Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verschlüsselungstrojaner unter XP

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.06.2012, 20:42   #1
kaemmievisio
 
Verschlüsselungstrojaner unter XP - Standard

Verschlüsselungstrojaner unter XP



Unter XP habe ich mir einen Verschlüsselungstrojaner eingefangen. Der Rechner läßt sich nicht im abgesicherten Modus booten, so dass ich keinerlei Scan machen kann. Ist der Rechner aus, schaltet er sich nach einer gewissen Zeit von selbst an.

Mittels OTL von Oldtimer habe ich die Dateien Extras und OLT erstellt:

OTL logfile created on: 6/3/2012 9:50:05 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

958.00 Mb Total Physical Memory | 739.00 Mb Available Physical Memory | 77.00% Memory free
858.00 Mb Paging File | 770.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 223.12 Gb Total Space | 190.73 Gb Free Space | 85.49% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 3.93 Gb Free Space | 40.30% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/04/16 11:49:06 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Programme\Microsoft\BingBar\7.1.382.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/04/16 11:49:06 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Programme\Microsoft\BingBar\7.1.382.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/20 14:56:15 | 001,404,008 | ---- | M] () [Auto] -- C:\WINDOWS\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2010/12/13 08:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/05/05 11:15:14 | 000,118,880 | ---- | M] () [Auto] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/05/05 11:15:12 | 000,266,338 | ---- | M] () [Auto] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/05/05 11:14:10 | 001,073,152 | ---- | M] (Cyberlink) [Auto] -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006/04/24 08:25:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/07/06 06:14:12 | 000,471,040 | ---- | M] (Lexmark International, Inc.) [On_Demand] -- C:\WINDOWS\System32\lxcecoms.exe -- (lxce_device)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 17:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2002/11/26 18:00:00 | 000,421,935 | ---- | M] (Living Byte Software GmbH, München) [Auto] -- C:\Programme\Teledat\WCOM\SYSTEM\RVSINST.EXE -- (RVSINST)
SRV - [2002/11/26 18:00:00 | 000,151,595 | ---- | M] () [Auto] -- C:\Programme\Teledat\WCOM\SYSTEM\RVSCC.EXE -- (RvsCC)
SRV - [2002/11/26 18:00:00 | 000,131,121 | ---- | M] (Living Byte Software GmbH, München) [On_Demand] -- C:\Programme\Teledat\WCOM\SYSTEM\RVSCOMSV.EXE -- (RvscomSv)
SRV - [2002/11/22 15:49:22 | 000,077,824 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)
SRV - [2001/11/12 07:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/13 08:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/04/28 01:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006/07/22 12:53:36 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2006/04/28 10:34:24 | 000,882,688 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006/04/21 05:16:44 | 003,964,352 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/02/26 23:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/12 11:08:00 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2003/04/17 10:14:04 | 000,960,436 | ---- | M] (DeTeWe Berlin) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Capi20.sys -- (CAPI20)
DRV - [2003/04/17 06:19:02 | 000,120,732 | R--- | M] (DeTeWe Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ulisa.sys -- (ulisa) Telekom ISDN-Adapter (USB)
DRV - [2003/03/19 07:36:48 | 000,037,696 | ---- | M] (DeTeWe Berlin) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\detewecp.sys -- (DETEWECP)
DRV - [2002/12/20 05:04:00 | 000,198,118 | ---- | M] (DeTeWe Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dtwmnic5.sys -- (dtwmnic5)
DRV - [2002/11/26 18:00:00 | 000,039,936 | ---- | M] (Living Byte Software GmbH, München) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\rvsport.sys -- (rvsport)
DRV - [2002/11/22 15:49:22 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2002/11/22 15:49:22 | 000,050,276 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11)
DRV - [2002/11/22 15:49:22 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2002/11/22 15:49:22 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\heinz_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/start_ie
IE - HKU\heinz_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\heinz_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\heinz_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\heinz_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 52 13 28 89 3D CD 01 [binary data]
IE - HKU\heinz_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\heinz_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\heinz_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/


========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012/04/24 11:54:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

[2010/09/25 14:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\heinz\Anwendungsdaten\mozilla\Extensions
[2010/09/25 14:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\heinz\Anwendungsdaten\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
File not found (No name found) --
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HEINZ\ANWENDUNGSDATEN\THUNDERBIRD\PROFILES\O981WEMF.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\heinz_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\heinz_ON_C\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [EzPrint] C:\Programme\Lexmark 4300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Programme\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxcemon.exe] C:\Programme\Lexmark 4300 Series\lxcemon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\heinz_ON_C..\Run: [1und1Dispatcher] C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
O4 - HKU\heinz_ON_C..\Run: [ECF59C89] C:\WINDOWS\system32\4E49EB7CECF59C8934BF.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CAPIControl.lnk = C:\Programme\Telekom\Eumex 504PC SE\Capictrl.exe (DeTeWe AG & Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\MS\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\heinz_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\heinz_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\heinz_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\heinz_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\NPJPI150_07.dll (Sun Microsystems, Inc.)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147879372515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147880351031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\4E49EB7CECF59C8934BF.exe) - C:\WINDOWS\system32\4E49EB7CECF59C8934BF.exe ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/17 07:13:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4bdf3584-603e-11df-8f07-003042fffd01}\Shell - "" = AutoRun
O33 - MountPoints2\{4bdf3584-603e-11df-8f07-003042fffd01}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4bdf3584-603e-11df-8f07-003042fffd01}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/29 06:47:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\heinz\Anwendungsdaten\Lddddddddd
[2012/05/29 06:47:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/03 14:33:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/03 14:33:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/03 14:15:19 | 000,457,828 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/06/03 14:15:19 | 000,439,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/03 14:15:19 | 000,084,526 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/06/03 14:15:19 | 000,071,104 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/03 14:11:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/03 14:10:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/03 14:10:52 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/29 06:50:41 | 000,000,562 | ---- | M] () -- C:\hpfr5550.xml
[2012/05/29 06:47:25 | 000,053,248 | -H-- | M] () -- C:\WINDOWS\System32\4E49EB7CECF59C8934BF.exe
[2012/05/24 09:37:04 | 000,001,781 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012/05/23 04:41:31 | 000,002,433 | ---- | M] () -- C:\Dokumente und Einstellungen\heinz\Desktop\Microsoft Word.lnk
[2012/05/13 12:22:17 | 000,258,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 04:43:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/12 04:39:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
[2012/05/11 15:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/05/11 15:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/05/11 15:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/05/11 15:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/03 12:52:43 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/06/03 12:52:43 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/06/03 12:52:43 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/06/03 12:52:43 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/06/03 12:52:43 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/06/03 12:52:43 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/29 06:47:25 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\4E49EB7CECF59C8934BF.exe
[2012/02/19 10:34:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/20 14:56:14 | 001,404,008 | ---- | C] () -- C:\WINDOWS\System32\ieconfig_1und1_svc.exe
[2011/03/20 14:56:13 | 003,406,336 | ---- | C] () -- C:\WINDOWS\System32\WEBDE-DLLUpdate1.exe
[2009/07/17 12:49:35 | 000,000,301 | ---- | C] () -- C:\Dokumente und Einstellungen\heinz\default.pls
[2008/07/11 12:18:10 | 000,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\heinz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/18 08:05:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/04 11:56:47 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/12/04 11:56:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/12/04 11:56:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXPMONRC.DLL
[2006/08/23 09:14:34 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\heinz\Anwendungsdaten\wklnhst.dat
[2006/08/22 12:24:30 | 000,000,016 | -H-- | C] () -- C:\Dokumente und Einstellungen\heinz\mxfilerelatedcache.mxc2
[2006/08/21 13:50:07 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006/07/29 09:57:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\HNetCtrl.INI
[2006/07/22 13:13:58 | 000,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini
[2006/07/22 13:13:53 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2006/07/22 13:13:53 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2006/07/22 13:13:53 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2006/07/22 12:52:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/07/22 12:50:00 | 000,000,487 | ---- | C] () -- C:\WINDOWS\Capictrl.INI
[2006/07/22 12:32:31 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI
[2006/07/22 12:28:35 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\heinz\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/06/22 05:37:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/20 08:49:40 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/20 08:38:43 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2006/06/20 08:38:23 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/06/20 08:28:05 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/06/20 08:11:49 | 000,000,207 | ---- | C] () -- C:\WINDOWS\WISO.INI
[2006/06/20 08:02:56 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/20 08:02:56 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\12EB3F0295.sys
[2006/05/18 11:54:11 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2006/05/18 11:54:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/05/18 10:04:10 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/18 07:37:19 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/05/18 07:37:19 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2006/05/17 10:35:46 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/17 09:48:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/05/17 09:47:56 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/17 08:07:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/17 08:06:25 | 000,258,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/17 07:37:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/17 07:24:17 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/17 07:15:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/17 07:11:46 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/17 06:58:33 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/17 06:58:24 | 000,457,828 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/05/17 06:58:24 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/05/17 06:58:24 | 000,084,526 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/05/17 06:58:24 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/05/17 06:58:15 | 000,439,844 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/17 06:58:15 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/05/17 06:58:15 | 000,071,104 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/17 06:58:15 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/05/17 06:58:15 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/05/17 06:58:14 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/05/17 06:58:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/05/17 06:58:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/05/17 06:58:10 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/05/17 06:58:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/05/17 06:58:06 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/05/17 06:58:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/07/31 20:09:36 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\lxceinsr.dll
[2005/07/31 20:09:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxcecur.dll
[2005/07/31 20:09:20 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lxcejswr.dll
[2005/07/14 04:15:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcevs.dll
[2004/09/28 17:54:30 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 15:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/11/22 15:33:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/11/22 15:33:06 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat

========== LOP Check ==========

[2006/06/20 08:35:23 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\BullGuard
[2006/07/22 12:32:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\X10 Commander
[2011/12/29 09:50:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\heinz\Anwendungsdaten\1&1 Mail & Media GmbH
[2006/09/21 14:02:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\heinz\Anwendungsdaten\Bookmarks
[2012/05/29 06:47:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\heinz\Anwendungsdaten\Lddddddddd
[2006/08/22 12:23:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\heinz\Anwendungsdaten\MAGIX
[2006/07/22 12:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\heinz\Anwendungsdaten\Ordner HP Share-to-Web
[2006/07/29 09:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\heinz\Anwendungsdaten\RVS
[2006/07/22 13:14:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\heinz\Anwendungsdaten\T-Online
[2010/09/25 14:29:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\heinz\Anwendungsdaten\Thunderbird
[2009/02/25 06:12:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\heinz\Anwendungsdaten\WEBDE
[2006/06/20 08:41:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2010/10/14 04:36:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aldi Sued Fotoservice
[2006/06/20 08:11:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications
[2011/03/20 14:56:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2006/07/22 13:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2006/07/29 09:39:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teledat
[2011/12/29 09:51:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb
[2006/05/18 10:04:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2010/12/11 10:58:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{ADB71EBD-4C57-4903-90E9-7E54A3106B7C}

========== Purity Check ==========


< End of report >

OTL Extras logfile created on: 6/3/2012 9:50:05 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

958.00 Mb Total Physical Memory | 739.00 Mb Available Physical Memory | 77.00% Memory free
858.00 Mb Paging File | 770.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 223.12 Gb Total Space | 190.73 Gb Free Space | 85.49% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 3.93 Gb Free Space | 40.30% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\AOL.exe" = C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0
"C:\Programme\AOL 9.0\WAOL.exe" = C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\AOL.exe" = C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0
"C:\Programme\AOL 9.0\WAOL.exe" = C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeCam.exe" = C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeEnC2.exe" = C:\Programme\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeExp.exe" = C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeTray.exe" = C:\Programme\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03440014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Enzyklopädie 2003
"{0D396571-7BBD-44CE-ABB3-518BF86B72F7}" = HP Photo and Imaging 2.0 - Photosmart Printer Series
"{0DC7F1CB-B3EB-48CF-8136-3BF8635F8566}" = Internet Explorer 8 WEB.DE Edition
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FD5B04-CE35-4F5B-A2F3-6D9FD644EB70}" = WISO Mein Geld 2006 Professional
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Foto 7.0
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows-Journal-Viewer
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AC34E29-82A8-42E4-916C-29F594B9DD03}" = Eumex 504PC SE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78355B12-1597-4858-910C-F044AB9CBB0A}" = Teledat RVS-COM
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{8283FCCD-AC71-4DC1-A81E-4F244FBBE11D}" = T-Online 5.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9739666-2235-42F8-85D6-9B4005DC7951}" = Bing Bar
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C06BEA8D-E886-49FF-B772-A9C550741031}" = Nero 7 Essentials
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}" = Microsoft AutoRoute 2002
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ALDI Online Druck Service (Sued)" = ALDI Online Druck Service (Sued)
"Aldi Süd Foto Service" = Aldi Süd Foto Service 4.6
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"ALDI Sued Foto Manager D" = ALDI Sued Foto Manager (D)
"ALDI Sued Foto Service D" = ALDI Sued Foto Service (D)
"ALDI Sued Fotoservice_is1" = Aldi Sued Fotoservice 2.7
"Creatix V.92 Data Fax Modem" = Creatix V.92 Data Fax Modem
"Google Chrome" = Google Chrome
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (nur entfernen)
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"Internet Explorer 8 WEB.DE Edition" = Internet Explorer 8 WEB.DE Edition
"LetsTrade" = LetsTrade Komponenten
"Lexmark 4300 Series" = Lexmark 4300 Series
"Lexmark Fax Solutions" = Lexmark Fax-Lösungen
"LHTTSGED" = L&H TTS3000 Deutsch
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"StreetPlugin" = Learn2 Player (Uninstall Only)
"T-Online Copas" = T-Online Copas
"T-Online Fotoservice" = T-Online Fotoservice
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)

< End of report >

Ich weiss jetzt nur nicht, wie ich weiter verfahren muß, um den Trojaner los zu werden und meine Daten zu retten.

Liebe Grüße
Stefan

Alt 04.06.2012, 16:23   #2
markusg
/// Malware-holic
 
Verschlüsselungstrojaner unter XP - Standard

Verschlüsselungstrojaner unter XP



auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - HKU\heinz_ON_C..\Run: [ECF59C89] C:\WINDOWS\system32\4E49EB7CECF59C8934BF.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\heinz_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\heinz_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\heinz_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\4E49EB7CECF59C8934BF.exe) - C:\WINDOWS\system32\4E49EB7CECF59C8934BF.exe ()
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
:Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
__________________

__________________

Alt 05.06.2012, 17:05   #3
kaemmievisio
 
Verschlüsselungstrojaner unter XP - Standard

Verschlüsselungstrojaner unter XP



Ich wollte wie beschrieben vorgehen. Nachdem ich den Fix geladen habe, hat OTLP nicht mehr reagiert.

Von einem Arbeitskollegen hatte ich noch die Kaspersky Rescur Disk 10 bekommen. Mit dieser konnte ich dann aber auch den Trojaner entfernen.

Es war aber genau die gleiche EXE die entfernt worden ist.

Tausend Dank.
__________________

Alt 06.06.2012, 17:10   #4
markusg
/// Malware-holic
 
Verschlüsselungstrojaner unter XP - Standard

Verschlüsselungstrojaner unter XP



script trotzdem ausführen
gibts noch verschlüsselte daten?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Verschlüsselungstrojaner unter XP
askbar, avira, bho, bingbar, booten, desktop, disabletaskmgr, einstellungen, entfernen, error, firefox, flash player, format, geld, helper, home, homepage, installation, langs, logfile, plug-in, realtek, registry, rundll, scan, security, software, udp, version=1.0, windows, windows internet, windows xp




Ähnliche Themen: Verschlüsselungstrojaner unter XP


  1. l+f: Verschlüsselungstrojaner leidet unter Gedächtnisschwund
    Nachrichten - 09.11.2015 (0)
  2. Begrenzte Internetverbindung unter Windows 10; keinerlei Probleme unter Ubuntu
    Netzwerk und Hardware - 05.09.2015 (13)
  3. Sicherung unter Win7 32 Bit-unter 7 64 Bit einspielen?
    Alles rund um Windows - 17.11.2013 (10)
  4. Verschlüsselungstrojaner unter Windows Vista blockiert Bildschirm
    Log-Analyse und Auswertung - 27.07.2012 (18)
  5. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 27.07.2012 (1)
  6. Windows Update Verschlüsselungstrojaner unter XP
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (10)
  7. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (24)
  8. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  9. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  10. Erwischt: Windows Verschlüsselungstrojaner unter Windows XP via E-Mail
    Log-Analyse und Auswertung - 17.06.2012 (11)
  11. Verschlüsselungstrojaner!
    Log-Analyse und Auswertung - 16.06.2012 (3)
  12. Verschlüsselungstrojaner (neue Version?) unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  13. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (5)
  14. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  15. Verschlüsselungstrojaner unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (24)
  16. Verschlüsselungstrojaner unter Windows XP
    Log-Analyse und Auswertung - 16.05.2012 (5)
  17. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 27.04.2012 (1)

Zum Thema Verschlüsselungstrojaner unter XP - Unter XP habe ich mir einen Verschlüsselungstrojaner eingefangen. Der Rechner läßt sich nicht im abgesicherten Modus booten, so dass ich keinerlei Scan machen kann. Ist der Rechner aus, schaltet er - Verschlüsselungstrojaner unter XP...
Archiv
Du betrachtest: Verschlüsselungstrojaner unter XP auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.