Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   OTLPE und bundespolizeitrojaner (https://www.trojaner-board.de/97668-otlpe-bundespolizeitrojaner.html)

welsch01 18.04.2011 21:08
OTLPE und bundespolizeitrojaner
 
Hallo,
mein Name ist Thomas, 50 J.
verfolge schon länger dieses Board und habe mir manchen Tipp hier geholt...
wollte ich auch heute, da ich diesen o.g. Trojaner drauf habe.
dank "markusg" habe ich auch OTLPE geöffnet, bekomme dann aber das Fenster "Browse for Folder" und somit nicht weiter.
Kann mir jemand helfen?
Danke

dreifachpost

doppelpost

hallo,
verfolge auch den anderen threat,
bei mir kommt nach "Windows" aber kein

notify.log,
rkill.log und
OTL.TXT.

wo find ich das ?

danke!

Hallo,
sorry, ich weiß dass doppel- und dreifachfachposts kein guter Einstieg in ein Forum sind...
hatte den Beitrag auf meinem alten Rechner geschrieben der sich beim posten jedesmal scheinbar aufgehangen hatte.Sehe anschließend im Board 3x den gleichen Beitrag.......

kann mir trotzdem jemand helfen??

Danke

markusg 19.04.2011 10:23
wähle mal dort den windows ordner aus.
dann logs posten.

welsch01 19.04.2011 16:14
ich krieg's einfach nicht hochgeladen....
kannst du damit etwas anfangen????

dankeOTL Logfile:
Code:
OTL logfile created on: 4/19/2011 5:13:17 PM - Run
OTLPE by OldTimer - Version 3.1.46.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.07 Gb Total Space | 181.79 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
Drive E: | 20.00 Gb Total Space | 8.84 Gb Free Space | 44.18% Space Free | Partition Type: FAT32
Drive F: | 1.90 Gb Total Space | 1.90 Gb Free Space | 100.00% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/03/31 05:59:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/18 11:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/15 11:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/11/26 19:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/15 11:03:55 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/29 11:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/06/05 08:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/11/17 08:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001/11/12 09:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (vsdatant7)
DRV - File not found [Kernel | On_Demand] --  -- (Trufos)
DRV - File not found [Kernel | On_Demand] --  -- (Profos)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/03/31 05:59:33 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/15 11:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/11/22 11:32:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/06 15:46:14 | 000,007,551 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\U3sHlpDr.sys -- (U3sHlpDr)
DRV - [2010/05/15 10:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 02:32:55 | 000,226,280 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/04 14:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 17:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 20:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/25 00:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007/07/31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006/11/17 06:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Claudia_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Claudia_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\Claudia_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Thomas_ON_C\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\Thomas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Thomas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/04/18 14:42:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/09 07:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/09 07:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/04/16 05:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011/04/18 14:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/18 06:51:32 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Program Files\Mozilla Firefox\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/07/18 06:51:35 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Program Files\Mozilla Firefox\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010/12/28 13:19:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/07/18 06:51:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Program Files\Mozilla Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/07/18 06:51:31 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Program Files\Mozilla Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/07/18 06:51:33 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Program Files\Mozilla Firefox\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] ("COMPUTER BILD Fox Config Helper") -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] ("Metaswitcher") -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\chrome
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\defaults
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\chrome
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\defaults
[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/09 07:34:24 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/04/09 07:34:24 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/04/09 07:34:24 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/04/09 07:34:24 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/04/09 07:34:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKU\Thomas_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Thomas_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ALDI_SUED_FotoSuite_Download] C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Thomas_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Thomas_ON_C Winlogon: Shell - (C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe) - C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe (Wxpekwgc Nfnsy)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/18 14:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011/04/18 14:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2011/04/18 14:53:39 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\InstallShield Installation Information
[2011/04/18 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/04/18 14:21:44 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Avira
[2011/04/18 14:21:41 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2011/04/18 14:21:41 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2011/04/18 14:02:55 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sparbuch
[2011/04/18 14:01:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl
[2011/04/18 14:01:12 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl Data Service
[2011/04/18 11:16:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes
[2011/04/18 11:01:32 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/16 06:03:35 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/16 06:03:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/16 06:03:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/16 06:03:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/16 06:03:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/16 06:03:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/16 06:03:24 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/16 06:03:24 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/16 06:03:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/16 06:03:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/16 06:03:23 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/16 06:03:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/16 06:03:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/16 06:03:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/16 06:03:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/16 06:03:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/16 06:03:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/16 06:03:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/16 06:03:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/16 06:03:11 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/16 06:03:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/16 06:03:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/16 06:03:01 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/16 06:02:56 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/16 06:02:56 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/15 12:47:57 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sony PMB
[2011/04/15 12:19:55 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon(1388).dll
[2011/04/15 12:19:54 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil(1355).dll
[2011/04/15 12:19:54 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet(1395).dll
[2011/04/15 12:19:46 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi(1338).dll
[2011/04/15 12:19:46 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr(1340).dll
[2011/04/13 12:12:32 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/04/13 12:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011/04/13 12:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\myphotobook.de
[2011/04/13 12:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/08 14:40:20 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Sony Corporation
[2011/04/08 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2011/04/08 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011/04/04 11:48:37 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\Documents\CyberLink
[2011/03/31 06:06:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/31 06:06:51 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/31 06:06:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/31 06:06:45 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/31 06:06:44 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/31 06:06:44 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/19 09:58:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/19 09:58:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 09:58:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 09:57:57 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 09:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/04/19 09:30:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/19 09:30:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/19 09:30:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/19 09:30:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/19 09:27:51 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/19 09:27:51 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011/04/19 09:18:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 14:22:14 | 000,421,441 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Claudia\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Administrator\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/04/18 14:21:57 | 000,011,954 | ---- | M] () -- C:\Windows\System32\vsconfig.xml
[2011/04/18 12:54:03 | 000,000,604 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/18 12:17:38 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011/04/18 12:16:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/18 12:03:32 | 000,164,314 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011/04/16 12:29:18 | 000,037,888 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/16 10:22:17 | 000,364,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 06:27:54 | 000,011,100 | ---- | M] () -- C:\Users\Thomas\Documents\hijackthis 2
[2011/04/13 12:12:17 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\myphotobook.de.lnk
[2011/04/13 12:12:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011/04/01 13:46:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/03/31 11:13:06 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/31 06:14:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/03/31 06:12:55 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/31 06:12:55 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/31 05:59:33 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/18 14:21:58 | 000,000,875 | ---- | C] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011/04/18 13:59:39 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/18 12:03:29 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011/04/16 13:38:29 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011/04/16 06:27:54 | 000,011,100 | ---- | C] () -- C:\Users\Thomas\Documents\hijackthis 2
[2011/04/13 12:12:17 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\myphotobook.de.lnk
[2010/07/06 15:46:14 | 000,007,551 | ---- | C] () -- C:\Windows\System32\drivers\U3sHlpDr.sys
[2010/04/17 12:39:49 | 000,000,680 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2010/04/11 08:02:46 | 000,164,314 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/04/11 08:02:33 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/04/09 11:17:26 | 000,000,042 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\default.pls
[2010/04/02 06:14:56 | 000,003,584 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 09:52:44 | 000,000,645 | ---- | C] () -- C:\Windows\wiso.ini
[2009/09/11 07:51:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 07:51:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 07:50:53 | 000,226,280 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2009/08/03 11:36:13 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/08/03 11:35:53 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/04/13 09:52:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/13 09:52:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/09 10:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/09 06:50:27 | 000,037,888 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 11:20:30 | 000,000,394 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\wklnhst.dat
[2008/12/17 23:38:08 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008/12/17 23:36:10 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008/12/15 02:53:24 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/12/09 07:15:52 | 000,009,336 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2008/12/09 05:34:45 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2008/12/08 18:26:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/12/08 18:26:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/12/08 18:26:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/12/08 18:26:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/12/08 12:21:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 08:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,364,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010/09/12 10:20:56 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\CheckPoint
[2011/04/08 14:39:29 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011/04/18 14:53:41 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011/01/27 13:56:06 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org
[2011/04/08 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2010/12/29 05:39:24 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird
[2010/01/22 09:52:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Buhl Data Service
[2010/08/12 09:40:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\CheckPoint
[2011/04/13 12:12:32 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/02/22 11:28:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\elsterformular
[2011/02/21 12:15:26 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Image Zone Express
[2011/01/01 12:52:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2010/04/11 08:30:15 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Printer Info Cache
[2009/04/08 11:21:00 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Template
[2011/04/16 05:44:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2011/04/19 09:58:36 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/19 09:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/04/19 09:27:51 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Thomas-Startup.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

welsch01 19.04.2011 16:14
ich krieg's einfach nicht hochgeladen....
kannst du damit etwas anfangen????

danke

OTL Logfile:
Code:
OTL logfile created on: 4/19/2011 5:13:17 PM - Run
OTLPE by OldTimer - Version 3.1.46.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.07 Gb Total Space | 181.79 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
Drive E: | 20.00 Gb Total Space | 8.84 Gb Free Space | 44.18% Space Free | Partition Type: FAT32
Drive F: | 1.90 Gb Total Space | 1.90 Gb Free Space | 100.00% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/03/31 05:59:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/18 11:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/15 11:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/11/26 19:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/15 11:03:55 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/29 11:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/06/05 08:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/11/17 08:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001/11/12 09:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (vsdatant7)
DRV - File not found [Kernel | On_Demand] --  -- (Trufos)
DRV - File not found [Kernel | On_Demand] --  -- (Profos)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/03/31 05:59:33 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/15 11:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/11/22 11:32:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/06 15:46:14 | 000,007,551 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\U3sHlpDr.sys -- (U3sHlpDr)
DRV - [2010/05/15 10:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 02:32:55 | 000,226,280 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/04 14:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 17:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 20:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/25 00:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007/07/31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006/11/17 06:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Claudia_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Claudia_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\Claudia_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
IE - HKU\Thomas_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Thomas_ON_C\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\Thomas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Thomas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/04/18 14:42:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/09 07:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/09 07:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/04/16 05:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011/04/18 14:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/18 06:51:32 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Program Files\Mozilla Firefox\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/07/18 06:51:35 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Program Files\Mozilla Firefox\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010/12/28 13:19:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/07/18 06:51:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Program Files\Mozilla Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/07/18 06:51:31 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Program Files\Mozilla Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/07/18 06:51:33 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Program Files\Mozilla Firefox\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] ("COMPUTER BILD Fox Config Helper") -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] ("Metaswitcher") -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\chrome
[2009/07/18 06:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\defaults
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\chrome
[2009/07/18 06:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\defaults
[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/09 07:34:24 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/04/09 07:34:24 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/04/09 07:34:24 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/04/09 07:34:24 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/04/09 07:34:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKU\Thomas_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Thomas_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ALDI_SUED_FotoSuite_Download] C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Thomas_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Thomas_ON_C Winlogon: Shell - (C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe) - C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe (Wxpekwgc Nfnsy)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/18 14:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011/04/18 14:53:41 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2011/04/18 14:53:39 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\InstallShield Installation Information
[2011/04/18 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/04/18 14:21:44 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Avira
[2011/04/18 14:21:41 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2011/04/18 14:21:41 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2011/04/18 14:02:55 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sparbuch
[2011/04/18 14:01:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl
[2011/04/18 14:01:12 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Buhl Data Service
[2011/04/18 11:16:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes
[2011/04/18 11:01:32 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/16 06:03:35 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/16 06:03:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/16 06:03:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/16 06:03:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/16 06:03:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/16 06:03:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/16 06:03:24 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/16 06:03:24 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/16 06:03:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/16 06:03:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/16 06:03:23 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/16 06:03:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/16 06:03:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/16 06:03:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/16 06:03:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/16 06:03:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/16 06:03:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/16 06:03:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/16 06:03:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/16 06:03:11 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/16 06:03:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/16 06:03:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/16 06:03:01 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/16 06:02:56 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/16 06:02:56 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/15 12:47:57 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\Sony PMB
[2011/04/15 12:19:55 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon(1388).dll
[2011/04/15 12:19:54 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil(1355).dll
[2011/04/15 12:19:54 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet(1395).dll
[2011/04/15 12:19:46 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi(1338).dll
[2011/04/15 12:19:46 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr(1340).dll
[2011/04/13 12:12:32 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/04/13 12:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011/04/13 12:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\myphotobook.de
[2011/04/13 12:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/08 14:40:20 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Sony Corporation
[2011/04/08 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2011/04/08 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011/04/04 11:48:37 | 000,000,000 | -H-D | C] -- C:\Users\Thomas\Documents\CyberLink
[2011/03/31 06:06:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/31 06:06:51 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/31 06:06:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/31 06:06:45 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/31 06:06:44 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/31 06:06:44 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/19 09:58:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/19 09:58:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 09:58:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 09:57:57 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 09:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/04/19 09:30:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/19 09:30:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/19 09:30:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/19 09:30:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/19 09:27:51 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/19 09:27:51 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011/04/19 09:18:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 14:22:14 | 000,421,441 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Claudia\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,875 | ---- | M] () -- C:\Users\Administrator\Desktop\ZoneAlarm Security.lnk
[2011/04/18 14:21:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/04/18 14:21:57 | 000,011,954 | ---- | M] () -- C:\Windows\System32\vsconfig.xml
[2011/04/18 12:54:03 | 000,000,604 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/18 12:17:38 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011/04/18 12:16:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/18 12:03:32 | 000,164,314 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011/04/16 12:29:18 | 000,037,888 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/16 10:22:17 | 000,364,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 06:27:54 | 000,011,100 | ---- | M] () -- C:\Users\Thomas\Documents\hijackthis 2
[2011/04/13 12:12:17 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\myphotobook.de.lnk
[2011/04/13 12:12:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de
[2011/04/01 13:46:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/03/31 11:13:06 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/31 06:14:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/03/31 06:12:55 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/31 06:12:55 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/31 05:59:33 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/18 14:21:58 | 000,000,875 | ---- | C] () -- C:\Users\Thomas\Desktop\ZoneAlarm Security.lnk
[2011/04/18 13:59:39 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/18 12:03:29 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2011/04/16 13:38:29 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\WinMaximizer-Thomas-Startup.job
[2011/04/16 06:27:54 | 000,011,100 | ---- | C] () -- C:\Users\Thomas\Documents\hijackthis 2
[2011/04/13 12:12:17 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\myphotobook.de.lnk
[2010/07/06 15:46:14 | 000,007,551 | ---- | C] () -- C:\Windows\System32\drivers\U3sHlpDr.sys
[2010/04/17 12:39:49 | 000,000,680 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2010/04/11 08:02:46 | 000,164,314 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/04/11 08:02:33 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/04/09 11:17:26 | 000,000,042 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\default.pls
[2010/04/02 06:14:56 | 000,003,584 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 09:52:44 | 000,000,645 | ---- | C] () -- C:\Windows\wiso.ini
[2009/09/11 07:51:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 07:51:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 07:50:53 | 000,226,280 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2009/08/03 11:36:13 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/08/03 11:35:53 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/04/13 09:52:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/13 09:52:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/09 10:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/09 06:50:27 | 000,037,888 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 11:20:30 | 000,000,394 | -H-- | C] () -- C:\Users\Thomas\AppData\Roaming\wklnhst.dat
[2008/12/17 23:38:08 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008/12/17 23:36:10 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008/12/15 02:53:24 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/12/09 07:15:52 | 000,009,336 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2008/12/09 05:34:45 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2008/12/08 18:26:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/12/08 18:26:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/12/08 18:26:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/12/08 18:26:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/12/08 12:21:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 08:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,364,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010/09/12 10:20:56 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\CheckPoint
[2011/04/08 14:39:29 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Image Zone Express
[2011/04/18 14:53:41 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\LSoft Technologies
[2011/01/27 13:56:06 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org
[2011/04/08 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Printer Info Cache
[2010/12/29 05:39:24 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird
[2010/01/22 09:52:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Buhl Data Service
[2010/08/12 09:40:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\CheckPoint
[2011/04/13 12:12:32 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/02/22 11:28:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\elsterformular
[2011/02/21 12:15:26 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Image Zone Express
[2011/01/01 12:52:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2010/04/11 08:30:15 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Printer Info Cache
[2009/04/08 11:21:00 | 000,000,000 | -H-D | M] -- C:\Users\Thomas\AppData\Roaming\Template
[2011/04/16 05:44:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2011/04/19 09:58:36 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/19 09:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/04/19 09:27:51 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Thomas-Startup.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

markusg 19.04.2011 16:26
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:
:OTL
O20 - HKU\Thomas_ON_C Winlogon: Shell - (C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe) - C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe (Wxpekwgc Nfnsy)
:Files
C:\Users\Thomas\AppData\Local\Temp\5av8gydf.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
das archiv nach anleitung hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html

markusg 19.04.2011 17:24
ich wollte nicht die otl.txt lies bitte was da eindeutig steht.

welsch01 19.04.2011 17:53
hallo markusg,
erstmal vielen dank für Deine Hilfe und Deine Geduld!
Bin jetzt wieder auf meinem Account, doch so ganz ist das Thema, glaube ich noch nicht erledigt....
nach dem fixen wurde ich gefragt ob der PC neu gestartet werden soll, was ich bestätigte.
das Programm blieb jedoch offen (keine Rückmeldung), ich schloss es manuell.
Beim Neustart kam ich sofort wieder auf meinen Account, aber die otl.txt Seite öffnete sich nicht. Auch die _OTL kann ich unter C nicht finden, nur die Anwendung ist da eingetragen.
größeres Problem???

Gruß Thomas

markusg 19.04.2011 18:08
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

welsch01 19.04.2011 18:26
dauert wohl noch etwas......

dafür ist 'ne kleine Spende auf dem Weg ;-))

markusg 19.04.2011 18:44
danke.
bitte unterlasse aber solche posts wie
"dauert aber"
das sparrt dir zeit, und ich muss nicht extra hier rein schauen :-)

welsch01 19.04.2011 18:52
so, jetzt komm ich aber in kein programm mehr rein!!??
es erscheint ei Fenster :Z.B C:/ProgrammFiles/Mozilla Firefox/firefox.exe

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen,der zum Löschen markiert wurde.



Hiiilfe,das bei jedem Program!!!

markusg 19.04.2011 18:57
neustarten dann gehts

welsch01 19.04.2011 18:58
sorry, war ja nicht bös gemeint...

jetz hab ich aber ein richtiges Problem:
kann gar kein Programm mehr starten, immer erscheint die Meldung:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

Hiiilfe

welsch01 19.04.2011 19:05
war mal wieder zu ungeduldig...
hier das combo log
Combofix Logfile:
Code:
ComboFix 11-04-19.01 - Thomas 20.04.2011  0:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.2064 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-19 bis 2011-04-19  ))))))))))))))))))))))))))))))
.
.
2011-04-20 03:31 . 2011-03-06 22:12        2234368        ----a-r-        C:\OTLPE.exe
2011-04-20 03:29 . 2011-04-20 03:29        --------        d-----w-        C:\_OTL
2011-04-19 22:32 . 2011-04-19 22:32        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-19 22:32 . 2011-04-19 22:32        --------        d-----w-        c:\users\Claudia\AppData\Local\temp
2011-04-19 22:32 . 2011-04-19 22:32        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2011-04-19 22:16 . 2011-04-19 22:17        --------        d-----w-        C:\32788R22FWJFW
2011-04-18 18:53 . 2011-04-18 18:53        --------        d-----w-        c:\users\Claudia\AppData\Roaming\LSoft Technologies
2011-04-18 18:53 . 2011-04-18 18:53        --------        d-----w-        c:\users\Claudia\AppData\Roaming\InstallShield Installation Information
2011-04-18 18:21 . 2011-04-18 18:21        --------        d-----w-        c:\users\Claudia\AppData\Roaming\Avira
2011-04-18 18:21 . 2011-02-18 15:28        69120        ----a-w-        c:\windows\system32\zlcomm.dll
2011-04-18 18:21 . 2011-02-18 15:28        104448        ----a-w-        c:\windows\system32\zlcommdb.dll
2011-04-18 18:01 . 2011-04-18 18:02        --------        d-----w-        c:\users\Claudia\AppData\Local\Buhl
2011-04-18 18:01 . 2011-04-18 18:01        --------        d-----w-        c:\users\Claudia\AppData\Local\Buhl Data Service
2011-04-18 15:16 . 2011-04-18 15:16        --------        d-----w-        c:\users\Claudia\AppData\Roaming\Malwarebytes
2011-04-18 15:01 . 2011-04-18 15:01        --------        d-----w-        c:\windows\Sun
2011-04-16 10:02 . 2011-03-03 15:42        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-04-16 10:02 . 2011-02-17 06:23        420864        ----a-w-        c:\windows\system32\vbscript.dll
2011-04-16 10:00 . 2011-03-03 10:50        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-04-15 16:19 . 2011-02-22 06:21        1210880        ----a-w-        c:\windows\system32\urlmon(1388).dll
2011-04-15 16:19 . 2011-02-22 06:21        916480        ----a-w-        c:\windows\system32\wininet.dll
2011-04-15 16:19 . 2011-02-22 06:21        916480        ----a-w-        c:\windows\system32\wininet(1395).dll
2011-04-15 16:19 . 2011-02-22 06:16        1991680        ----a-w-        c:\windows\system32\iertutil(1355).dll
2011-04-15 16:19 . 2011-03-02 15:44        86528        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-04-15 16:19 . 2011-03-02 15:44        86528        ----a-w-        c:\windows\system32\dnsrslvr(1340).dll
2011-04-15 16:19 . 2011-03-02 15:44        168448        ----a-w-        c:\windows\system32\dnsapi(1338).dll
2011-04-13 16:12 . 2011-04-13 16:12        --------        d--h--w-        c:\users\Thomas\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2011-04-13 16:11 . 2011-04-13 16:11        --------        d-----w-        c:\program files\myphotobook.de
2011-04-13 16:11 . 2011-04-13 16:11        --------        d-----w-        c:\program files\Common Files\Adobe AIR
2011-04-08 18:40 . 2011-04-08 18:40        --------        d-----w-        c:\users\Claudia\AppData\Roaming\Sony Corporation
2011-04-08 18:39 . 2011-04-08 18:39        --------        d-----w-        c:\users\Claudia\AppData\Roaming\Image Zone Express
2011-04-08 18:39 . 2011-04-08 18:39        --------        d-----w-        c:\users\Claudia\AppData\Roaming\Printer Info Cache
2011-03-31 10:06 . 2011-02-22 14:13        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-03-31 10:06 . 2011-02-22 13:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2011-03-31 10:06 . 2011-02-22 13:33        797696        ----a-w-        c:\windows\system32\FntCache.dll
2011-03-31 10:06 . 2010-12-29 18:28        322560        ----a-w-        c:\windows\system32\sbe.dll
2011-03-31 10:06 . 2010-12-29 18:28        429056        ----a-w-        c:\windows\system32\EncDec.dll
2011-03-31 10:06 . 2010-12-29 18:28        153088        ----a-w-        c:\windows\system32\sbeio.dll
2011-03-31 10:06 . 2010-12-29 18:26        177664        ----a-w-        c:\windows\system32\mpg2splt.ax
2011-03-31 10:06 . 2010-12-17 15:45        2067968        ----a-w-        c:\windows\system32\mstscax.dll
2011-03-31 10:06 . 2010-12-17 13:54        677888        ----a-w-        c:\windows\system32\mstsc.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 09:59 . 2009-04-10 23:17        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-02-18 15:28 . 2010-08-12 13:39        46592        ----a-w-        c:\windows\system32\vsutil_loc0407.dll
2011-02-18 15:28 . 2010-08-12 13:38        1238528        ----a-w-        c:\windows\system32\zpeng25.dll
2011-02-02 16:11 . 2009-10-09 11:48        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 16:13        638336        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 16:13        478720        ----a-w-        c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 16:13        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 16:13        189952        ----a-w-        c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 16:13        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 16:13        1029120        ----a-w-        c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-09 16:13        37376        ----a-w-        c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 16:13        258048        ----a-w-        c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 16:13        586240        ----a-w-        c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 16:13        2873344        ----a-w-        c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 16:13        26112        ----a-w-        c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 16:13        209920        ----a-w-        c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 16:13        98816        ----a-w-        c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 16:13        1554432        ----a-w-        c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 16:13        876032        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 16:13        667648        ----a-w-        c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 16:13        847360        ----a-w-        c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 16:13        135680        ----a-w-        c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 16:13        979456        ----a-w-        c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 16:13        357376        ----a-w-        c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 16:13        302592        ----a-w-        c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 16:13        261632        ----a-w-        c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 16:13        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 16:13        486400        ----a-w-        c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 16:13        683008        ----a-w-        c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2010-05-09 09:50        2517088        ----a-w-        c:\program files\ZoneAlarm-Sicherheit\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1111336]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdatePDRShortCut"="c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"BsMnt"="c:\program files\BisonCam\BsMnt.exe" [2008-11-03 217088]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-10-14 20480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-15 281768]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"ALDI_SUED_FotoSuite_Download"="c:\program files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" [2008-11-13 1257472]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-21 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-21 92704]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2011\mshaktuell.exe [2011-1-27 1224304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-15 135336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 488952]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 resetWinService;Reset Reader;c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [2008-10-29 70656]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-05-19 380416]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-25 45600]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 14:01]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 14:01]
.
2011-04-19 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-04-16 04:43]
.
2011-04-19 c:\windows\Tasks\WebReg Officejet 5600 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 19:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ler29hml.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - Nachrichten - Service - Shopping bei t-online.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{488cc790-b879-4329-b57c-2f4ad6c146e6}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6998b588-4bdb-4d44-9e40-8c46d677b31b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:100015af
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c739a3c4-8d8c-43a1-b681-730324ca0703}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ced3874c-5ea8-4050-9d42-9731b9564d21}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a001f16
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d60f1b53-5c1f-49c8-b316-3b5b617e80c5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1a000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(3160)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-20  00:43:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-19 22:43
.
Vor Suchlauf: 9 Verzeichnis(se), 200.534.413.312 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 200.125.399.040 Bytes frei
.
- - End Of File - - 4C5AD0CF2B4F90E906A1CE72EABDF941
--- --- ---

markusg 19.04.2011 19:28
und schau mal was meine müden augen sehen:
C:\_OTL
das was ich haben wollte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:27 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129