| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundestrojaner kein Desktop mehr.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.04.2011, 10:53
| #1 |
| |  Bundestrojaner kein Desktop mehr. Hallo liebe gemeinde, meine mum hat probleme, weil sie sich den bundestrojaner eingefangen hat. Ich habe schon in anderen threats gesehen das es einen lösungsansatz gibt. Zur übersicht habe ich nun einen neuen threat aufgemacht, ich hoffe das ist nicht schlimm, wenn ja dann bitte in den anderen oder in die bestehenden threat verschieben. DAS HABE ICH SCHON GEMACHT: •aufgeführt: hxxp://oldtimer.geekstogo.com/OTLPENet.exe •ausgeführt: und brenne es mit ISOBurner auf eine CD System getsartet und Logfile gespeichert... hier das eine logfile das ich bekommen habe. Ich habe aber auch nur ein bekommen und nicht wie beschrieben zwei ?! Ich hoffe doch das ich da alles richtig gemacht habe. Code:
ATTFilter OTL logfile created on: 4/22/2011 12:23:04 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106.87 Gb Total Space | 48.00 Gb Free Space | 44.92% Space Free | Partition Type: NTFS
Drive D: | 3.72 Gb Total Space | 0.06 Gb Free Space | 1.63% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (IAANTMON) Intel(R)
SRV - [2011/03/17 17:48:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/18 07:10:08 | 001,053,848 | ---- | M] () [Auto] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2010/11/18 11:58:56 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/27 11:57:32 | 000,247,152 | ---- | M] () [Auto] -- C:\Program Files\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/03/22 17:58:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/09 15:11:19 | 000,389,120 | R--- | M] () [Auto] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009/04/08 15:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [File_System | On_Demand] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | Boot] -- -- (iaStor)
DRV - [2011/03/17 17:48:03 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/23 00:45:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/05 06:31:28 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/05 06:31:28 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/05 06:31:28 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/05 06:31:28 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/10/18 23:26:06 | 000,474,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVerAF35.sys -- (AVerAF35)
DRV - [2009/08/13 13:27:56 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2009/06/08 22:18:16 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/05/28 16:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/06/05 14:21:52 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/01/10 13:34:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/01/23 13:18:32 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 11:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 04:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2005/12/22 11:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof0.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steph_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Steph_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home
IE - HKU\Steph_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Steph_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\Steph_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof0.dll (Conduit Ltd.)
IE - HKU\Steph_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/26 09:08:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/05 08:02:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/10/05 15:06:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/24 12:25:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010/03/13 12:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Extensions
[2010/03/13 12:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/15 17:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\obd7xf3d.default\extensions
[2010/08/14 09:36:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\obd7xf3d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/14 09:36:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\obd7xf3d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/14 05:09:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\obd7xf3d.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/11/14 05:09:35 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\obd7xf3d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/10/05 15:07:32 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\obd7xf3d.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/03/28 14:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\obd7xf3d.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/14 13:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Sunbird\Profiles\i5g132j6.default\extensions
[2010/11/14 06:43:13 | 000,000,873 | ---- | M] () -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\obd7xf3d.default\searchplugins\conduit.xml
[2011/04/15 17:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/28 08:46:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/14 08:28:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/16 23:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/12/20 16:56:22 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/03/20 12:41:13 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/03/20 12:41:13 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/03/20 12:41:13 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/03/20 12:41:13 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/03/20 12:41:13 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011/03/28 00:28:12 | 000,431,419 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14852 more lines...
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof0.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof0.dll (Conduit Ltd.)
O3 - HKU\Steph_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Steph_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Steph_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Steph_ON_C..\Run: [Remote USB Hub] C:\Program Files\Medion\MD 86097 W-LAN Remote USB Hub\RemoteUSBHub.exe (AzureWave Technologies, Inc.)
O4 - HKU\Steph_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steph\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Steph_ON_C Winlogon: Shell - (C:\Users\Steph\AppData\Local\Temp\1npzhgyv.exe) - C:\Users\Steph\AppData\Local\Temp\1npzhgyv.exe (Rksklbux Nvyddrp)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{e3c7c422-e6c7-11df-a9be-001dd9f06140}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c7c422-e6c7-11df-a9be-001dd9f06140}\Shell\AutoRun\command - "" = E:\EasySuite.exe
O33 - MountPoints2\{e3c7c479-e6c7-11df-a9be-001dd9f06140}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c7c479-e6c7-11df-a9be-001dd9f06140}\Shell\AutoRun\command - "" = E:\EasySuite.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/13 23:49:18 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/13 23:49:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/13 23:49:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/13 23:49:09 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/13 23:49:09 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/13 23:49:09 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/13 23:49:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/13 23:49:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/13 23:49:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/13 23:49:08 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/13 23:49:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/13 23:49:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/13 23:49:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/13 23:49:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/13 23:49:08 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/13 23:49:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/13 23:49:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/13 23:49:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/13 23:49:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/13 23:48:56 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/13 23:48:55 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/13 23:48:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/13 23:48:47 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/13 23:48:46 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/13 23:48:45 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/05 18:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/03/26 02:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/26 02:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/03/26 02:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/22 04:50:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/22 04:50:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E38995EA-F9A1-4DC7-849C-2AEEAE93A56A}.job
[2011/04/22 04:49:04 | 000,008,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/22 04:49:04 | 000,008,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/22 04:39:06 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/22 04:39:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/22 04:39:05 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/22 04:39:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/16 04:01:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/04/15 17:25:54 | 000,000,354 | ---- | M] () -- C:\Windows\Brownie.ini
[2011/04/15 00:42:06 | 000,278,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/14 16:39:41 | 000,105,963 | ---- | M] () -- C:\Users\Steph\Desktop\EntwicklungsgespraecheRaabe.pdf
[2011/04/14 16:22:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/04/13 16:06:25 | 000,016,635 | ---- | M] () -- C:\Users\Steph\Documents\kein resteverwerter.odt
[2011/04/12 15:08:10 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/04/08 15:49:41 | 000,209,763 | ---- | M] () -- C:\Users\Steph\Documents\spracherwerb
[2011/04/07 16:37:38 | 000,010,474 | ---- | M] () -- C:\Users\Steph\Documents\Gmäeß eneir Sutide.odt
[2011/04/06 10:31:52 | 000,038,461 | ---- | M] () -- C:\Users\Steph\Desktop\Adressliste S19a 03 11.pdf
[2011/04/05 08:02:17 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/28 00:28:12 | 000,431,419 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/27 06:31:57 | 000,008,704 | ---- | M] () -- C:\Users\Steph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/26 02:27:11 | 000,001,079 | ---- | M] () -- C:\Users\Steph\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/26 02:27:11 | 000,001,055 | ---- | M] () -- C:\Users\Steph\Desktop\Spybot - Search & Destroy.lnk
[2011/03/26 02:27:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/14 16:39:37 | 000,105,963 | ---- | C] () -- C:\Users\Steph\Desktop\EntwicklungsgespraecheRaabe.pdf
[2011/04/13 16:06:21 | 000,016,635 | ---- | C] () -- C:\Users\Steph\Documents\kein resteverwerter.odt
[2011/04/08 15:51:15 | 000,209,763 | ---- | C] () -- C:\Users\Steph\Documents\spracherwerb
[2011/04/07 16:37:36 | 000,010,474 | ---- | C] () -- C:\Users\Steph\Documents\Gmäeß eneir Sutide.odt
[2011/04/06 10:31:52 | 000,038,461 | ---- | C] () -- C:\Users\Steph\Desktop\Adressliste S19a 03 11.pdf
[2011/03/26 02:27:11 | 000,001,079 | ---- | C] () -- C:\Users\Steph\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/26 02:27:11 | 000,001,055 | ---- | C] () -- C:\Users\Steph\Desktop\Spybot - Search & Destroy.lnk
[2011/02/09 13:50:41 | 000,133,837 | ---- | C] () -- C:\Windows\hpoins14.dat
[2011/02/09 13:50:41 | 000,001,996 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2010/12/23 15:18:13 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll
[2010/12/23 15:18:13 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys
[2010/12/23 15:17:57 | 000,598,016 | R--- | C] () -- C:\Windows\System32\sptlib21.dll
[2010/12/23 15:17:57 | 000,307,200 | R--- | C] () -- C:\Windows\System32\sptlib01.dll
[2010/12/23 15:17:57 | 000,294,912 | R--- | C] () -- C:\Windows\System32\sptlib11.dll
[2010/12/23 15:17:57 | 000,290,816 | R--- | C] () -- C:\Windows\System32\sptlib22.dll
[2010/12/23 15:17:57 | 000,249,856 | R--- | C] () -- C:\Windows\System32\sptlib03.dll
[2010/12/23 15:17:57 | 000,225,280 | R--- | C] () -- C:\Windows\System32\sptlib02.dll
[2010/12/23 15:17:57 | 000,135,168 | R--- | C] () -- C:\Windows\System32\sptlib12.dll
[2010/12/18 07:10:08 | 001,053,848 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1_svc.exe
[2010/12/02 07:27:04 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/12/02 07:27:04 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/12/02 07:26:51 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2010/12/02 07:26:50 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI
[2010/12/02 07:26:41 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/12/02 07:26:02 | 000,000,054 | ---- | C] () -- C:\Windows\System32\bd2030.dat
[2010/12/02 07:25:48 | 000,000,354 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/08/15 11:20:00 | 000,282,624 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2010/08/15 11:20:00 | 000,260,464 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2010/08/15 11:20:00 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2010/08/10 02:51:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/10 02:51:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/10 02:50:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/28 08:51:49 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/03/14 09:01:57 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/03/13 12:36:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/02 19:27:48 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/12/20 18:45:57 | 000,008,704 | ---- | C] () -- C:\Users\Steph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/31 12:34:01 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2009/10/14 07:36:30 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2009/10/14 03:30:00 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2009/10/14 03:24:06 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugg1l3.dll
[2009/10/13 19:42:43 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009/10/13 18:26:05 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2009/10/13 17:34:22 | 000,001,356 | ---- | C] () -- C:\Users\Steph\AppData\Local\d3d9caps.dat
[2009/10/13 17:26:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/02/11 13:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 13:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 13:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 13:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/02/22 04:14:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1214.dll
[2007/02/22 03:46:00 | 000,701,840 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006/12/11 00:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 11:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,278,840 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/06 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
========== LOP Check ==========
[2009/10/14 03:13:24 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\1&1
[2010/10/23 11:43:39 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Amazon
[2010/01/03 07:43:40 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Ashampoo Photo Commander 5
[2011/04/05 18:23:06 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Auslogics
[2010/09/26 07:45:26 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\BonkEnc
[2010/08/22 07:42:45 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Bubble
[2010/09/26 05:26:58 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Canneverbe Limited
[2010/09/26 07:22:30 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\CocoonSoftware
[2011/04/15 00:44:18 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Dropbox
[2010/11/14 05:09:33 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/04/10 14:39:02 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\elsterformular
[2009/12/20 16:56:31 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Foxit
[2010/09/19 15:31:36 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Image Zone Express
[2009/10/14 03:16:13 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\OpenOffice.org
[2010/03/14 09:05:52 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\PrimoPDF
[2009/10/31 13:42:58 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Printer Info Cache
[2010/03/13 12:36:10 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Thunderbird
[2011/04/06 14:57:43 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Tobit
[2010/09/20 12:54:21 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Uniblue
[2010/08/22 06:11:28 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\uTorrent
[2009/10/13 17:32:40 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/01/03 07:43:16 | 000,000,000 | ---D | M] -- C:\ProgramData\ashampoo
[2010/12/23 15:22:43 | 000,000,000 | ---D | M] -- C:\ProgramData\AVerTV
[2010/09/26 05:26:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/10/13 17:32:40 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/04/10 14:38:29 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009/10/13 17:32:40 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/12/25 11:47:04 | 000,000,000 | ---D | M] -- C:\ProgramData\IEConfiguration1und1
[2010/08/09 10:02:58 | 000,000,000 | ---D | M] -- C:\ProgramData\MD 86097 W-LAN Remote USB Hub
[2010/08/09 10:03:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Medion
[2010/11/28 10:48:28 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2010/09/26 07:22:36 | 000,000,000 | ---D | M] -- C:\ProgramData\QuickMediaConverter
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/10/13 17:32:40 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/04/13 23:42:46 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/09/20 12:55:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue
[2009/10/13 17:32:40 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/12/18 07:10:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\{411234A5-A7C5-4628-A4D3-64C942F8C38C}
[2011/04/16 04:01:50 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/22 04:50:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E38995EA-F9A1-4DC7-849C-2AEEAE93A56A}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:07BF512B
< End of report >
lg lionel |
|
22.04.2011, 11:08
| #2 |
| /// Malware-holic   | Bundestrojaner kein Desktop mehr. auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:
__________________Code:
ATTFilter :OTL
O20 - HKU\Steph_ON_C Winlogon: Shell - (C:\Users\Steph\AppData\Local\Temp\1npzhgyv.exe) - C:\Users\Steph\AppData\Local\Temp\1npzhgyv.exe (Rksklbux Nvyddrp)
:Files
C:\Users\Steph\AppData\Local\Temp\1npzhgyv.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. das archiv nach anleitung hochladen: http://www.trojaner-board.de/54791-a...ner-board.html danach:
__________________ |
|
22.04.2011, 12:10
| #3 |
| | Bundestrojaner kein Desktop mehr. wenn ich die datei laden möchte, dann stürzt das programm ab. Ich kann das fenster noch verschieben, kann aber leider keinen button mehr drücken. Dazu habe ich die datei in den Ordner ram speicher verschoben weil da das programm rankommt. Wenn ich versuche im dateifenster, die datei auf dem usb stick zu koalisieren, dann stürzt das programm ab mit der fehlermedlung:access violation at adress 7CA0C936 in module "shell32.dll" . Read of adress 00000006.
__________________was kann ich denn nun machen ? danke |
|
22.04.2011, 12:13
| #4 |
| /// Malware-holic | Bundestrojaner kein Desktop mehr. das script per hand eintippen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Bundestrojaner kein Desktop mehr. |
| adobe, alternate, antivir, askbar, autorun, avgntflt.sys, avira, bho, bundes, bundestrojaner eingefangen, conduit, converter, defender, desktop, error, explorer, firefox, format, home, hängen, location, logfile, mozilla, mozilla thunderbird, mp3, pdf, plug-in, realtek, reatogo, registry, safer networking, scan, sched.exe, searchplugins, services.exe, software, staropen, start menu, temp, uiexec.exe, vista |
Linear-Darstellung
