31 06:12:55 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/31 06:12:55 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/31 05:59:33 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/18 14:21:58 | 000,000,875 | ---- | C] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011/04/18 13:59:39 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/18 12:03:29 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011/04/16 13:38:29 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011/04/16 06:27:54 | 000,011,100 | ---- | C] () -- C:\Users\Thomas\Documents\hijackthis 2
[2011/04/13 12:12:17 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\myphotobook.de.lnk
[2010/07/06 15:46:14 | 000,007,551 | ---- | C] () -- C:\Windows\System32\drivers\U3sHlpDr.sys
[2010/04/17 12:39:49 | 000,000,680 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2010/04/11 08:02:46 | 000,164,314 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/04/11 08:02:33 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/04/09 11:17:26 | 000,000,042 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\default.pls
[2010/04/02 06:14:56 | 000,003,584 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 09:52:44 | 000,000,645 | ---- | C] () -- C:\Windows\wiso.ini
[2009/09/11 07:51:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 07:51:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 07:50:53 | 000,226,280 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2009/08/03 11:36:13 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/08/03 11:35:53 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/04/13 09:52:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/13 09:52:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/09 10:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/09 06:50:27 | 000,037,888 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 11:20:30 | 000,000,394 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\wklnhst.dat
[2008/12/17 23:38:08 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008/12/17 23:36:10 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008/12/15 02:53:24 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/12/09 07:15:52 | 000,009,336 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2008/12/09 05:34:45 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2008/12/08 18:26:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/12/08 18:26:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/12/08 18:26:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/12/08 18:26:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/12/08 12:21:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 08:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,364,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010/09/12 10:20:56 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\CheckPoint
[2011/04/08 14:39:29 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011/04/18 14:53:41 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011/01/27 13:56:06 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org
[2011/04/08 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2010/12/29 05:39:24 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird
[2010/01/22 09:52:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Buhl Data Service
[2010/08/12 09:40:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\CheckPoint
[2011/04/13 12:12:32 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/02/22 11:28:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\elsterformular
[2011/02/21 12:15:26 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Image Zone Express
[2011/01/01 12:52:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2010/04/11 08:30:15 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Printer Info Cache
[2009/04/08 11:21:00 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Template
[2011/04/16 05:44:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2011/04/19 09:58:36 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/19 09:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/04/19 09:27:51 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Thomas-Startup.job
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---

Alt 19.04.2011, 16:26   #5
markusg
/// Malware-holic
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:
ATTFilter
:OTL
O20 - HKU\Thomas_ON_C Winlogon: Shell - (C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe) - C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe (Wxpekwgc Nfnsy)
:Files
C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
das archiv nach anleitung hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.04.2011, 17:24   #6
markusg
/// Malware-holic
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



ich wollte nicht die otl.txt lies bitte was da eindeutig steht.
__________________
--> OTLPE und bundespolizeitrojaner

Alt 19.04.2011, 17:53   #7
welsch01
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



hallo markusg,
erstmal vielen dank für Deine Hilfe und Deine Geduld!
Bin jetzt wieder auf meinem Account, doch so ganz ist das Thema, glaube ich noch nicht erledigt....
nach dem fixen wurde ich gefragt ob der PC neu gestartet werden soll, was ich bestätigte.
das Programm blieb jedoch offen (keine Rückmeldung), ich schloss es manuell.
Beim Neustart kam ich sofort wieder auf meinen Account, aber die otl.txt Seite öffnete sich nicht. Auch die _OTL kann ich unter C nicht finden, nur die Anwendung ist da eingetragen.
größeres Problem???

Gruß Thomas

Alt 19.04.2011, 18:08   #8
markusg
/// Malware-holic
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.04.2011, 18:26   #9
welsch01
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



dauert wohl noch etwas......

dafür ist 'ne kleine Spende auf dem Weg ;-))

Geändert von welsch01 (19.04.2011 um 18:30 Uhr) Grund: Dank

Alt 19.04.2011, 18:44   #10
markusg
/// Malware-holic
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



danke.
bitte unterlasse aber solche posts wie
"dauert aber"
das sparrt dir zeit, und ich muss nicht extra hier rein schauen :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.04.2011, 18:52   #11
welsch01
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



so, jetzt komm ich aber in kein programm mehr rein!!??
es erscheint ei Fenster :Z.B C:/ProgrammFiles/Mozilla Firefox/firefox.exe

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen,der zum Löschen markiert wurde.



Hiiilfe,das bei jedem Program!!!

Alt 19.04.2011, 18:57   #12
markusg
/// Malware-holic
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



neustarten dann gehts
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.04.2011, 18:58   #13
welsch01
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



sorry, war ja nicht bös gemeint...

jetz hab ich aber ein richtiges Problem:
kann gar kein Programm mehr starten, immer erscheint die Meldung:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

Hiiilfe

Alt 19.04.2011, 19:05   #14
welsch01
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



war mal wieder zu ungeduldig...
hier das combo log
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-04-19.01 - Thomas 20.04.2011   0:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2064 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-19 bis 2011-04-19  ))))))))))))))))))))))))))))))
.
.
2011-04-20 03:31 . 2011-03-06 22:12	2234368	----a-r-	C:\OTLPE.exe
2011-04-20 03:29 . 2011-04-20 03:29	--------	d-----w-	C:\_OTL
2011-04-19 22:32 . 2011-04-19 22:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-19 22:32 . 2011-04-19 22:32	--------	d-----w-	c:\users\Claudia\AppData\Local\temp
2011-04-19 22:32 . 2011-04-19 22:32	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2011-04-19 22:16 . 2011-04-19 22:17	--------	d-----w-	C:\32788R22FWJFW
2011-04-18 18:53 . 2011-04-18 18:53	--------	d-----w-	c:\users\Claudia\AppData\Roaming\LSoft Technologies
2011-04-18 18:53 . 2011-04-18 18:53	--------	d-----w-	c:\users\Claudia\AppData\Roaming\InstallShield Installation Information
2011-04-18 18:21 . 2011-04-18 18:21	--------	d-----w-	c:\users\Claudia\AppData\Roaming\Avira
2011-04-18 18:21 . 2011-02-18 15:28	69120	----a-w-	c:\windows\system32\zlcomm.dll
2011-04-18 18:21 . 2011-02-18 15:28	104448	----a-w-	c:\windows\system32\zlcommdb.dll
2011-04-18 18:01 . 2011-04-18 18:02	--------	d-----w-	c:\users\Claudia\AppData\Local\Buhl
2011-04-18 18:01 . 2011-04-18 18:01	--------	d-----w-	c:\users\Claudia\AppData\Local\Buhl Data Service
2011-04-18 15:16 . 2011-04-18 15:16	--------	d-----w-	c:\users\Claudia\AppData\Roaming\Malwarebytes
2011-04-18 15:01 . 2011-04-18 15:01	--------	d-----w-	c:\windows\Sun
2011-04-16 10:02 . 2011-03-03 15:42	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-16 10:02 . 2011-02-17 06:23	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-04-16 10:00 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-15 16:19 . 2011-02-22 06:21	1210880	----a-w-	c:\windows\system32\urlmon(1388).dll
2011-04-15 16:19 . 2011-02-22 06:21	916480	----a-w-	c:\windows\system32\wininet.dll
2011-04-15 16:19 . 2011-02-22 06:21	916480	----a-w-	c:\windows\system32\wininet(1395).dll
2011-04-15 16:19 . 2011-02-22 06:16	1991680	----a-w-	c:\windows\system32\iertutil(1355).dll
2011-04-15 16:19 . 2011-03-02 15:44	86528	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-04-15 16:19 . 2011-03-02 15:44	86528	----a-w-	c:\windows\system32\dnsrslvr(1340).dll
2011-04-15 16:19 . 2011-03-02 15:44	168448	----a-w-	c:\windows\system32\dnsapi(1338).dll
2011-04-13 16:12 . 2011-04-13 16:12	--------	d--h--w-	c:\users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2011-04-13 16:11 . 2011-04-13 16:11	--------	d-----w-	c:\program files\myphotobook.de
2011-04-13 16:11 . 2011-04-13 16:11	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2011-04-08 18:40 . 2011-04-08 18:40	--------	d-----w-	c:\users\Claudia\AppData\Roaming\Sony Corporation
2011-04-08 18:39 . 2011-04-08 18:39	--------	d-----w-	c:\users\Claudia\AppData\Roaming\Image Zone Express
2011-04-08 18:39 . 2011-04-08 18:39	--------	d-----w-	c:\users\Claudia\AppData\Roaming\Printer Info Cache
2011-03-31 10:06 . 2011-02-22 14:13	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-03-31 10:06 . 2011-02-22 13:33	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-03-31 10:06 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-03-31 10:06 . 2010-12-29 18:28	322560	----a-w-	c:\windows\system32\sbe.dll
2011-03-31 10:06 . 2010-12-29 18:28	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-03-31 10:06 . 2010-12-29 18:28	153088	----a-w-	c:\windows\system32\sbeio.dll
2011-03-31 10:06 . 2010-12-29 18:26	177664	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-31 10:06 . 2010-12-17 15:45	2067968	----a-w-	c:\windows\system32\mstscax.dll
2011-03-31 10:06 . 2010-12-17 13:54	677888	----a-w-	c:\windows\system32\mstsc.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 09:59 . 2009-04-10 23:17	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-18 15:28 . 2010-08-12 13:39	46592	----a-w-	c:\windows\system32\vsutil_loc0407.dll
2011-02-18 15:28 . 2010-08-12 13:38	1238528	----a-w-	c:\windows\system32\zpeng25.dll
2011-02-02 16:11 . 2009-10-09 11:48	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 16:13	638336	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 16:13	478720	----a-w-	c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 16:13	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 16:13	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 16:13	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 16:13	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-09 16:13	37376	----a-w-	c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 16:13	258048	----a-w-	c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 16:13	586240	----a-w-	c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 16:13	2873344	----a-w-	c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 16:13	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 16:13	209920	----a-w-	c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 16:13	98816	----a-w-	c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 16:13	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 16:13	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 16:13	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 16:13	847360	----a-w-	c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 16:13	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 16:13	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 16:13	357376	----a-w-	c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 16:13	302592	----a-w-	c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 16:13	261632	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 16:13	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 16:13	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 16:13	683008	----a-w-	c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2010-05-09 09:50	2517088	----a-w-	c:\program files\ZoneAlarm-Sicherheit\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1111336]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdatePDRShortCut"="c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"BsMnt"="c:\program files\BisonCam\BsMnt.exe" [2008-11-03 217088]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-10-14 20480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-15 281768]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"ALDI_SUED_FotoSuite_Download"="c:\program files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" [2008-11-13 1257472]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-21 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-21 92704]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2011\mshaktuell.exe [2011-1-27 1224304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-15 135336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 488952]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 resetWinService;Reset Reader;c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [2008-10-29 70656]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-05-19 380416]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-25 45600]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 14:01]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 14:01]
.
2011-04-19 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-04-16 04:43]
.
2011-04-19 c:\windows\Tasks\WebReg Officejet 5600 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 19:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ler29hml.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - Nachrichten - Service - Shopping bei t-online.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{488cc790-b879-4329-b57c-2f4ad6c146e6}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6998b588-4bdb-4d44-9e40-8c46d677b31b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:100015af
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c739a3c4-8d8c-43a1-b681-730324ca0703}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ced3874c-5ea8-4050-9d42-9731b9564d21}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a001f16
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d60f1b53-5c1f-49c8-b316-3b5b617e80c5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1a000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(3160)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-20  00:43:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-19 22:43
.
Vor Suchlauf: 9 Verzeichnis(se), 200.534.413.312 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 200.125.399.040 Bytes frei
.
- - End Of File - - 4C5AD0CF2B4F90E906A1CE72EABDF941
         
--- --- ---

Alt 19.04.2011, 19:28   #15
markusg
/// Malware-holic
 
OTLPE und bundespolizeitrojaner - Standard

OTLPE und bundespolizeitrojaner



und schau mal was meine müden augen sehen:
C:\_OTL
das was ich haben wollte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu OTLPE und bundespolizeitrojaner
aufgehangen, board, bundespolizei, bundespolizeitrojaner, fenster, folder, heute, länger, markusg, otlpe, thomas, troja, trojaner



Ähnliche Themen: OTLPE und bundespolizeitrojaner


  1. Bundespolizeitrojaner
    Plagegeister aller Art und deren Bekämpfung - 03.01.2015 (13)
  2. Bundespolizeitrojaner
    Log-Analyse und Auswertung - 03.10.2014 (1)
  3. Bundespolizeitrojaner entfernen
    Log-Analyse und Auswertung - 07.09.2013 (22)
  4. Bundespolizeitrojaner... OTL+Extras.txt
    Log-Analyse und Auswertung - 18.08.2013 (13)
  5. Bundespolizeitrojaner OTL Fix Erstellen
    Log-Analyse und Auswertung - 02.06.2013 (7)
  6. Bundespolizeitrojaner auf Firmenlaptop
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (4)
  7. Bundespolizeitrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (10)
  8. Bundespolizeitrojaner 1.13 WinVista
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (3)
  9. Bundespolizeitrojaner
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (11)
  10. Bundespolizeitrojaner OTL.txt, Auswertung
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  11. BundespolizeiTrojaner
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (7)
  12. BundespolizeiTrojaner
    Alles rund um Windows - 12.04.2012 (1)
  13. Bundespolizeitrojaner
    Log-Analyse und Auswertung - 28.03.2012 (12)
  14. Bundespolizeitrojaner 2.0
    Log-Analyse und Auswertung - 21.11.2011 (23)
  15. Bundespolizeitrojaner
    Plagegeister aller Art und deren Bekämpfung - 10.10.2011 (7)
  16. Bundespolizeitrojaner die 17. ...
    Plagegeister aller Art und deren Bekämpfung - 19.04.2011 (3)
  17. Bundespolizeitrojaner
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (19)

Zum Thema OTLPE und bundespolizeitrojaner - Hallo, mein Name ist Thomas, 50 J. verfolge schon länger dieses Board und habe mir manchen Tipp hier geholt... wollte ich auch heute, da ich diesen o.g. Trojaner drauf habe. - OTLPE und bundespolizeitrojaner...
Archiv
Du betrachtest: OTLPE und bundespolizeitrojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.