| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner unter Windows XPWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
| |
28.05.2012, 17:43
| #1 |
 |  Verschlüsselungstrojaner unter Windows XP Guten Abend, ebenso wie Hiltrud habe ich mir diesen Trojaner auf meinem Laptop eingefangen. Die Schritte, die in dem folgendem Thema erklärt wurden, habe ich bereits ausgeführt. Leider öffnete mein Laptop auch nur die Datei "OTL.Txt" nach dem Klick auf "Run Scan". Aber ich werde sie als Anhang hinzufügen. Code:
ATTFilter OTL logfile created on: 5/28/2012 5:15:01 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
446.00 Mb Total Physical Memory | 259.00 Mb Available Physical Memory | 58.00% Memory free
366.00 Mb Paging File | 280.00 Mb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35.70 Gb Total Space | 19.63 Gb Free Space | 54.99% Space Free | Partition Type: FAT32
Drive D: | 35.87 Gb Total Space | 35.73 Gb Free Space | 99.60% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (NPFMntor)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 00:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/15 07:45:38 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/10/30 14:31:24 | 001,021,256 | ---- | M] (TuneUp Software) [Auto] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/10/30 14:27:34 | 000,030,024 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/08/08 19:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/08 17:00:48 | 002,179,072 | ---- | M] (UASSOFT.COM) [Auto] -- C:\Programme\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2005/11/15 13:02:04 | 000,061,440 | ---- | M] (T-Online International AG, Marmiko IT-Solutions GmbH) [Auto] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2009/10/25 14:43:54 | 000,032,800 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009/10/25 14:43:52 | 000,093,344 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/04/13 06:53:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 06:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/31 08:41:32 | 000,081,408 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2005/11/24 12:36:42 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2005/04/21 13:33:12 | 000,112,384 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005/03/02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand] -- C:\Programme\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/21 10:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/10/02 08:57:12 | 000,013,532 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=110810&babsrc=HP_ss&mntrId=320d180e000000000000000fb5d0df74
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Hans-Peter_ON_C\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKU\Hans-Peter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "NCH DE Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/19 08:05:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010/02/23 07:03:04 | 000,000,000 | ---D | M]
[2008/07/19 21:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Extensions
[2008/07/19 21:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Extensions\home2@tomtom.com
[2010/02/23 07:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Firefox\Profiles\hvay6vxb.default\extensions
[2012/05/22 04:57:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Firefox\Profiles\hvay6vxb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/02 05:29:58 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Firefox\Profiles\hvay6vxb.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012/03/20 08:20:16 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\mozilla\Firefox\Profiles\hvay6vxb.default\extensions\ffxtlbr@babylon.com
[2012/03/06 17:29:04 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\hvay6vxb.default\searchplugins\conduit.xml
[2012/03/19 08:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/03/19 08:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012/03/19 08:05:58 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) --
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HANS-PETER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HVAY6VXB.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/03/12 16:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/03/12 17:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/12 17:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/03/12 17:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/12 17:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/12 17:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/12 17:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2012/03/20 08:17:48 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\Hans-Peter_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Hans-Peter_ON_C\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\Hans-Peter_ON_C\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\Hans-Peter_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [KMConfig] File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\Hans-Peter_ON_C..\Run: [320D180E] C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe ()
O4 - HKU\Hans-Peter_ON_C..\Run: [EPSON Stylus S20 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Hans-Peter_ON_C..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (T-Online International AG, Marmiko IT-Solutions GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Remote Control.lnk = C:\Programme\Conceptronic Multimedia\CTVDIGUSB2 Device Utilities\RTLRCtl.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TMMonitor.lnk = C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe) - C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe ()
O24 - Desktop Components:0 () - hxxp://www.actionbikes.de/actionbikes/images1/Bashan%20200%20seite1.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/15 05:47:50 | 000,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/12/24 20:50:46 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4a0f77aa-5640-11dd-a068-00038a000015}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/05/27 05:49:24 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2012/05/22 05:46:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Pvyflpkjhgc
[2012/05/22 05:45:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/28 03:28:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/28 03:28:48 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Automatische Problemsuche.job
[2012/05/28 03:28:36 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/28 03:28:04 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/27 05:57:12 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/27 05:50:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/22 05:46:04 | 000,048,128 | -H-- | M] () -- C:\WINDOWS\System32\BE4C77A5320D180E0B3C.exe
[2012/05/21 05:17:36 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/15 07:32:22 | 000,461,330 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/05/15 07:32:22 | 000,443,222 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/15 07:32:22 | 000,086,016 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/05/15 07:32:22 | 000,072,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/15 07:29:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/11 21:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/05/11 21:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/05/11 21:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/05/11 21:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/05/09 08:00:02 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2012/05/09 07:18:32 | 000,070,198 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\Mietvertrag.pdf
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/22 06:14:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/22 05:46:02 | 000,048,128 | -H-- | C] () -- C:\WINDOWS\System32\BE4C77A5320D180E0B3C.exe
[2012/05/09 07:18:28 | 000,070,198 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Desktop\Mietvertrag.pdf
[2012/02/15 06:02:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/15 06:37:01 | 000,294,974 | R--- | C] () -- C:\WINDOWS\System32\RTL283XACCESS.dll
[2010/11/15 06:36:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/01/09 06:26:35 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/01/09 06:26:35 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/01/09 06:26:35 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/01/09 06:26:35 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/01/09 06:26:35 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/01/09 06:26:35 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/01/09 06:26:35 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/01/09 06:26:35 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/01/09 06:26:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/01/09 06:26:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/01/09 06:26:35 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/01/09 06:26:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/01/09 06:26:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/01/09 06:26:35 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/01/09 06:26:35 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/01/09 06:26:35 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/01/09 06:26:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/09 06:26:34 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/01/09 06:26:34 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/01/09 06:25:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CSES20.ini
[2009/04/14 07:45:09 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/04/14 07:41:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\blib.dll
[2009/04/13 07:38:17 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\Hlduinst.exe
[2009/04/13 07:38:17 | 000,006,855 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2009/04/13 07:38:16 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2009/04/13 07:29:04 | 000,594,018 | ---- | C] () -- C:\WINDOWS\ETKEU.EXE
[2009/04/13 07:20:35 | 000,000,107 | ---- | C] () -- C:\WINDOWS\ETKVE.INI
[2009/01/09 01:44:09 | 000,001,055 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2008/09/01 02:02:14 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2008/08/09 05:29:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/08 02:28:44 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2008/03/08 02:00:06 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007/12/15 07:00:36 | 000,000,284 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\ViewerApp.dat
[2007/12/15 05:44:44 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/09/19 20:19:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/29 06:52:52 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2007/02/27 01:52:24 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/28 04:27:39 | 000,038,400 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/09 07:04:43 | 000,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini
[2006/12/09 07:04:35 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2006/12/09 07:04:35 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2006/12/09 07:04:35 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2006/10/19 22:57:01 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2006/10/19 22:45:14 | 000,070,408 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2006/10/19 22:45:14 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2006/07/08 00:28:22 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/03/07 06:49:20 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\EnumDevLib.dll
[2006/02/24 03:40:01 | 000,001,278 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2006/02/01 08:55:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/01/31 08:41:31 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV86.sys
[2006/01/11 18:55:15 | 000,000,196 | ---- | C] () -- C:\WINDOWS\LWRegWiz.ini
[2005/12/21 20:05:13 | 000,000,884 | ---- | C] () -- C:\WINDOWS\wo4_m.ini
[2005/12/21 19:35:50 | 000,002,584 | ---- | C] () -- C:\WINDOWS\WO4_R.INI
[2005/12/21 19:35:38 | 000,004,433 | ---- | C] () -- C:\WINDOWS\WO4.INI
[2005/12/16 13:51:41 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/12/16 06:32:45 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/03/09 10:30:25 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/08 10:51:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/08 10:31:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/08 10:28:01 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/08 10:28:00 | 000,000,321 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/03/08 10:28:00 | 000,000,235 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/03/07 23:55:30 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/07 23:54:45 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/07 23:54:45 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/07 23:54:45 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/07 23:46:28 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/03/07 23:46:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2005/03/07 23:46:15 | 000,201,556 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/07 23:41:16 | 000,001,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/03/07 23:36:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/03/07 23:36:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2005/03/07 23:36:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/03/07 23:34:44 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/07 23:34:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2005/03/07 23:33:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/07 23:28:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/07 23:27:45 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/07 23:23:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/07 23:22:44 | 000,185,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE
[1980/01/01 00:00:00 | 000,461,330 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[1980/01/01 00:00:00 | 000,443,222 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[1980/01/01 00:00:00 | 000,072,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1980/01/01 00:00:00 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALAUNCH.INI
========== LOP Check ==========
[2009/06/03 05:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2009/12/15 08:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2006/01/23 17:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-DSL SpeedManager
[2006/12/09 07:05:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\T-Online
[2007/05/05 04:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Zylom
[2007/06/20 06:34:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Opera
[2007/09/19 20:20:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Atari
[2007/12/11 05:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BayWatcher Pro
[2007/12/11 06:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ashampoo
[2008/03/08 02:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ulead Systems
[2008/03/24 07:58:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\BOM
[2008/03/30 03:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\ICQ Toolbar
[2008/04/11 23:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Babylon
[2008/07/19 21:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TomTom
[2008/12/07 03:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Friday's games
[2009/03/08 04:13:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Kingston
[2009/04/08 06:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Ascentive
[2009/07/21 07:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\MSNInstaller
[2009/12/15 07:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\TuneUp Software
[2012/05/22 05:46:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Pvyflpkjhgc
[2006/01/23 18:00:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2007/02/27 21:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007/05/05 04:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2007/05/30 07:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2007/12/11 05:58:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ebay
[2007/12/11 05:58:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2008/03/08 01:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2008/04/11 23:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2008/07/19 21:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2008/12/07 03:51:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009/04/08 06:11:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ascentive
[2009/12/15 07:44:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009/12/15 07:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010/01/09 06:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010/01/09 06:29:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2012/03/20 08:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2012/05/28 03:28:48 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Automatische Problemsuche.job
========== Purity Check ==========
< End of report >
Vielen Dank schon einmal im voraus. Viele Grüße Benjamin S. |
| Themen zu Verschlüsselungstrojaner unter Windows XP |
| .com, babylon toolbar, babylontoolbar, bho, conduit, dateien, desktop, disabletaskmgr, einstellungen, error, explorer, firefox, format, helper, icq, logfile, netgear, object, realtek, registry, scan, security, security scan, software, trojaner, unter windows xp, wallpaper, windows, windows xp, winlogon, yahoo |
Mr. Invisibl 
Baum-Darstellung