Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 27.09.2011, 07:11   #1
bismosa
 
BKA Trojaner - Standard

BKA Trojaner



Hallo!

Ich habe einen Rechner vom Kollegen mit dem BKA-Virus.

Ich habe mit einer aktuellen AntiVir-BootCD das System vollständig gescannt und es wurden auch diverse Funde verzeichnet:
Code:
ATTFilter
Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
WARNING: [This key has expired] Initialization


engine set:         8.2.6.68
VDF Version:        7.11.15.30
update service:     unavailable!
Scan start time: Mon Sep 26 11:47:01 2011
configuration file: /etc/avira/scancl.conf
ALERT: [Java/Exdoer.FP.2] /media/Devices/sda1/Dokumente und Einstellungen/NetworkService/Anwendungsdaten/Sun/Java/Deployment/cache/6.0/12/30e962cc-63a0feb8 --> mail/Cid.class <<< Contains signature of the Java virus JAVA/Exdoer.FP.2 [archive scan abort]


ALERT: [TR/Ransom.DU.52] /media/Devices/sda1/Dokumente und Einstellungen/NetworkService/Anwendungsdaten/Sun/Java/Deployment/cache/6.0/27/61508c9b-3c0c9d90 <<< Is the Trojan horse TR/Ransom.DU.52 [deleted]


ALERT: [EXP/2010-0840.AM] /media/Devices/sda1/Dokumente und Einstellungen/NetworkService/Anwendungsdaten/Sun/Java/Deployment/cache/6.0/40/4f136a68-610dce92 --> buildService/MailAgent.class <<< Contains signature of the exploits EXP/2010-0840.AM [archive scan abort]


ALERT: [TR/Gendal.kdv.360534] /media/Devices/sda1/Dokumente und Einstellungen/NetworkService/Anwendungsdaten/Sun/Java/Deployment/cache/6.0/47/c07bdaf-2493ef67 <<< Is the Trojan horse TR/Gendal.kdv.360534 [deleted]


ALERT: [JS/Agent.YA.1] /media/Devices/sda1/Dokumente und Einstellungen/NetworkService/Lokale Einstellungen/Temporary Internet Files/Content.IE5/0KBDY5Y3/main[1].htm <<< Contains signature of the Java script virus JS/Agent.YA.1 [deleted]


ALERT: [EXP/Pidief.zak] /media/Devices/sda1/Dokumente und Einstellungen/NetworkService/Lokale Einstellungen/Temporary Internet Files/Content.IE5/2JH40MR0/18d80[1].pdf <<< Contains signature of the exploits EXP/Pidief.zak [deleted]


ALERT: [EXP/2010-3552.E] /media/Devices/sda1/Dokumente und Einstellungen/NetworkService/Lokale Einstellungen/Temporary Internet Files/Content.IE5/2JH40MR0/showthreat[1].htm <<< Contains signature of the exploits EXP/2010-3552.E [deleted]


ALERT: [JS/Agent.ajs] /media/Devices/sda1/Dokumente und Einstellungen/NetworkService/Lokale Einstellungen/Temporary Internet Files/Content.IE5/DE54FGXU/forum[1].htm <<< Contains signature of the Java script virus JS/Agent.ajs [deleted]


ALERT: [TR/Drop.Sirefef.B.762] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/1.exe <<< Is the Trojan horse TR/Drop.Sirefef.B.762 [deleted]


ALERT: [JS/Dldr.Small.AV] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/1.js <<< Contains signature of the Java script virus JS/Dldr.Small.AV [deleted]


ALERT: [TR/Crypt.ZPACK.Gen2] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/Adobe/plugs/mmc176857500.txt <<< Is the Trojan horse TR/Crypt.ZPACK.Gen2 [deleted]


ALERT: [TR/Agent.57344.287] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/Adobe/plugs/mmc176868687.txt <<< Is the Trojan horse TR/Agent.57344.287 [deleted]


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/021ACF16-B511-480C-8452-A9B5B44B16F4/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/0CAE36B9-2F53-4D1B-8F5B-CAAF207A9DD8/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/35AA2005-6AA6-4DD0-8574-3F0B68965F6B/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/41A38A3C-3AC1-4FB9-B954-86EBE46596F7/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/C1A59315-E86C-4DD9-9C88-1A9B205B8DAF/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/D3AAE88B-490F-443A-92AE-6A87B426BFB4/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/DD76F126-F74D-4A9C-BB3D-0128DC139B4D/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/F3F0FE29-ACDE-45DE-8AB3-55F1AD9FA569/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/5BFA70DD-3788-4B4B-89EF-385680506BF0/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/7207E74E-7780-4C0C-A5E4-88B4DF03E648/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/75D73B55-1C14-4EE3-B645-13AC7C8BC51D/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/83BF4069-2F63-47C8-9DF2-FE9DABAC2988/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/844DBF3E-6170-441B-B095-C5F2AF5400F2/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/B02F9D0E-74A3-4FF4-BA55-30AA3FD3CA02/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/B3785413-4608-4294-B928-F4513A5D5954/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/B4F53095-A2D7-4D68-AF6D-C87023E8CC50/1/mnavdce_0480x0272_xx_x.cab


WARNING: [Bad archive header] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/GoPal Assistant/Library/B522CE8E-FD00-45D1-8320-85CA07663468/1/mnavdce_0480x0272_xx_x.cab


ALERT: [TR/Ransom.OC] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/Sun/Java/Deployment/cache/6.0/5/1c1def45-29f22d28 <<< Is the Trojan horse TR/Ransom.OC [deleted]


ALERT: [TR/Ransom.OC] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/Sun/Java/Deployment/cache/6.0/5/1c1def45-69a34dd0 <<< Is the Trojan horse TR/Ransom.OC [deleted]


ALERT: [Java/Agent.hzs.3] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Anwendungsdaten/Sun/Java/Deployment/cache/6.0/40/6f7c29e8-41ef736d <<< Contains signature of the Java virus JAVA/Agent.hzs.3 [deleted]


ALERT: [TR/Ransom.OC] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Lokale Einstellungen/Temp/0.7051443936850037.exe <<< Is the Trojan horse TR/Ransom.OC [deleted]


ALERT: [TR/Ransom.OC] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Lokale Einstellungen/Temp/0.9699368952818136.exe <<< Is the Trojan horse TR/Ransom.OC [deleted]


WARNING: [Bad compressed data] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Lokale Einstellungen/Temp/UpdatePack.exe


WARNING: [Error reading file] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Lokale Einstellungen/Temp/{9373981B-8AD7-4E75-89A9-6E1667CD5B7F}-chrome_installer.exe


ALERT: [EXP/CVE-2010-0840.D] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Lokale Einstellungen/Temp/jar_cache5598896628197432897.tmp --> bingo/nikon.class <<< Contains signature of the exploits EXP/CVE-2010-0840.D [archive scan abort]


ALERT: [JS/iFrame.GV] /media/Devices/sda1/Dokumente und Einstellungen/BENUTZERNAME/Lokale Einstellungen/Temporary Internet Files/Content.IE5/SN4Q4KS9/minijtools[1].js <<< Contains signature of the Java script virus JS/iFrame.GV [deleted]


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/MSWorks/Redist/IE6/ient_s4.cab --> IENT_4.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/MSWorks/Redist/IE6/ient_s1.cab --> IENT_1.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/MSWorks/Redist/IE6/ient_s2.cab --> IENT_2.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/MSWorks/Redist/IE6/ient_s3.cab --> IENT_3.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/MSWorks/Redist/IE6/ient_s5.cab --> IENT_5.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/MSWorks/Redist/IE6/ient_s6.cab --> IENT_6.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/MSWorks/Redist/IE6/ie_s1.cab --> IE_1.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/MSWorks/Redist/IE6/ie_s2.cab --> IE_2.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/MSWorks/Redist/IE6/ie_s3.cab --> IE_3.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/MSWorks/Redist/IE6/ie_s4.cab --> IE_4.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/MSWorks/Redist/IE6/ie_s5.cab --> IE_5.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/MSWorks/Redist/IE6/ie_s6.cab --> IE_6.CAB


WARNING: [Unsupported archive version] /media/Devices/sda1/Programme/OFPS_PhotoPorst/uninst.exe


WARNING: [Unexpected end of file] /media/Devices/sda1/Programme/MAGIX/MAGIX-Fotobuch/uninstall.exe


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/recover/MSWorks/Redist/IE6/ient_s4.cab --> IENT_4.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/recover/MSWorks/Redist/IE6/ient_s1.cab --> IENT_1.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/recover/MSWorks/Redist/IE6/ient_s2.cab --> IENT_2.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/recover/MSWorks/Redist/IE6/ient_s3.cab --> IENT_3.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/recover/MSWorks/Redist/IE6/ient_s5.cab --> IENT_5.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/recover/MSWorks/Redist/IE6/ient_s6.cab --> IENT_6.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/recover/MSWorks/Redist/IE6/ie_s1.cab --> IE_1.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/recover/MSWorks/Redist/IE6/ie_s2.cab --> IE_2.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/recover/MSWorks/Redist/IE6/ie_s3.cab --> IE_3.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/recover/MSWorks/Redist/IE6/ie_s4.cab --> IE_4.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/recover/MSWorks/Redist/IE6/ie_s5.cab --> IE_5.CAB


WARNING: [The files in archive are multiple volume] /media/Devices/sda1/recover/MSWorks/Redist/IE6/ie_s6.cab --> IE_6.CAB


ALERT: [TR/Gendal.KD.340468] /media/Devices/sda1/System Volume Information/_restore{660788EE-317D-46D2-9CE8-CBE96ACFBE2D}/RP490/A0187429.exe <<< Is the Trojan horse TR/Gendal.KD.340468 [deleted]


ALERT: [TR/Ransom.DU.52] /media/Devices/sda1/System Volume Information/_restore{660788EE-317D-46D2-9CE8-CBE96ACFBE2D}/RP491/A0194449.exe <<< Is the Trojan horse TR/Ransom.DU.52 [deleted]


ALERT: [TR/Dldr.Bredolab.AJ.12] /media/Devices/sda1/WINDOWS/Temp/ldcfve/setup.exe <<< Is the Trojan horse TR/Dldr.Bredolab.AJ.12 [deleted]


ALERT: [TR/Dldr.Bredolab.AJ.12] /media/Devices/sda1/WINDOWS/Temp/svchost.exe <<< Is the Trojan horse TR/Dldr.Bredolab.AJ.12 [deleted]


ALERT: [TR/Gendal.kdv.360534] /media/Devices/sda1/WINDOWS/system32/0.9624240085117564.exe <<< Is the Trojan horse TR/Gendal.kdv.360534 [deleted]


Statistics :
Directories............... : 16069
Archives.................. : 13151
Files..................... : 743897
Infected.............. : 24
Deleted........... : 24
Warnings.............. : 45
Suspicious............ : 0
Infections................ : 24
         
Nach dem Scan habe ich den Rechner neu gestartet, das BKA Fenster ist immer noch vorhanden.

Da ich bisher nichts anderes machen konnte, habe ich mir OTLPENET.exe geladen, die CD gebrannt und den Scan wie hier beschrieben:
http://www.trojaner-board.de/103409-...-srep-exe.html durchgeführt.
Hier die Logfiles:
OTL.txt
Code:
ATTFilter
OTL logfile created on: 9/27/2011 8:45:13 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111.79 Gb Total Space | 10.68 Gb Free Space | 9.56% Space Free | Partition Type: NTFS
Drive D: | 3.84 Gb Total Space | 0.44 Gb Free Space | 11.36% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled] --  -- (HidServ)
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2010/08/02 10:14:12 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 10:14:04 | 000,403,624 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010/08/02 10:14:03 | 000,339,624 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010/08/02 10:14:02 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2005/11/17 08:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005/01/27 11:33:58 | 000,036,864 | ---- | M] () [Auto] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)
SRV - [2004/10/21 21:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 17:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2010/08/02 10:14:21 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/08/02 10:14:21 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 09:30:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 09:30:13 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2006/05/10 11:00:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/17 10:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/04 15:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/22 19:27:10 | 000,488,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/02/27 10:00:50 | 000,034,880 | ---- | M] (O2Micro ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2006/02/20 11:01:06 | 000,029,056 | ---- | M] (O2Micro ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2006/01/20 07:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/09/30 05:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/18 11:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/fsc/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/fsc/
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\BENUTZERNAME_ON_C\Software\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com
IE - HKU\BENUTZERNAME_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKU\BENUTZERNAME_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\BENUTZERNAME_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\BENUTZERNAME_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\BENUTZERNAME_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\BENUTZERNAME_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\BENUTZERNAME_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\BENUTZERNAME_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\BENUTZERNAME_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = syspci:8080
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7B5530BC-089A-4F32-AC84-6FDDCCEC668A}: C:\Dokumente und Einstellungen\BENUTZERNAME\Lokale Einstellungen\Anwendungsdaten\{7B5530BC-089A-4F32-AC84-6FDDCCEC668A} [2011/09/15 14:34:39 | 000,000,000 | ---D | M]
 
 
Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\BENUTZERNAME_ON_C\..\Toolbar\WebBrowser: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - No CLSID value found.
O3 - HKU\BENUTZERNAME_ON_C\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\BENUTZERNAME_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Fbabuhogajimo] C:\WINDOWS\akeziqip.dll (Winbond Electronics Corp.)
O4 - HKLM..\Run: [Google Updater] C:\Programme\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PhilipsDM\SA1916] C:\Programme\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe (Koninklijke Philips Electronics N.V.)
O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKU\Gast_ON_C..\Run: [AOLMIcon]  File not found
O4 - HKU\BENUTZERNAME_ON_C..\Run: [FreeYouTubeToMP3Converter] C:\Programme\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe (DVDVideoSoft Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\t@x aktuell.lnk = C:\Programme\Buhl finance\tax Steuersoftware 2011\taxaktuell.exe ()
F3 - HKU\BENUTZERNAME_ON_C WinNT: Run - (C:\DOKUME~1\RALPHK~1\ANWEND~1\start.js) - C:\DOKUME~1\RALPHK~1\ANWEND~1\start.js ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Gast_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\BENUTZERNAME_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\BENUTZERNAME\Lokale Einstellungen\Anwendungsdaten\Bundes\bundes.exe) - C:\Dokumente und Einstellungen\BENUTZERNAME\Lokale Einstellungen\Anwendungsdaten\Bundes\bundes.exe (Bundes)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/06 02:28:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/09/26 06:32:14 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011/09/26 06:32:14 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
[2011/09/26 06:32:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies
[2011/09/26 06:32:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2011/09/26 06:32:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2011/09/26 06:32:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ATI
[2011/09/26 06:32:13 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo
[2011/09/26 06:32:13 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2011/09/26 06:32:13 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör
[2011/09/26 06:32:13 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü
[2011/09/26 06:32:13 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten
[2011/09/26 06:32:13 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Musik
[2011/09/26 06:32:13 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
[2011/09/26 06:32:13 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Bilder
[2011/09/26 06:32:13 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart
[2011/09/26 06:32:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen
[2011/09/26 06:32:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
[2011/09/26 06:32:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
[2011/09/26 06:32:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
[2011/09/26 06:32:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\My MAGIX Online Druck Service (FS) Files
[2011/09/26 06:32:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2011/09/26 06:32:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\MAGIX Online Druck Service (FS)
[2011/09/26 06:32:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop
[2011/09/26 06:32:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ATI
[2011/09/26 06:32:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2011/09/26 06:32:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
[2011/09/23 16:30:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Lokale Einstellungen\Anwendungsdaten\Bundes
[2011/09/23 16:28:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Bundes
[2011/09/23 16:25:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\Avira
[2011/09/23 16:23:47 | 000,833,024 | ---- | C] (Bundes) -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\4647888.exe
[2011/09/23 08:42:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011/09/23 08:41:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/09/23 08:41:50 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/09/23 08:41:49 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/09/23 08:41:49 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/09/23 08:41:49 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/09/23 08:41:48 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011/09/23 08:41:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011/09/15 14:34:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Lokale Einstellungen\Anwendungsdaten\{7B5530BC-089A-4F32-AC84-6FDDCCEC668A}
[2011/09/10 11:20:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
[2011/09/10 11:19:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun
[2011/09/10 06:37:18 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\NetworkService\Favoriten
[2011/09/09 15:04:30 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\LocalService\Favoriten
[2011/09/09 15:04:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2011/09/08 16:49:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\NetworkService\IETldCache
[2011/09/08 14:20:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2011/09/08 14:20:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2011/09/03 06:17:13 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/09/26 08:41:05 | 000,001,230 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3129971994-70950667-931495889-1007UA.job
[2011/09/26 08:32:05 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/26 06:49:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/26 06:49:38 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/26 06:46:02 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/26 06:45:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/26 06:45:42 | 2011,328,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/23 16:23:58 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\9345341.exe
[2011/09/23 16:23:58 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\8136415.exe
[2011/09/23 16:23:58 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\6035124.exe
[2011/09/23 16:23:58 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\4866955.exe
[2011/09/23 16:23:50 | 000,833,024 | ---- | M] (Bundes) -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\4647888.exe
[2011/09/23 10:02:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/23 08:56:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lpuhukelikufevo.bin
[2011/09/23 08:42:25 | 000,001,677 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/09/23 08:42:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011/09/15 15:02:07 | 000,000,008 | ---- | M] () -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\vu0v1ngvksmncbwa.dat
[2011/09/15 14:34:51 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Vwofequwa.dat
[2011/09/10 06:54:38 | 000,038,654 | ---- | M] () -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\start.js
[2011/09/09 11:41:04 | 000,001,178 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3129971994-70950667-931495889-1007Core.job
[2011/09/08 14:09:01 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/03 17:44:10 | 000,002,387 | ---- | M] () -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 17:44:09 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\BENUTZERNAME\Desktop\Google Chrome.lnk
[2011/09/03 06:17:13 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/30 14:23:19 | 000,001,152 | ---- | M] () -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\wklnhst.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/09/26 06:45:42 | 2011,328,512 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/26 06:32:24 | 000,001,331 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011/09/26 06:32:24 | 000,000,765 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Internet Explorer Browser starten.lnk
[2011/09/26 06:32:24 | 000,000,079 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2011/09/26 06:32:17 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011/09/26 06:32:15 | 000,001,605 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk
[2011/09/26 06:32:15 | 000,000,778 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Windows Media Player.lnk
[2011/09/26 06:32:15 | 000,000,753 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Internet Explorer.lnk
[2011/09/26 06:32:15 | 000,000,724 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Outlook Express.lnk
[2011/09/23 16:23:58 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\9345341.exe
[2011/09/23 16:23:58 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\8136415.exe
[2011/09/23 16:23:58 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\6035124.exe
[2011/09/23 16:23:58 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\4866955.exe
[2011/09/23 08:42:25 | 000,001,677 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/09/15 15:02:07 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\vu0v1ngvksmncbwa.dat
[2011/09/15 14:34:51 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vwofequwa.dat
[2011/09/15 14:34:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lpuhukelikufevo.bin
[2011/09/08 14:28:03 | 000,038,654 | ---- | C] () -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\start.js
[2011/09/08 14:23:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/09 13:32:03 | 000,000,649 | ---- | C] () -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\BeckLStTab.ini
[2011/02/09 13:32:03 | 000,000,050 | ---- | C] () -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\newCOMer.ini
[2010/02/03 03:27:02 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\$_hpcst$.hpc
[2010/02/03 03:26:19 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/26 17:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 17:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 17:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 16:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 16:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/17 07:55:40 | 000,000,052 | ---- | C] () -- C:\WINDOWS\videodeLuxe.INI
[2008/05/17 07:01:19 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008/02/03 12:30:53 | 000,000,739 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2007/11/18 14:58:28 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2007/11/02 12:25:25 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\$_hpcst$.hpc
[2007/08/11 08:12:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2007/05/20 14:01:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/03/11 13:09:27 | 000,000,279 | ---- | C] () -- C:\WINDOWS\BUHL.INI
[2007/01/08 07:31:28 | 000,000,282 | ---- | C] () -- C:\WINDOWS\P2kRotate.ini
[2006/12/20 09:56:59 | 000,000,244 | ---- | C] () -- C:\WINDOWS\kodakpcd.BENUTZERNAME.ini
[2006/10/27 11:02:14 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/10/27 11:02:14 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/10/27 11:02:13 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/10/27 11:00:36 | 000,000,803 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/10/27 11:00:36 | 000,000,148 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/10/27 11:00:36 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat
[2006/10/27 10:59:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2006/10/27 10:57:59 | 000,027,114 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/10/23 11:47:29 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006/10/15 09:23:54 | 000,001,152 | ---- | C] () -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\wklnhst.dat
[2006/10/03 14:04:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/10/03 07:45:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/03 07:45:46 | 000,053,760 | ---- | C] () -- C:\Dokumente und Einstellungen\BENUTZERNAME\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/03 04:15:42 | 000,042,893 | ---- | C] () -- C:\WINDOWS\System32\compare.dat
[2006/10/03 04:15:11 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\BENUTZERNAME\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/07/06 05:25:28 | 000,125,796 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/07/06 05:25:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/07/06 05:25:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/07/06 05:25:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/07/06 05:25:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/07/06 05:25:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2006/07/06 05:25:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/07/06 05:25:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/07/06 05:25:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/07/06 05:25:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/07/06 05:22:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2006/07/06 05:22:26 | 000,489,680 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/07/06 05:22:26 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/07/06 05:22:26 | 000,096,866 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/07/06 05:22:26 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/07/06 05:22:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/06 05:22:11 | 000,446,152 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/06 05:22:11 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/06 05:22:11 | 000,073,358 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/06 05:22:11 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/06 05:22:11 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/06 05:22:10 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/06 05:22:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/06 05:22:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/06 05:22:06 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/06 05:22:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/06 05:21:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/06 03:41:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/06 03:27:58 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/06 03:23:27 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/07/06 03:21:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/06 03:21:09 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/07/06 03:20:39 | 000,225,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/06 03:20:33 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006/07/06 03:12:52 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/07/06 02:31:41 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/06 02:30:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/06 02:26:39 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/06 02:25:30 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/27 11:33:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe
[2005/01/21 07:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 04:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
 
========== LOP Check ==========
 
[2007/04/22 11:07:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\BDEDIT
[2007/04/22 10:30:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\BDHTHELP
[2008/02/03 12:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\Buhl Data Service
[2011/08/16 14:48:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\DVDVideoSoft
[2011/08/16 14:47:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\DVDVideoSoftIEHelpers
[2007/11/02 12:26:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\GoPal Assistant
[2007/09/28 15:15:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\ICQ
[2007/06/28 12:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\ICQ Toolbar
[2007/06/28 12:21:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\ICQLite
[2010/02/22 12:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\MAGIX
[2006/11/04 07:18:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\MSNInstaller
[2011/09/15 14:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\PriceGong
[2011/05/09 14:35:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\Quest3D
[2008/05/14 13:34:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\ScanSoft
[2007/03/11 13:18:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\tax
[2006/10/15 09:23:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\Template
[2010/03/17 06:46:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\Windows Desktop Search
[2010/03/19 13:12:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\BENUTZERNAME\Anwendungsdaten\Windows Search
[2009/01/01 06:16:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2008/05/17 07:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2006/10/27 10:57:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2006/10/14 02:58:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007/03/11 13:13:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tax
[2010/10/20 09:01:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
 
========== Purity Check ==========
 
 
< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 9/27/2011 8:45:13 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111.79 Gb Total Space | 10.68 Gb Free Space | 9.56% Space Free | Partition Type: NTFS
Drive D: | 3.84 Gb Total Space | 0.44 Gb Free Space | 11.36% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Programme\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Programme\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\OFPS_PhotoPorst\ofps.exe" = C:\Programme\OFPS_PhotoPorst\ofps.exe:*:Enabled:Online Foto Print System -- (CoreDevelopment)
"C:\Programme\PPLive\PPLive.exe" = C:\Programme\PPLive\PPLive.exe:*:Enabled:PPLive
"C:\Programme\Outlook Express\msimn.exe" = C:\Programme\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\WINDOWS\TEMP\aawgnq\setup.exe" = C:\WINDOWS\TEMP\aawgnq\setup.exe:*:Enabled:ldrsoft
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Camera Window DVC
"{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery Zweckform DesignPro 2000
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4C23837C-993E-11D4-9DE0-0060085C158A}" = KODAK Picture CD
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57B18739-7A22-44D7-A263-6E2A2180D3BC}" = Philips SA19XX Device Manager
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{6756C033-2983-42BC-B8EF-DEAD30871B52}" = Apple QuickTime-Installationsprogramm
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = MovieEdit Task
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Camera Window DS
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{89EB3ED7-225A-412E-B048-623D502C000F}" = Camera Window MC
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91CA8C77-30FC-4AAF-B2EE-F51B0746D95C}" = ATI Catalyst Control Center
"{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Internet Library
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien
"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CBA4E6-436E-4B51-9651-93830EE38616}" = Windows Messenger 5.1 MUI Pack
"{FD9D4CA5-8F97-44A0-B17E-C2C77C824FA4}" = funScreenScraping Client Version
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Premium
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE (D)
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.2
"MAGIX Fotos auf CD & DVD 7 D" = MAGIX Fotos auf CD & DVD 7 7.0.2.0 (D)
"MAGIX Fotos auf CD D" = MAGIX Fotos auf CD (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Media Suite - Standard Edition D" = MAGIX Media Suite - Standard Edition (D)
"MAGIX mp3 maker SE D" = MAGIX mp3 maker SE (D)
"MAGIX Online Druck Service (FS)" = MAGIX Online Druck Service (FS) 
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Video deLuxe SE D" = MAGIX Video deLuxe SE (D)
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey" = NeroVision Express Content
"Online Foto Print System (phporst)" = Online Foto Print System ( Online Foto Print System (Photo Porst) )
"Quest3Dvisulizer_inst_final" = visulizer_inst_final
"QuickTime" = QuickTime
"Sieben Zwerge - Das Brettspiel XS" = Sieben Zwerge - Das Brettspiel XS
"SMSERIAL" = Motorola SM56 Data Fax Modem
"VLC media player" = VLC media player 1.1.4
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\BENUTZERNAME_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
< End of report >
         
Leider habe ich an dieser Stelle keine Ahnung mehr. Ich hoffe ihr könnt mir helfen?

Vielen Dank!

Gruß
Bismosa

 

Themen zu BKA Trojaner
0x00000001, administrator, bho, bundes, canon, conduit, converter, desktop, dvdvideosoft ltd., error, explorer, file, firefox, flash player, helper, hijack, homepage, internet, java virus, launch, nvidia, plug-in, realtek, registry, rundll, sched.exe, script virus, security, shell32.dll, software, system, tcp, trojan, trojane, trojaner, udp, windows internet, windows xp




Zum Thema BKA Trojaner - Hallo! Ich habe einen Rechner vom Kollegen mit dem BKA-Virus. Ich habe mit einer aktuellen AntiVir-BootCD das System vollständig gescannt und es wurden auch diverse Funde verzeichnet: Code: Alles auswählen - BKA Trojaner...
Archiv
Du betrachtest: BKA Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.