Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner unter winxp

GVU Trojaner unter winxp


Log-Analyse und Auswertung: GVU Trojaner unter winxp

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 18.05.2012, 12:26   #1
jens1234
 
GVU Trojaner unter winxp - Standard

GVU Trojaner unter winxp


Hallo wer kann mir helfen, habe mir nen GVU Trojaner eingefanden

hier die logfile


Code:
ATTFilter
OTL logfile created on: 5/18/2012 2:19:47 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWSS | %ProgramFiles% = C:\Programme
Drive C: | 186.30 Gb Total Space | 135.76 Gb Free Space | 72.87% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2012/02/29 19:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/10 00:18:44 | 000,482,992 | ---- | M] (Crawler.com) [Auto] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2011/10/24 16:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/07/03 05:21:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 01:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/04/13 22:23:01 | 000,073,796 | ---- | M] (Smart Link) [Auto] -- C:\WINDOWSS\System32\slserv.exe -- (SLService)
SRV - [2005/08/10 02:48:02 | 000,110,592 | ---- | M] (NVIDIA) [Auto] -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (FXDRV)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2011/07/29 08:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWSS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 08:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWSS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/03 05:21:58 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWSS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/03 05:21:58 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWSS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/21 06:24:06 | 000,032,768 | ---- | M] () [Kernel | System] -- C:\WINDOWSS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011/06/14 13:38:12 | 006,359,656 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWSS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/04/08 20:30:28 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWSS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2010/04/08 20:30:28 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWSS\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2010/03/04 12:02:10 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWSS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010/03/04 12:02:08 | 000,070,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWSS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/11/18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWSS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWSS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/08 11:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWSS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/09/29 10:05:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2006/11/04 00:45:48 | 000,178,913 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWSS\system32\drivers\V0260Vid.sys -- (V0260VID)
DRV - [2005/08/10 02:49:50 | 000,006,656 | ---- | M] (NVidia Corp.) [Kernel | On_Demand] -- C:\WINDOWSS\nvoclock.sys -- (NVR0Dev)
DRV - [2005/01/07 11:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWSS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/03 17:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand] -- C:\WINDOWSS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/03 17:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand] -- C:\WINDOWSS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/08/03 17:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand] -- C:\WINDOWSS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/03 17:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand] -- C:\WINDOWSS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/03 17:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand] -- C:\WINDOWSS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/03 17:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot] -- C:\WINDOWSS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2004/08/03 17:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand] -- C:\WINDOWSS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Jens_Kaiser_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Jens_Kaiser_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKU\Jens_Kaiser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Jens_Kaiser_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Jens_Kaiser_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKU\Jens_Kaiser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Jens_Kaiser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWSS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWSS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWSS\system32\09032 [2012/04/21 10:49:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/01/08 15:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2012/01/08 15:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/12/21 03:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/12/21 01:08:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/21 01:02:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/12/21 01:08:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/21 01:08:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/21 01:08:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/21 01:08:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWSS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWSS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWSS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWSS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Programme\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Panda Media Booster ] C:\Dokumente und Einstellungen\****\Anwendungsdaten\392477b.exe (Lomography is a global community whose strong passion is creative and experimental analogue film photography)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKU\Jens_Kaiser_ON_C..\Run: [Panda Media Booster ] C:\Dokumente und Einstellungen\****\Anwendungsdaten\392477b.exe (Lomography is a global community whose strong passion is creative and experimental analogue film photography)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jens_Kaiser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jens_Kaiser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Jens_Kaiser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1
O7 - HKU\Jens_Kaiser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Jens_Kaiser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - ("C:\Dokumente und Einstellungen\****\Anwendungsdaten\392477b.exe") - C:\Dokumente und Einstellungen\****\Anwendungsdaten\392477b.exe (Lomography is a global community whose strong passion is creative and experimental analogue film photography)
O20 - HKU\Jens_Kaiser_ON_C Winlogon: Shell - ("C:\Dokumente und Einstellungen\****\Anwendungsdaten\392477b.exe") - C:\Dokumente und Einstellungen\****\Anwendungsdaten\392477b.exe (Lomography is a global community whose strong passion is creative and experimental analogue film photography)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/29 18:02:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWSS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWSS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWSS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWSS\system32\Rundll32.exe c:\WINDOWSS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWSS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWSS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWSS\system32\rundll32.exe" "C:\WINDOWSS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe - (Brother Industries, Ltd.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^****^Startmenü^Programme^Autostart^Spamihilator.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: ControlCenter2.0 - hkey= - key= - C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NVIDIA nTune - hkey= - key= - C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
MsConfig - StartUpReg: nwiz - hkey= - key= - C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
MsConfig - StartUpReg: Osrik.exe - hkey= - key= - C:\PoW24\Osrik.exe (Power-of-World | Service Center Sonneberg | Volkach | hxxp://www.PoW24.de)
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SetDefPrt - hkey= - key= - C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/17 14:28:03 | 000,000,000 | ---D | C] -- C:\7fd7242712c0ef686fab67b92cdca17a
[2012/05/17 07:11:21 | 000,000,000 | ---D | C] -- C:\WINDOWSS\Minidump
[2012/05/17 05:19:59 | 000,155,918 | ---- | C] (Lomography is a global community whose strong passion is creative and experimental analogue film photography) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\392477b.exe
[2012/05/05 12:26:59 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\****\Recent
[2012/05/04 01:23:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Searches
[2012/05/04 01:23:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Contacts
[2012/05/04 01:23:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Anwendungsdaten\Macromedia
[2012/05/04 01:23:18 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Anwendungsdaten\Microsoft
[2012/05/04 01:23:18 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Anwendungsdaten
[2012/05/04 01:23:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Cookies
[2012/05/04 01:23:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Desktop
[2012/05/04 01:23:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Druckumgebung
[2012/05/04 01:23:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Favoriten
[2012/05/04 01:23:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2012/05/04 01:22:48 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Lokale Einstellungen
[2012/05/04 01:22:46 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Netzwerkumgebung
[2012/05/04 01:22:44 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Recent
[2012/05/04 01:22:43 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\SendTo
[2012/05/04 01:22:38 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Startmenü\Programme\Autostart
[2012/05/04 01:22:33 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Startmenü\Programme\Zubehör
[2012/05/04 01:22:33 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Startmenü
[2012/05/04 01:22:31 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\UpdatusUser\Vorlagen
[2012/05/04 01:22:11 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrshe.dll
[2012/05/04 01:22:11 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsfr.dll
[2012/05/04 01:22:11 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsit.dll
[2012/05/04 01:22:11 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrses.dll
[2012/05/04 01:22:11 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrspt.dll
[2012/05/04 01:22:11 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsnl.dll
[2012/05/04 01:22:11 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsja.dll
[2012/05/04 01:22:11 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsesm.dll
[2012/05/04 01:22:11 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsru.dll
[2012/05/04 01:22:11 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsptb.dll
[2012/05/04 01:22:11 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsko.dll
[2012/05/04 01:22:11 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrshu.dll
[2012/05/04 01:22:11 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrstr.dll
[2012/05/04 01:22:11 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrssl.dll
[2012/05/04 01:22:11 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrssk.dll
[2012/05/04 01:22:11 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrspl.dll
[2012/05/04 01:22:11 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsth.dll
[2012/05/04 01:22:11 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrssv.dll
[2012/05/04 01:22:11 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsno.dll
[2012/05/04 01:22:11 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsfi.dll
[2012/05/04 01:22:11 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrszhc.dll
[2012/05/04 01:22:11 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrszht.dll
[2012/05/04 01:22:10 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsar.dll
[2012/05/04 01:22:10 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsel.dll
[2012/05/04 01:22:10 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsde.dll
[2012/05/04 01:22:10 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrsda.dll
[2012/05/04 01:22:10 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrseng.dll
[2012/05/04 01:22:10 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvrscs.dll
[2012/05/04 01:22:10 | 000,143,680 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvcolor.exe
[2012/05/04 01:22:09 | 015,494,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvcpl.dll
[2012/05/04 01:22:09 | 000,108,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvmctray.dll
[2012/05/04 01:22:04 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvwddi.dll
[2012/05/04 01:20:02 | 001,000,256 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvdispco32.dll
[2012/05/04 01:20:02 | 000,881,984 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\nvgenco32.dll
[2012/05/03 17:19:51 | 000,755,200 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWSS\System32\cohelper.dll
[2012/05/03 16:02:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Easeware
[2012/05/03 16:02:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DriverEasy
[2012/05/03 16:02:10 | 000,000,000 | ---D | C] -- C:\Programme\Easeware
[2012/05/02 17:32:36 | 000,000,000 | ---D | C] -- C:\PoW24
[2012/05/02 17:22:21 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2012/05/02 16:57:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\****\Startmenü\Programme\Verwaltung
[2012/05/02 16:48:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SIW
[2012/05/02 16:48:41 | 000,000,000 | ---D | C] -- C:\Programme\SIW
[2012/05/02 16:26:14 | 000,000,000 | ---D | C] -- C:\WINDOWSS\pss
[2012/05/02 15:31:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
[2012/05/02 15:31:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012/05/02 15:31:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012/05/02 15:31:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWSS\System32\drivers\mbam.sys
[2012/05/02 15:31:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012/04/29 13:23:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GridinSoft Trojan Killer
[2012/04/29 13:23:22 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer
[2012/04/21 10:50:32 | 000,000,000 | ---D | C] -- C:\WINDOWSS\System32\UAs
[2012/04/21 10:49:50 | 000,000,000 | ---D | C] -- C:\WINDOWSS\System32\09032
[2012/04/21 10:49:35 | 000,000,000 | ---D | C] -- C:\WINDOWSS\System32\kock
[7 C:\WINDOWSS\System32\*.tmp files -> C:\WINDOWSS\System32\*.tmp -> ]
[6 C:\WINDOWSS\*.tmp files -> C:\WINDOWSS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/18 06:40:03 | 000,001,096 | ---- | M] () -- C:\WINDOWSS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/18 06:40:00 | 000,003,072 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\panda.dll
[2012/05/18 06:39:55 | 000,002,048 | --S- | M] () -- C:\WINDOWSS\bootstat.dat
[2012/05/17 15:48:46 | 000,000,566 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\SIW.lnk
[2012/05/17 15:06:00 | 000,001,100 | ---- | M] () -- C:\WINDOWSS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/17 15:05:01 | 000,001,234 | ---- | M] () -- C:\WINDOWSS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-842925246-725345543-1004UA.job
[2012/05/17 14:38:12 | 000,553,044 | ---- | M] () -- C:\WINDOWSS\System32\perfh007.dat
[2012/05/17 14:38:12 | 000,524,080 | ---- | M] () -- C:\WINDOWSS\System32\perfh009.dat
[2012/05/17 14:38:12 | 000,116,612 | ---- | M] () -- C:\WINDOWSS\System32\perfc007.dat
[2012/05/17 14:38:12 | 000,096,752 | ---- | M] () -- C:\WINDOWSS\System32\perfc009.dat
[2012/05/17 05:19:58 | 000,155,918 | ---- | M] (Lomography is a global community whose strong passion is creative and experimental analogue film photography) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\392477b.exe
[2012/05/16 22:05:00 | 000,001,182 | ---- | M] () -- C:\WINDOWSS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-842925246-725345543-1004Core.job
[2012/05/16 20:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWSS\tasks\AdobeAAMUpdater-1.0-JENS-1D21B0ED72-****.job
[2012/05/16 12:41:46 | 000,013,684 | ---- | M] () -- C:\WINDOWSS\System32\wpa.dbl
[2012/05/12 10:32:06 | 003,442,968 | ---- | M] () -- C:\WINDOWSS\System32\FNTCACHE.DAT
[2012/05/12 04:14:41 | 000,072,547 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Seat.JPG
[2012/05/12 04:02:26 | 000,001,374 | ---- | M] () -- C:\WINDOWSS\imsins.BAK
[2012/05/12 03:54:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
[2012/05/11 12:25:11 | 000,000,822 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\repdoc Katalog.lnk
[2012/05/11 12:25:11 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\repdoc Katalog.lnk
[2012/05/04 01:21:10 | 000,293,992 | ---- | M] () -- C:\WINDOWSS\System32\nvdrsdb0.bin
[2012/05/04 01:21:10 | 000,000,001 | ---- | M] () -- C:\WINDOWSS\System32\nvdrssel.bin
[2012/05/04 01:21:06 | 000,293,992 | ---- | M] () -- C:\WINDOWSS\System32\nvdrsdb1.bin
[2012/05/03 17:23:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\NVIDIA Corporation
[2012/05/03 16:16:57 | 000,000,625 | ---- | M] () -- C:\WINDOWSS\cdplayer.ini
[2012/05/03 16:16:26 | 000,001,534 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini
[2012/05/03 16:02:15 | 000,000,402 | ---- | M] () -- C:\WINDOWSS\tasks\DriverEasy Scheduled Scan.job
[2012/05/03 16:02:12 | 000,000,787 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DriverEasy.lnk
[2012/05/03 16:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DriverEasy
[2012/05/02 17:43:28 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[2012/05/02 17:39:20 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[2012/05/02 17:32:49 | 000,002,073 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Osrik.exe.lnk
[2012/05/02 17:32:36 | 000,001,854 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Osrik.lnk
[2012/05/02 17:31:49 | 000,354,304 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\OsrikSetup1411.msi
[2012/05/02 17:22:22 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012/05/02 16:48:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SIW
[2012/05/02 15:31:37 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/02 15:31:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012/05/02 15:23:48 | 000,000,016 | ---- | M] () -- C:\WINDOWSS\System32\blckdom.res
[2012/04/29 13:23:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GridinSoft Trojan Killer
[2012/04/27 01:40:40 | 000,000,018 | ---- | M] () -- C:\WINDOWSS\System32\urhtps.dat
[7 C:\WINDOWSS\System32\*.tmp files -> C:\WINDOWSS\System32\*.tmp -> ]
[6 C:\WINDOWSS\*.tmp files -> C:\WINDOWSS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/17 05:20:00 | 000,003,072 | -H-- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\panda.dll
[2012/05/12 04:10:53 | 000,072,547 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Seat.JPG
[2012/05/12 03:54:57 | 000,001,374 | ---- | C] () -- C:\WINDOWSS\imsins.BAK
[2012/05/04 01:23:40 | 000,001,606 | ---- | C] () -- C:\Dokumente und Einstellungen\UpdatusUser\Startmenü\Programme\Remoteunterstützung.lnk
[2012/05/04 01:23:40 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\UpdatusUser\Startmenü\Programme\Windows Media Player.lnk
[2012/05/04 01:20:02 | 000,007,843 | ---- | C] () -- C:\WINDOWSS\System32\nvinfo.pb
[2012/05/03 17:19:51 | 000,010,084 | ---- | C] () -- C:\WINDOWSS\System32\drivers\nvphy.bin
[2012/05/03 16:02:15 | 000,000,402 | ---- | C] () -- C:\WINDOWSS\tasks\DriverEasy Scheduled Scan.job
[2012/05/03 16:02:12 | 000,000,787 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DriverEasy.lnk
[2012/05/02 17:32:36 | 000,002,073 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Osrik.exe.lnk
[2012/05/02 17:32:36 | 000,001,854 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Osrik.lnk
[2012/05/02 17:31:48 | 000,354,304 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\OsrikSetup1411.msi
[2012/05/02 17:22:22 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012/05/02 16:48:47 | 000,000,566 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\SIW.lnk
[2012/05/02 15:31:37 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/04/27 01:40:40 | 000,000,018 | ---- | C] () -- C:\WINDOWSS\System32\urhtps.dat
[2012/04/21 10:49:45 | 000,000,016 | ---- | C] () -- C:\WINDOWSS\System32\blckdom.res
[2012/02/15 21:09:33 | 000,003,072 | ---- | C] () -- C:\WINDOWSS\System32\iacenc.dll
[2012/02/12 08:46:27 | 000,032,768 | ---- | C] () -- C:\WINDOWSS\System32\drivers\sp_rsdrv2.sys
[2011/12/15 18:51:12 | 002,469,760 | ---- | C] () -- C:\WINDOWSS\System32\BootMan.exe
[2011/12/15 18:51:12 | 000,086,408 | ---- | C] () -- C:\WINDOWSS\System32\setupempdrv03.exe
[2011/12/15 18:51:12 | 000,019,840 | ---- | C] () -- C:\WINDOWSS\System32\EuEpmGdi.dll
[2011/12/15 18:51:12 | 000,013,192 | ---- | C] () -- C:\WINDOWSS\System32\epmntdrv.sys
[2011/12/15 18:51:12 | 000,008,456 | ---- | C] () -- C:\WINDOWSS\System32\EuGdiDrv.sys
[2011/12/09 16:57:51 | 000,103,509 | ---- | C] () -- C:\WINDOWSS\hpoins04.dat
[2011/12/09 16:57:51 | 000,017,176 | ---- | C] () -- C:\WINDOWSS\hpomdl04.dat
[2011/10/09 05:30:52 | 000,000,625 | ---- | C] () -- C:\WINDOWSS\cdplayer.ini
[2011/10/09 05:14:01 | 000,001,534 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini
[2011/09/15 06:32:57 | 000,116,224 | ---- | C] () -- C:\WINDOWSS\System32\pdfcmnnt.dll
[2011/09/15 06:21:23 | 000,081,408 | ---- | C] () -- C:\WINDOWSS\cadkasdeinst01.exe
[2011/08/31 05:12:47 | 000,023,168 | -H-- | C] () -- C:\WINDOWSS\System32\mlfcache.dat
[2011/08/30 04:59:42 | 000,000,469 | ---- | C] () -- C:\WINDOWSS\BRWMARK.INI
[2011/08/30 04:59:42 | 000,000,030 | ---- | C] () -- C:\WINDOWSS\System32\brss01a.ini
[2011/08/30 04:59:42 | 000,000,027 | ---- | C] () -- C:\WINDOWSS\BRPP2KA.INI
[2011/08/30 04:59:06 | 000,000,211 | ---- | C] () -- C:\WINDOWSS\Brpfx04a.ini
[2011/08/30 04:59:06 | 000,000,092 | ---- | C] () -- C:\WINDOWSS\brpcfx.ini
[2011/08/30 04:59:06 | 000,000,050 | ---- | C] () -- C:\WINDOWSS\System32\bridf05a.dat
[2011/08/30 04:58:01 | 000,000,000 | ---- | C] () -- C:\WINDOWSS\brdfxspd.dat
[2011/08/30 04:58:00 | 000,106,496 | ---- | C] () -- C:\WINDOWSS\System32\BrMuSNMP.dll
[2011/08/30 04:56:38 | 000,027,114 | ---- | C] () -- C:\WINDOWSS\maxlink.ini
[2011/07/07 15:54:21 | 000,012,800 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 12:31:34 | 000,293,992 | ---- | C] () -- C:\WINDOWSS\System32\nvdrsdb1.bin
[2011/06/30 12:31:34 | 000,293,992 | ---- | C] () -- C:\WINDOWSS\System32\nvdrsdb0.bin
[2011/06/30 12:31:34 | 000,000,001 | ---- | C] () -- C:\WINDOWSS\System32\nvdrssel.bin
[2011/06/30 12:31:07 | 002,784,050 | ---- | C] () -- C:\WINDOWSS\System32\nvdata.data
[2011/06/30 12:08:26 | 000,049,152 | ---- | C] () -- C:\WINDOWSS\System32\ChCfg.exe
[2011/06/29 21:20:10 | 000,000,169 | ---- | C] () -- C:\WINDOWSS\RtlRack.ini
[2011/06/29 18:52:57 | 000,004,205 | ---- | C] () -- C:\WINDOWSS\ODBCINST.INI
[2011/06/29 18:50:27 | 003,442,968 | ---- | C] () -- C:\WINDOWSS\System32\FNTCACHE.DAT
[2011/06/29 18:26:16 | 000,000,403 | ---- | C] () -- C:\WINDOWSS\ODBC.INI
[2011/06/29 18:04:46 | 000,002,048 | --S- | C] () -- C:\WINDOWSS\bootstat.dat
[2011/06/29 18:00:07 | 000,021,740 | ---- | C] () -- C:\WINDOWSS\System32\emptyregdb.dat
[2010/03/15 17:52:00 | 002,183,470 | ---- | C] () -- C:\WINDOWSS\System32\nvdata.bin
[2005/08/16 10:43:00 | 000,573,440 | ---- | C] () -- C:\WINDOWSS\System32\nvhwvid.dll
[2005/08/16 10:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWSS\System32\nvnt4cpl.dll
[2005/06/21 19:29:34 | 000,217,088 | ---- | C] () -- C:\WINDOWSS\NVGfxOgl.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWSS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWSS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,553,044 | ---- | C] () -- C:\WINDOWSS\System32\perfh007.dat
[2004/08/04 08:00:00 | 000,524,080 | ---- | C] () -- C:\WINDOWSS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWSS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWSS\System32\perfi007.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWSS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,116,612 | ---- | C] () -- C:\WINDOWSS\System32\perfc007.dat
[2004/08/04 08:00:00 | 000,096,752 | ---- | C] () -- C:\WINDOWSS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWSS\System32\mib.bin
[2004/08/04 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWSS\System32\perfd007.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWSS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWSS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWSS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWSS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWSS\System32\noise.dat
[2002/03/04 04:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWSS\System32\Jpeg32.dll
 
========== LOP Check ==========
 
[2011/06/30 11:38:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Bullzip
[2011/09/15 06:21:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\CAD-KAS
[2011/12/06 18:17:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/06 15:39:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/09/10 18:09:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\DVDVideoSoft
[2011/07/06 15:54:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012/05/03 16:02:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Easeware
[2012/04/29 18:14:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\ICQ
[2011/08/30 05:01:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\PDF Writer
[2011/09/15 06:33:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\pdfforge
[2011/12/09 17:07:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\ScanSoft
[2012/01/17 07:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Spamihilator
[2012/02/12 08:46:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Spyware Terminator
[2012/01/06 06:54:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverBoost
[2011/10/09 05:13:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeRIP
[2011/06/29 21:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011/08/30 05:01:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Writer
[2011/12/06 18:04:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2011/08/03 12:04:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2012/05/16 12:43:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
[2011/06/30 11:44:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/03 16:02:15 | 000,000,402 | ---- | M] () -- C:\WINDOWSS\Tasks\DriverEasy Scheduled Scan.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/07/02 21:04:15 | 000,000,000 | ---D | M] -- C:\22d32d1c85e6926a65fbf0
[2012/05/17 14:28:06 | 000,000,000 | ---D | M] -- C:\7fd7242712c0ef686fab67b92cdca17a
[2011/12/08 15:05:00 | 000,000,000 | ---D | M] -- C:\beb993703699b7815dcb8d8f38dcf5
[2011/08/30 04:58:03 | 000,000,000 | ---D | M] -- C:\Brother
[2012/05/17 14:28:35 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2011/07/03 19:37:06 | 000,000,000 | ---D | M] -- C:\Data
[2012/05/04 01:22:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011/12/08 15:05:00 | 000,000,000 | ---D | M] -- C:\e
[2011/07/03 17:17:16 | 000,000,000 | ---D | M] -- C:\Live!Cam
[2012/05/04 01:21:11 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012/05/02 17:32:49 | 000,000,000 | ---D | M] -- C:\PoW24
[2012/05/11 12:24:58 | 000,000,000 | R--D | M] -- C:\Programme
[2012/05/17 15:49:15 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/05/17 14:46:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/12/08 15:05:01 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2012/05/17 15:46:09 | 000,000,000 | ---D | M] -- C:\WINDOWSS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWSS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011/07/03 04:25:38 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWSS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011/07/03 04:25:38 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWSS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWSS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWSS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWSS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/07/03 04:25:38 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWSS\Driver Cache\i386\sp3.cab:atapi.sys
[2011/07/03 04:25:38 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWSS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWSS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWSS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWSS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWSS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWSS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWSS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/08/04 08:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe
[2004/08/04 08:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWSS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWSS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWSS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWSS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWSS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWSS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWSS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWSS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2005/07/26 18:44:46 | 000,098,176 | R--- | M] (NVIDIA Corporation) MD5=303009434D4B31E0E821C624101F8B84 -- C:\WINDOWSS\system32\drivers\nvatabus.sys
 
< MD5 for: NVGTS.SYS  >
[2010/04/08 20:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) MD5=52DCE3B30C9D61C8E20FE3C6DA4BDFB7 -- C:\NVIDIA\nForceWinXPInt\15.56\IDE\WinXP\sata_ide\nvgts.sys
[2010/04/08 20:30:28 | 000,168,040 | ---- | M] (NVIDIA Corporation) MD5=87096913DFB9129144E1038AADFF17EE -- C:\NVIDIA\nForceWinXPInt\15.56\IDE\WinXP\sataraid\nvgts.sys
[2010/04/08 20:30:28 | 000,168,040 | ---- | M] (NVIDIA Corporation) MD5=87096913DFB9129144E1038AADFF17EE -- C:\WINDOWSS\system32\drivers\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWSS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWSS\system32\scecli.dll
[2004/08/04 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWSS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004/08/04 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\user32.dll
[2004/08/04 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWSS\$NtServicePackUninstall$\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWSS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWSS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWSS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWSS\system32\userinit.exe
[2004/08/04 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWSS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 09:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004/08/04 08:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2004/08/04 08:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWSS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWSS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWSS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWSS\system32\dllcache\ws2ifsl.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWSS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2011/06/29 19:40:01 | 000,094,208 | ---- | M] () -- C:\WINDOWSS\System32\config\default.sav
[2011/06/29 19:40:01 | 000,638,976 | ---- | M] () -- C:\WINDOWSS\System32\config\software.sav
[2011/06/29 19:40:01 | 000,466,944 | ---- | M] () -- C:\WINDOWSS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWSS\system32\dnsapi.dll
[2012/03/02 00:00:10 | 011,082,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWSS\system32\ieframe.dll
[2012/03/01 07:00:08 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWSS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWSS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWSS\system32\ntdsapi.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWSS\system32\shell32.dll
[7 C:\WINDOWSS\system32\*.tmp files -> C:\WINDOWSS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
< End of report >
kann mir niemand helfen

mfg jens
Geändert von jens1234 (18.05.2012 um 12:40 Uhr)

 

Themen zu GVU Trojaner unter winxp
.dll, administrator, antivir, avira, bho, bonjour, desktop, disabletaskmgr, einstellungen, error, explorer, firefox, format, google earth, hdaudio.sys, logfile, nvidia update, plug-in, realtek, registry, rundll, scan, server, software, spyware, strong, trojan, trojaner, version=1.0, windows, windows xp, winlogon.exe


« TR/Crypt.ZPACK.Gen8 leere Ordner trotz Beseitigung | Windows Verschluesselung Trojaner »


Ähnliche Themen: GVU Trojaner unter winxp


  1. WinXP SP3 Malware - Virenscanner usw. lassen sich nicht installieren! Dualbootsystem WinXP/Win7
    Log-Analyse und Auswertung - 13.12.2013 (15)
  2. 3 Trojaner auf einmal unter WinXP
    Plagegeister aller Art und deren Bekämpfung - 03.11.2013 (13)
  3. BKA Trojaner blockiert abgesicherten Modus unter WinXP
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (9)
  4. WinXP: BKA-Trojaner füllt Bildschirm voll aus, davor sah ich einen Film an. Trojaner: Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (15)
  5. Trojaner Weelsof.C.187 und Agent.53248.4 unter WinXP
    Log-Analyse und Auswertung - 23.11.2012 (10)
  6. Alte WinXP Partition unter Win7 löschen
    Alles rund um Windows - 25.10.2012 (3)
  7. BKA-Trojaner 1.13 auf winxp
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (19)
  8. WinXP GVU Trojaner 2.07
    Log-Analyse und Auswertung - 17.07.2012 (9)
  9. Unbekannter Virus unter WinXP
    Plagegeister aller Art und deren Bekämpfung - 20.11.2009 (4)
  10. TVTOOL unter WinXP = jetzt dickes Problem!!
    Alles rund um Windows - 09.10.2008 (2)
  11. Frage zur "Ausführen als.." Funktion unter WinXP
    Alles rund um Windows - 07.11.2007 (2)
  12. Wechsellaufwerke unter WinXp verschwunden!
    Alles rund um Windows - 17.04.2006 (6)
  13. Bitte um Hilfe: Trojaner Dropper-Befall unter WinXP
    Plagegeister aller Art und deren Bekämpfung - 14.03.2006 (7)
  14. Benutzerkonten unter WinXP: Fragen und Sicherheitsaspekte
    Alles rund um Windows - 31.01.2005 (19)
  15. TR/StartPage.QC.1 und TR/Dldr.Small.OR unter WinXP
    Log-Analyse und Auswertung - 26.10.2004 (14)
  16. DVD-LW und DVD-Brenner Probleme unter WinXP
    Netzwerk und Hardware - 05.10.2004 (1)
  17. NetMeeting unter WinXP installieren
    Alles rund um Windows - 21.12.2003 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner unter winxp - Hallo wer kann mir helfen, habe mir nen GVU Trojaner eingefanden hier die logfile Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 5/18/2012 2:19:47 PM - Run OTLPE by - GVU Trojaner unter winxp...
Archiv
Du betrachtest: GVU Trojaner unter winxp auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131