| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU auf Windows XP / abgesicherter Modus startet nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.01.2013, 16:37
| #1 |
 |  GVU auf Windows XP / abgesicherter Modus startet nicht Hallo ich habe hier ein System mit GVU Trojaner bei dem der abgesicherte Modus nicht startet. Ich habe mit OTLPE gescannt OTL.TXT Code:
ATTFilter OTL logfile created on: 1/5/2013 4:31:50 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
767.00 Mb Total Physical Memory | 538.00 Mb Available Physical Memory | 70.00% Memory free
707.00 Mb Paging File | 579.00 Mb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1150 1150 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 52.99 Gb Total Space | 17.88 Gb Free Space | 33.74% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found
SRV - (LEC TranslateDotNet Server) -- File not found
SRV - (iPod Service) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe ( )
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (wanatw) WAN Miniport (ATW) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (SSHDRV84) -- C:\WINDOWS\system32\drivers\SSHDRV84.sys ()
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (nsysaudm) -- C:\WINDOWS\system32\drivers\nsysaudm.sys ()
DRV - (VIAudio) VIA AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudio.sys (VIA Technologies, Inc.)
DRV - (viaagp1) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS (VIA Technologies, Inc.)
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys ( )
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys ( )
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys ( )
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys ( )
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Vireo Software)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys ( )
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Dieter_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Dieter_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Dieter_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Dieter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Dieter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Dieter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\Helga_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Helga_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Helga_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\Jörg_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de/
IE - HKU\Jörg_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Helga_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Helga_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Helga_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Helga_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Jörg_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Jörg_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [svñhîst] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] File not found
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [Symantec NetDriver Warning] File not found
O4 - HKU\.DEFAULT..\Run: [Symantec Network Driver Update Warning] File not found
O4 - HKU\Administrator_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\Dieter_ON_C..\Run: [360Amigo] C:\Program files\360Amigo\360Amigo.exe (360Amigo)
O4 - HKU\Dieter_ON_C..\Run: [flatster Recorder] C:\Programme\flatster Recorder\flatster Recorder.exe (Euro-Driver Peter Busch)
O4 - HKU\Dieter_ON_C..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKU\Helga_ON_C..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKU\Helga_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\Helga_ON_C..\Run: [swg] File not found
O4 - HKU\Jörg_ON_C..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKU\Jörg_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\Jörg_ON_C..\Run: [swg] File not found
O4 - HKU\Helga_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Desktop Application Director 9.LNK = C:\Programme\Corel\WordPerfect Office 2000\programs\dad9.exe (Corel Corporation Limited)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 1000 series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Dieter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Helga_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jörg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348241715375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/30 02:08:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/03 09:52:42 | 000,047,616 | RHS- | C] (Auslogics) -- C:\Dokumente und Einstellungen\Dieter\1409921.exe
[2012/12/15 12:54:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dieter\Lokale Einstellungen\Anwendungsdaten\AskToolbar
[2012/12/10 19:33:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dieter\.jivex
[2012/12/10 18:38:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dieter\tmpjex1
[2003/04/30 02:50:26 | 001,805,696 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2003/04/30 02:50:26 | 000,413,528 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2003/04/30 02:50:26 | 000,161,984 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2003/04/30 02:50:26 | 000,084,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2003/04/30 02:50:26 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
[2003/04/30 02:50:25 | 000,194,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/05 10:21:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0A7B626A-BF2D-4691-B49F-6B535575183A}.job
[2013/01/05 10:19:51 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/05 10:19:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/05 04:25:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/03 12:08:20 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 09:52:42 | 000,047,616 | RHS- | M] (Auslogics) -- C:\Dokumente und Einstellungen\Dieter\1409921.exe
[2013/01/02 07:35:20 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2013/01/02 07:02:19 | 000,483,129 | ---- | M] () -- C:\Dokumente und Einstellungen\Dieter\Eigene Dateien\karneval 2.bcp
[2012/12/30 11:41:24 | 000,483,129 | ---- | M] () -- C:\Dokumente und Einstellungen\Dieter\Eigene Dateien\karneval13.bcp
[2012/12/26 04:52:18 | 000,003,860 | ---- | M] () -- C:\Dokumente und Einstellungen\Dieter\Eigene Dateien\rum.bcp
[2012/12/21 05:48:41 | 000,230,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/15 13:14:42 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1355595189.job
[2012/12/15 13:13:27 | 000,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 1000 series.lnk
[2012/12/15 13:13:27 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[2012/12/15 13:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Hewlett-Packard
[2012/12/15 13:13:07 | 000,019,554 | ---- | M] () -- C:\WINDOWS\hpoins01.dat
[2012/12/15 13:07:44 | 000,000,831 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Photo & Imaging.lnk
[2012/12/15 13:07:44 | 000,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk
[2012/12/15 13:07:43 | 000,000,831 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Director.lnk
[2012/12/15 10:38:55 | 000,000,014 | ---- | M] () -- C:\Dokumente und Einstellungen\Dieter\dot4_001
[2012/12/14 11:15:11 | 000,002,385 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows-Journal-Viewer.lnk
[2012/12/14 10:37:26 | 000,000,001 | R--- | M] () -- C:\Dokumente und Einstellungen\Dieter\serverport
[2012/12/10 19:28:58 | 000,000,284 | ---- | M] () -- C:\Dokumente und Einstellungen\Dieter\medcd.ini
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/02 07:02:19 | 000,483,129 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\Eigene Dateien\karneval 2.bcp
[2012/12/26 05:35:17 | 000,483,129 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\Eigene Dateien\karneval13.bcp
[2012/12/26 04:52:18 | 000,003,860 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\Eigene Dateien\rum.bcp
[2012/12/15 13:14:40 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1355595189.job
[2012/12/15 13:13:27 | 000,000,751 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 1000 series.lnk
[2012/12/15 13:07:44 | 000,000,831 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Photo & Imaging.lnk
[2012/12/15 13:07:44 | 000,000,751 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk
[2012/12/15 13:07:43 | 000,000,831 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Director.lnk
[2012/12/15 13:05:29 | 000,019,554 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2012/12/15 13:05:29 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2012/12/15 10:37:42 | 000,000,014 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\dot4_001
[2012/12/10 19:33:26 | 000,000,001 | R--- | C] () -- C:\Dokumente und Einstellungen\Dieter\serverport
[2012/12/10 18:43:30 | 000,008,356 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\overlay.ini
[2012/12/10 18:43:30 | 000,000,284 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\medcd.ini
[2012/12/10 18:43:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\vorlagen.ini
[2012/05/30 02:23:11 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2012/05/30 02:23:10 | 000,001,077 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2012/05/30 02:23:10 | 000,000,633 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2012/05/02 11:45:37 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\hpothb07.tif
[2012/05/02 11:45:37 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\hpothb07.dat
[2012/02/16 03:10:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/27 06:00:42 | 000,010,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\hademu_elster_2048.pfx
[2011/12/28 14:12:07 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Jörg\hpothb07.tif
[2011/12/28 14:12:07 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Jörg\hpothb07.dat
[2011/12/28 14:11:32 | 000,000,327 | -H-- | C] () -- C:\Dokumente und Einstellungen\Dieter\hpothb07.dat
[2011/12/28 14:11:31 | 000,000,493 | -H-- | C] () -- C:\Dokumente und Einstellungen\Dieter\hpothb07.tif
[2011/12/28 14:11:14 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Helga\hpothb07.tif
[2011/12/28 14:11:14 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Helga\hpothb07.dat
[2011/12/09 09:47:54 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Settings.ini
[2011/09/25 11:35:25 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/09/15 20:18:22 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2011/01/06 15:09:25 | 000,000,056 | ---- | C] () -- C:\WINDOWS\CoverDes.INI
[2010/03/17 07:43:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2010/03/17 07:42:46 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2010/03/17 07:42:45 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/07/02 15:02:01 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/10/28 20:08:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/13 18:44:47 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll
[2007/12/16 18:01:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CorelDrw.INI
[2007/10/02 13:21:41 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Helga\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/30 07:33:58 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/11/25 03:53:47 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Thps3.INI
[2006/03/04 05:30:05 | 000,053,248 | R--- | C] () -- C:\WINDOWS\UpdtNv28.exe
[2005/12/02 06:26:11 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/02 06:26:11 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\CCAA5ECD66.sys
[2005/08/21 17:11:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musiceditor.INI
[2005/08/20 11:46:47 | 000,004,765 | ---- | C] () -- C:\WINDOWS\cddpfmt.ini
[2005/08/09 11:26:20 | 000,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2005/08/09 11:26:19 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2004/11/09 05:36:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2004/10/18 07:55:48 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV84.sys
[2004/10/09 08:12:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/12/12 04:45:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/12/12 04:45:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\InstKeyb.exe
[2003/12/12 04:45:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2003/12/12 04:45:20 | 000,002,608 | ---- | C] () -- C:\WINDOWS\KB9908.ini
[2003/11/27 06:52:03 | 000,007,631 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/11/06 06:01:56 | 000,000,011 | ---- | C] () -- C:\WINDOWS\wanpatan.ini
[2003/09/11 09:51:14 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/08/18 17:25:30 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/08/15 15:04:16 | 000,177,108 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\~
[2003/07/23 15:00:44 | 000,149,504 | ---- | C] () -- C:\WINDOWS\Unwise32.exe
[2003/07/23 15:00:44 | 000,006,067 | ---- | C] () -- C:\WINDOWS\Unwise32.ini
[2003/07/23 14:55:59 | 000,000,196 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2003/07/15 04:12:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2003/07/08 04:31:15 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2003/06/27 04:51:35 | 000,012,800 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/06/09 12:47:01 | 000,000,254 | ---- | C] () -- C:\WINDOWS\qpw.INI
[2003/06/08 14:44:04 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Jörg\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2003/06/07 11:37:12 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Helga\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2003/06/07 09:55:49 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2003/04/30 10:56:16 | 000,001,258 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/30 10:56:06 | 000,526,418 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/30 10:56:06 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/04/30 10:56:06 | 000,104,618 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/30 10:56:06 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/04/30 10:55:48 | 000,501,650 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/30 10:55:48 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/04/30 10:55:48 | 000,087,278 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/30 10:55:48 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/04/30 10:55:48 | 000,004,520 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/04/30 10:55:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/04/30 10:55:45 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/30 10:55:41 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/04/30 10:55:41 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/04/30 10:55:35 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/04/30 10:55:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/04/30 07:44:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/30 06:55:53 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\Shw32.dll
[2003/04/30 06:44:56 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\fxdb.dll
[2003/04/30 06:44:23 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll
[2003/04/30 06:44:23 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll
[2003/04/30 06:44:23 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2003/04/30 03:07:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/30 03:03:44 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/04/30 03:00:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/30 02:59:49 | 000,230,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/30 02:50:31 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2003/04/30 02:50:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2003/04/30 02:50:31 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2003/04/30 02:50:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2003/04/30 02:50:26 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2003/04/30 02:50:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\slrundll.exe
[2003/04/30 02:50:25 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2003/04/30 02:16:43 | 000,000,963 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/30 02:10:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/30 02:05:59 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/02 01:09:33 | 000,405,504 | ---- | C] () -- C:\Programme\gtermddo.exe
[2003/03/08 23:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/02/16 00:22:49 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\nsysaudm.sys
[1999/01/26 17:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
========== LOP Check ==========
[2003/04/30 02:16:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterTrust
[2010/03/20 12:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\aborange
[2010/03/08 06:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Amazon
[2011/09/25 11:35:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Canneverbe Limited
[2012/01/24 06:52:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\elsterformular
[2010/11/10 05:36:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\K-Pacs-Lite
[2005/07/19 11:01:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\klickTel
[2012/08/28 12:07:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Notepad++
[2009/01/04 09:21:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\OpenOffice.org
[2007/09/17 10:20:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Reha
[2012/01/17 05:58:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Tobit
[2011/09/25 03:52:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Uki
[2012/01/25 04:43:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Uniblue
[2008/05/21 11:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\WIBU-SYSTEMS
[2010/03/27 14:09:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Wireshark
[2003/04/30 02:16:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helga\Anwendungsdaten\InterTrust
[2003/07/26 09:17:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helga\Anwendungsdaten\Kazaa Lite
[2003/04/30 02:16:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jörg\Anwendungsdaten\InterTrust
[2007/07/24 05:54:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jörg\Anwendungsdaten\WIBU-SYSTEMS
[2012/03/24 14:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2011/02/14 10:22:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bDeJiIn00000
[2011/09/25 11:35:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012/01/24 06:49:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011/12/14 13:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FUJIFILM
[2006/12/11 16:23:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster
[2012/01/25 13:53:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/12/15 13:14:42 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1355595189.job
[2013/01/05 10:21:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0A7B626A-BF2D-4691-B49F-6B535575183A}.job
========== Purity Check ==========
< End of report >
|
|
05.01.2013, 16:47
| #2 |
| /// Malware-holic   | GVU auf Windows XP / abgesicherter Modus startet nicht hi
__________________auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O4 - HKU\Jörg_ON_C..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKU\Helga_ON_C..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKU\Dieter_ON_C..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
05.01.2013, 16:49
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU auf Windows XP / abgesicherter Modus startet nicht edit
__________________Markus war schneller  /edit
__________________ |
|
05.01.2013, 17:40
| #4 | ||
| | GVU auf Windows XP / abgesicherter Modus startet nicht Leider war das noch nicht erfolgreich. Nach ausfuehren des Fix, bootet der Rechner nicht selbststaendig neu. Manueller Boot von der Festplatte landet wieder im GVU Fenster. Zitat:
Das Problem besteht seit dem 3.1. Im OTL-Logfile bei den modifizierten Dateien finde ich folgendes: Zitat:
|
|
05.01.2013, 19:20
| #5 |
| /// Malware-holic | GVU auf Windows XP / abgesicherter Modus startet nicht Hi starte OTL noch mal wie folgt: • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. Kopiere nun den Inhalt in die  Textbox. Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2013, 20:06
| #6 |
| | GVU auf Windows XP / abgesicherter Modus startet nicht Scan ist durchgelaufen, Internetverbindung besteht auch mit OTLPE OTL Logfile: Code:
ATTFilter OTL logfile created on: 1/5/2013 7:49:31 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
767.00 Mb Total Physical Memory | 500.00 Mb Available Physical Memory | 65.00% Memory free
707.00 Mb Paging File | 542.00 Mb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1150 1150 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 52.99 Gb Total Space | 18.12 Gb Free Space | 34.19% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto] -- -- (LEC TranslateDotNet Server)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/08/28 13:41:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/08/28 13:41:18 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/08/28 13:41:08 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/08/28 13:41:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/04 16:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2003/03/08 23:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/05/05 11:29:34 | 000,045,056 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/08/28 13:42:22 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/28 13:42:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/08/28 13:42:21 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/08/28 13:42:21 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/12 07:48:56 | 000,005,504 | ---- | M] () [File_System | Auto] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/08/10 07:19:46 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/18 07:55:49 | 000,076,800 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\SSHDRV84.sys -- (SSHDRV84)
DRV - [2004/04/26 00:10:00 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/04/26 00:09:52 | 000,054,657 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2004/04/26 00:09:42 | 000,071,405 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/04/26 00:09:24 | 000,024,605 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2003/02/16 00:22:49 | 000,030,720 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\nsysaudm.sys -- (nsysaudm)
DRV - [2002/12/18 08:42:54 | 000,076,544 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2002/07/23 21:30:00 | 000,032,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/05/16 04:41:32 | 001,805,696 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2002/05/05 10:53:28 | 000,413,528 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2002/05/05 10:41:52 | 000,194,128 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2002/03/14 12:23:06 | 000,084,720 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2002/03/14 12:04:22 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2002/03/14 11:31:40 | 000,161,984 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2001/08/17 08:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Dieter_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Dieter_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Dieter_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Dieter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Dieter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Dieter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\Helga_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Helga_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Helga_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\Jörg_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de/
IE - HKU\Jörg_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hyrican.de
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Helga_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Helga_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Helga_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Helga_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Jörg_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Jörg_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [svñhîst] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] File not found
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [Symantec NetDriver Warning] File not found
O4 - HKU\.DEFAULT..\Run: [Symantec Network Driver Update Warning] File not found
O4 - HKU\Administrator_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\Dieter_ON_C..\Run: [360Amigo] C:\Program files\360Amigo\360Amigo.exe (360Amigo)
O4 - HKU\Dieter_ON_C..\Run: [flatster Recorder] C:\Programme\flatster Recorder\flatster Recorder.exe (Euro-Driver Peter Busch)
O4 - HKU\Dieter_ON_C..\Run: [LDM] File not found
O4 - HKU\Helga_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\Helga_ON_C..\Run: [swg] File not found
O4 - HKU\Jörg_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\Jörg_ON_C..\Run: [swg] File not found
O4 - HKU\Helga_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Desktop Application Director 9.LNK = C:\Programme\Corel\WordPerfect Office 2000\programs\dad9.exe (Corel Corporation Limited)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 1000 series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Dieter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Helga_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jörg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348241715375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/30 02:08:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {429D8DD3-05E0-4F56-B6D6-AC0730567C02} - Euro Update Tool
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {588A559B-BBC9-4148-A2C0-96A33D1DBC26} - Microsoft .NET Framework 1.0 Hotfix (KB928367)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {65289DE3-4C1A-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {9BFBE94F-2FAF-11D6-8712-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D82A39FB-1784-4608-BFE8-1ACBFF3079C1} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {F279058C-50B2-4BE4-60C9-369CACF06821} - .NET Framework
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: {F9C174E3-3E87-40bc-AA94-B8974F2B9222} - Q813489
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpReg: tuloxFreeWBS - hkey= - key= - File not found
MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: {0CE3651A-C78A-4911-7A0C-C977D8CAAF97} - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
========== Files/Folders - Created Within 30 Days ==========
[2013/01/05 17:12:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/03 09:52:42 | 000,047,616 | RHS- | C] (Auslogics) -- C:\Dokumente und Einstellungen\Dieter\1409921.exe
[2012/12/15 12:54:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dieter\Lokale Einstellungen\Anwendungsdaten\AskToolbar
[2012/12/10 19:33:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dieter\.jivex
[2012/12/10 18:38:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dieter\tmpjex1
[2003/04/30 02:50:26 | 001,805,696 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2003/04/30 02:50:26 | 000,413,528 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2003/04/30 02:50:26 | 000,161,984 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2003/04/30 02:50:26 | 000,084,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2003/04/30 02:50:26 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
[2003/04/30 02:50:25 | 000,194,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
========== Files - Modified Within 30 Days ==========
[2013/01/05 11:27:19 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0A7B626A-BF2D-4691-B49F-6B535575183A}.job
[2013/01/05 11:26:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/05 11:24:14 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/05 11:24:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/03 12:08:20 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 09:52:42 | 000,047,616 | RHS- | M] (Auslogics) -- C:\Dokumente und Einstellungen\Dieter\1409921.exe
[2013/01/02 07:35:20 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2013/01/02 07:02:19 | 000,483,129 | ---- | M] () -- C:\Dokumente und Einstellungen\Dieter\Eigene Dateien\karneval 2.bcp
[2012/12/30 11:41:24 | 000,483,129 | ---- | M] () -- C:\Dokumente und Einstellungen\Dieter\Eigene Dateien\karneval13.bcp
[2012/12/26 04:52:18 | 000,003,860 | ---- | M] () -- C:\Dokumente und Einstellungen\Dieter\Eigene Dateien\rum.bcp
[2012/12/21 05:48:41 | 000,230,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/15 13:14:42 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1355595189.job
[2012/12/15 13:13:27 | 000,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 1000 series.lnk
[2012/12/15 13:13:27 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[2012/12/15 13:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Hewlett-Packard
[2012/12/15 13:13:07 | 000,019,554 | ---- | M] () -- C:\WINDOWS\hpoins01.dat
[2012/12/15 13:07:44 | 000,000,831 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Photo & Imaging.lnk
[2012/12/15 13:07:44 | 000,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk
[2012/12/15 13:07:43 | 000,000,831 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Director.lnk
[2012/12/15 10:38:55 | 000,000,014 | ---- | M] () -- C:\Dokumente und Einstellungen\Dieter\dot4_001
[2012/12/14 11:15:11 | 000,002,385 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows-Journal-Viewer.lnk
[2012/12/14 10:37:26 | 000,000,001 | R--- | M] () -- C:\Dokumente und Einstellungen\Dieter\serverport
[2012/12/10 19:28:58 | 000,000,284 | ---- | M] () -- C:\Dokumente und Einstellungen\Dieter\medcd.ini
========== Files Created - No Company Name ==========
[2013/01/02 07:02:19 | 000,483,129 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\Eigene Dateien\karneval 2.bcp
[2012/12/26 05:35:17 | 000,483,129 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\Eigene Dateien\karneval13.bcp
[2012/12/26 04:52:18 | 000,003,860 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\Eigene Dateien\rum.bcp
[2012/12/15 13:14:40 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1355595189.job
[2012/12/15 13:13:27 | 000,000,751 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 1000 series.lnk
[2012/12/15 13:07:44 | 000,000,831 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Photo & Imaging.lnk
[2012/12/15 13:07:44 | 000,000,751 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk
[2012/12/15 13:07:43 | 000,000,831 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Director.lnk
[2012/12/15 13:05:29 | 000,019,554 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2012/12/15 13:05:29 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2012/12/15 10:37:42 | 000,000,014 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\dot4_001
[2012/12/10 19:33:26 | 000,000,001 | R--- | C] () -- C:\Dokumente und Einstellungen\Dieter\serverport
[2012/12/10 18:43:30 | 000,008,356 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\overlay.ini
[2012/12/10 18:43:30 | 000,000,284 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\medcd.ini
[2012/12/10 18:43:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\vorlagen.ini
[2012/05/30 02:23:11 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2012/05/30 02:23:10 | 000,001,077 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2012/05/30 02:23:10 | 000,000,633 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2012/05/02 11:45:37 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\hpothb07.tif
[2012/05/02 11:45:37 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\hpothb07.dat
[2012/02/16 03:10:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/27 06:00:42 | 000,010,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\hademu_elster_2048.pfx
[2011/12/28 14:12:07 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Jörg\hpothb07.tif
[2011/12/28 14:12:07 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Jörg\hpothb07.dat
[2011/12/28 14:11:32 | 000,000,327 | -H-- | C] () -- C:\Dokumente und Einstellungen\Dieter\hpothb07.dat
[2011/12/28 14:11:31 | 000,000,493 | -H-- | C] () -- C:\Dokumente und Einstellungen\Dieter\hpothb07.tif
[2011/12/28 14:11:14 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Helga\hpothb07.tif
[2011/12/28 14:11:14 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Helga\hpothb07.dat
[2011/12/09 09:47:54 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Settings.ini
[2011/09/25 11:35:25 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/09/15 20:18:22 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2011/01/06 15:09:25 | 000,000,056 | ---- | C] () -- C:\WINDOWS\CoverDes.INI
[2010/03/17 07:43:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2010/03/17 07:42:46 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2010/03/17 07:42:45 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/07/02 15:02:01 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/10/28 20:08:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/13 18:44:47 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll
[2007/12/16 18:01:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CorelDrw.INI
[2007/10/02 13:21:41 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Helga\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/30 07:33:58 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/11/25 03:53:47 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Thps3.INI
[2006/03/04 05:30:05 | 000,053,248 | R--- | C] () -- C:\WINDOWS\UpdtNv28.exe
[2005/12/02 06:26:11 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/02 06:26:11 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\CCAA5ECD66.sys
[2005/08/21 17:11:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musiceditor.INI
[2005/08/20 11:46:47 | 000,004,765 | ---- | C] () -- C:\WINDOWS\cddpfmt.ini
[2005/08/09 11:26:20 | 000,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2005/08/09 11:26:19 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2004/11/09 05:36:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2004/10/18 07:55:48 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV84.sys
[2004/10/09 08:12:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/12/12 04:45:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/12/12 04:45:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\InstKeyb.exe
[2003/12/12 04:45:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2003/12/12 04:45:20 | 000,002,608 | ---- | C] () -- C:\WINDOWS\KB9908.ini
[2003/11/27 06:52:03 | 000,007,631 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/11/06 06:01:56 | 000,000,011 | ---- | C] () -- C:\WINDOWS\wanpatan.ini
[2003/09/11 09:51:14 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/08/18 17:25:30 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/08/15 15:04:16 | 000,177,108 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\~
[2003/07/23 15:00:44 | 000,149,504 | ---- | C] () -- C:\WINDOWS\Unwise32.exe
[2003/07/23 15:00:44 | 000,006,067 | ---- | C] () -- C:\WINDOWS\Unwise32.ini
[2003/07/23 14:55:59 | 000,000,196 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2003/07/15 04:12:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2003/07/08 04:31:15 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2003/06/27 04:51:35 | 000,012,800 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/06/09 12:47:01 | 000,000,254 | ---- | C] () -- C:\WINDOWS\qpw.INI
[2003/06/08 14:44:04 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Jörg\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2003/06/07 11:37:12 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Helga\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2003/06/07 09:55:49 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Dieter\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2003/04/30 10:56:16 | 000,001,258 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/30 10:56:06 | 000,526,418 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/30 10:56:06 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/04/30 10:56:06 | 000,104,618 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/30 10:56:06 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/04/30 10:55:48 | 000,501,650 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/30 10:55:48 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/04/30 10:55:48 | 000,087,278 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/30 10:55:48 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/04/30 10:55:48 | 000,004,520 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/04/30 10:55:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/04/30 10:55:45 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/30 10:55:41 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/04/30 10:55:41 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/04/30 10:55:35 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/04/30 10:55:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/04/30 07:44:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/30 06:55:53 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\Shw32.dll
[2003/04/30 06:44:56 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\fxdb.dll
[2003/04/30 06:44:23 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll
[2003/04/30 06:44:23 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll
[2003/04/30 06:44:23 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2003/04/30 03:07:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/30 03:03:44 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/04/30 03:00:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/30 02:59:49 | 000,230,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/30 02:50:31 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2003/04/30 02:50:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2003/04/30 02:50:31 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2003/04/30 02:50:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2003/04/30 02:50:26 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2003/04/30 02:50:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\slrundll.exe
[2003/04/30 02:50:25 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2003/04/30 02:16:43 | 000,000,963 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/30 02:10:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/30 02:05:59 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/02 01:09:33 | 000,405,504 | ---- | C] () -- C:\Programme\gtermddo.exe
[2003/03/08 23:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/02/16 00:22:49 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\nsysaudm.sys
[1999/01/26 17:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
========== LOP Check ==========
[2003/04/30 02:16:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterTrust
[2010/03/20 12:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\aborange
[2010/03/08 06:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Amazon
[2011/09/25 11:35:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Canneverbe Limited
[2012/01/24 06:52:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\elsterformular
[2010/11/10 05:36:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\K-Pacs-Lite
[2005/07/19 11:01:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\klickTel
[2012/08/28 12:07:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Notepad++
[2009/01/04 09:21:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\OpenOffice.org
[2007/09/17 10:20:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Reha
[2012/01/17 05:58:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Tobit
[2011/09/25 03:52:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Uki
[2012/01/25 04:43:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Uniblue
[2008/05/21 11:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\WIBU-SYSTEMS
[2010/03/27 14:09:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dieter\Anwendungsdaten\Wireshark
[2003/04/30 02:16:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helga\Anwendungsdaten\InterTrust
[2003/07/26 09:17:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Helga\Anwendungsdaten\Kazaa Lite
[2003/04/30 02:16:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jörg\Anwendungsdaten\InterTrust
[2007/07/24 05:54:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jörg\Anwendungsdaten\WIBU-SYSTEMS
[2012/03/24 14:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2011/02/14 10:22:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bDeJiIn00000
[2011/09/25 11:35:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012/01/24 06:49:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011/12/14 13:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FUJIFILM
[2006/12/11 16:23:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster
[2012/01/25 13:53:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/12/15 13:14:42 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1355595189.job
[2013/01/05 11:27:19 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0A7B626A-BF2D-4691-B49F-6B535575183A}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2009/03/12 10:52:49 | 000,000,000 | ---D | M] -- C:\audio
[2012/12/15 13:13:28 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009/07/02 15:01:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012/12/15 11:07:51 | 000,000,000 | ---D | M] -- C:\Downloads
[2005/03/20 12:04:03 | 000,000,000 | ---D | M] -- C:\DruckShop
[2011/12/09 14:10:14 | 000,000,000 | ---D | M] -- C:\EVENTDB
[2011/12/09 09:47:58 | 000,000,000 | ---D | M] -- C:\LOGFILES
[2011/01/22 06:15:46 | 000,000,000 | ---D | M] -- C:\PortableApps
[2012/03/24 08:26:03 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/12/31 05:34:37 | 000,000,000 | R--D | M] -- C:\Programme
[2012/08/09 12:31:18 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/08/09 14:55:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/12/15 12:40:14 | 000,000,000 | ---D | M] -- C:\temp
[2013/01/05 10:15:25 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2013/01/05 17:12:57 | 000,000,000 | ---D | M] -- C:\_OTL
< %PROGRAMFILES%\*.exe >
[2003/04/02 01:09:33 | 000,405,504 | ---- | M] () -- C:\Programme\gtermddo.exe
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2004/12/25 11:43:57 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/14 05:14:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/12/25 11:43:57 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/10/14 05:14:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/12/25 11:43:57 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/14 05:14:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 07:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/12/25 11:43:57 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/10/14 05:14:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004/08/04 02:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 08:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 08:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 02:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2005/03/02 13:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 10:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 13:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/04 02:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007/03/08 10:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2003/09/25 11:52:01 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=8D928268AFBF31F8A34CE610DA175352 -- C:\WINDOWS\$NtUninstallKB840987$\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
[2002/11/22 05:28:16 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=DB15B2FE24ECCE331EA3A954F6F90448 -- C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[2002/08/29 07:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtUninstallQ328310$\user32.dll
< MD5 for: USERINIT.EXE >
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 02:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 02:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2002/08/29 07:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
[2012/09/29 13:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2002/08/29 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2002/08/29 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2003/04/30 03:59:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2003/04/30 03:59:08 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/04/30 03:59:08 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 01:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2012/11/01 07:17:52 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/11/01 07:17:52 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 21:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 21:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2012/06/08 09:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
Ich schicke noch die Movedfiles.zip von vorhin per upload vom anderen PC. |
|
06.01.2013, 18:34
| #7 |
| /// Malware-holic | GVU auf Windows XP / abgesicherter Modus startet nicht Hi auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Dieter_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Helga_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Helga_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Helga_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Helga_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Jörg_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Jörg_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2012/12/15 13:07:44 | 000,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk
[2013/01/03 09:52:42 | 000,047,616 | RHS- | C] (Auslogics) -- C:\Dokumente und Einstellungen\Dieter\1409921.exe
O4 - HKLM..\Run: [svñhîst] File not found
O4 - HKU\.DEFAULT..\Run: [ALUAlert] File not found
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 23:02
| #8 | |
| | GVU auf Windows XP / abgesicherter Modus startet nicht So der fix ist durchgelaufen. Der PC startet jetzt wieder normal und der Sperrbildschirm vom Trojaner ist weg. Ich habe mal versucht den abgesicherten Modus zu starten, das schlägt nach wie vor fehl. Ich packe Dir auch nochmal den Movefileordner ein und lade in via Uplaod hoch. Der zugehörige Logfile: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1DBAB667-A486-421e-AFE4-CF07DD0088E5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DBAB667-A486-421e-AFE4-CF07DD0088E5}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Dieter_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\Dieter_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\Dieter_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\Dieter_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Dieter_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\Dieter_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\Helga_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Helga_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\Helga_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\Helga_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\Jörg_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Jörg_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk moved successfully.
C:\Dokumente und Einstellungen\Dieter\1409921.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svñhîst deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ALUAlert deleted successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Besitzer
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Dieter
->Temp folder emptied: 158 bytes
->Temporary Internet Files folder emptied: 6356700 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Helga
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jörg
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
Total Flash Files Cleaned = 6.00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Besitzer
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Dieter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Helga
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jörg
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49816 bytes
Total Files Cleaned = 0.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 01062013_223641
 ---Edit--- Beim Packen hat Avira Alarm geschlagen (hat nach dem normalen Start des System bereits Updates installiert) und folgende Meldung ausgegeben: Zitat:
Geändert von Jojo66 (06.01.2013 um 23:12 Uhr) |
|
07.01.2013, 17:56
| #9 |
| /// Malware-holic | GVU auf Windows XP / abgesicherter Modus startet nicht Hi wir sind ja auch nicht fertig... :-) download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.01.2013, 20:19
| #10 |
| | GVU auf Windows XP / abgesicherter Modus startet nicht Hi ja, das wird noch ein bisschen dauern. Es gab' vier Funde: TDSS.log Code:
ATTFilter 20:14:14.0281 3712 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:14:14.0828 3712 ============================================================
20:14:14.0828 3712 Current date / time: 2013/01/07 20:14:14.0828
20:14:14.0828 3712 SystemInfo:
20:14:14.0828 3712
20:14:14.0828 3712 OS Version: 5.1.2600 ServicePack: 3.0
20:14:14.0828 3712 Product type: Workstation
20:14:14.0828 3712 ComputerName: COMPUTER
20:14:14.0828 3712 UserName: Dieter
20:14:14.0828 3712 Windows directory: C:\WINDOWS
20:14:14.0828 3712 System windows directory: C:\WINDOWS
20:14:14.0828 3712 Processor architecture: Intel x86
20:14:14.0828 3712 Number of processors: 1
20:14:14.0828 3712 Page size: 0x1000
20:14:14.0828 3712 Boot type: Normal boot
20:14:14.0828 3712 ============================================================
20:14:18.0953 3712 Drive \Device\Harddisk0\DR0 - Size: 0xDFBDD4000 (55.94 Gb), SectorSize: 0x200, Cylinders: 0x1C85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:14:19.0328 3712 ============================================================
20:14:19.0328 3712 \Device\Harddisk0\DR0:
20:14:19.0359 3712 MBR partitions:
20:14:19.0359 3712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x69FD347
20:14:19.0359 3712 ============================================================
20:14:19.0406 3712 C: <-> \Device\Harddisk0\DR0\Partition1
20:14:19.0437 3712 ============================================================
20:14:19.0437 3712 Initialize success
20:14:19.0437 3712 ============================================================
20:15:51.0546 2260 ============================================================
20:15:51.0546 2260 Scan started
20:15:51.0546 2260 Mode: Manual; SigCheck; TDLFS;
20:15:51.0546 2260 ============================================================
20:15:53.0031 2260 ================ Scan system memory ========================
20:15:53.0046 2260 System memory - ok
20:15:53.0046 2260 ================ Scan services =============================
20:15:53.0265 2260 Abiosdsk - ok
20:15:53.0312 2260 abp480n5 - ok
20:15:53.0390 2260 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:15:58.0421 2260 ACPI - ok
20:15:58.0484 2260 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:15:58.0750 2260 ACPIEC - ok
20:15:58.0796 2260 adpu160m - ok
20:15:58.0859 2260 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:15:59.0109 2260 aec - ok
20:15:59.0187 2260 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:15:59.0296 2260 AFD - ok
20:15:59.0359 2260 [ B34B1AB0A7690A0E2301FEC6D17B2FC1 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
20:15:59.0390 2260 AFS2K ( UnsignedFile.Multi.Generic ) - warning
20:15:59.0390 2260 AFS2K - detected UnsignedFile.Multi.Generic (1)
20:15:59.0406 2260 Aha154x - ok
20:15:59.0437 2260 aic78u2 - ok
20:15:59.0468 2260 aic78xx - ok
20:15:59.0578 2260 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:15:59.0859 2260 Alerter - ok
20:15:59.0921 2260 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
20:16:00.0031 2260 ALG - ok
20:16:00.0078 2260 AliIde - ok
20:16:00.0156 2260 [ 3A0DAFAC778236559C14C7203FB550EB ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:16:00.0406 2260 AmdK7 - ok
20:16:00.0453 2260 amsint - ok
20:16:00.0640 2260 [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Programme\Avira\AntiVir Desktop\avmailc.exe
20:16:00.0703 2260 AntiVirMailService - ok
20:16:00.0781 2260 [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
20:16:00.0796 2260 AntiVirSchedulerService - ok
20:16:00.0843 2260 [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:16:00.0859 2260 AntiVirService - ok
20:16:00.0937 2260 [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:16:00.0984 2260 AntiVirWebService - ok
20:16:01.0015 2260 AppMgmt - ok
20:16:01.0046 2260 asc - ok
20:16:01.0140 2260 asc3350p - ok
20:16:01.0171 2260 asc3550 - ok
20:16:01.0406 2260 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:16:01.0593 2260 aspnet_state - ok
20:16:01.0687 2260 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:16:01.0968 2260 AsyncMac - ok
20:16:02.0046 2260 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:16:02.0312 2260 atapi - ok
20:16:02.0343 2260 Atdisk - ok
20:16:02.0406 2260 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:16:02.0671 2260 Atmarpc - ok
20:16:02.0750 2260 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:16:03.0000 2260 AudioSrv - ok
20:16:03.0109 2260 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:16:03.0375 2260 audstub - ok
20:16:03.0421 2260 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:16:04.0218 2260 avgntflt - ok
20:16:04.0296 2260 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:16:04.0328 2260 avipbb - ok
20:16:04.0343 2260 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:16:04.0375 2260 avkmgr - ok
20:16:04.0468 2260 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:16:04.0750 2260 Beep - ok
20:16:04.0859 2260 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
20:16:05.0203 2260 BITS - ok
20:16:05.0281 2260 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
20:16:05.0390 2260 Browser - ok
20:16:05.0437 2260 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:16:05.0750 2260 cbidf2k - ok
20:16:05.0765 2260 cd20xrnt - ok
20:16:05.0843 2260 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:16:06.0093 2260 Cdaudio - ok
20:16:06.0156 2260 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:16:06.0406 2260 Cdfs - ok
20:16:06.0484 2260 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:16:06.0781 2260 Cdrom - ok
20:16:06.0796 2260 Changer - ok
20:16:06.0875 2260 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:16:07.0125 2260 CiSvc - ok
20:16:07.0171 2260 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:16:07.0468 2260 ClipSrv - ok
20:16:07.0593 2260 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:16:08.0218 2260 clr_optimization_v2.0.50727_32 - ok
20:16:08.0296 2260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:16:08.0500 2260 clr_optimization_v4.0.30319_32 - ok
20:16:08.0546 2260 CmdIde - ok
20:16:08.0593 2260 COMSysApp - ok
20:16:08.0656 2260 Cpqarray - ok
20:16:08.0734 2260 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:16:08.0984 2260 CryptSvc - ok
20:16:09.0015 2260 dac2w2k - ok
20:16:09.0046 2260 dac960nt - ok
20:16:09.0156 2260 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:16:09.0281 2260 DcomLaunch - ok
20:16:09.0359 2260 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:16:09.0625 2260 Dhcp - ok
20:16:09.0703 2260 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:16:09.0968 2260 Disk - ok
20:16:09.0984 2260 dmadmin - ok
20:16:10.0078 2260 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:16:10.0437 2260 dmboot - ok
20:16:10.0500 2260 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:16:10.0765 2260 dmio - ok
20:16:10.0812 2260 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:16:11.0078 2260 dmload - ok
20:16:11.0171 2260 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:16:11.0453 2260 dmserver - ok
20:16:11.0515 2260 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:16:11.0765 2260 DMusic - ok
20:16:11.0828 2260 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:16:11.0953 2260 Dnscache - ok
20:16:12.0031 2260 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:16:12.0296 2260 Dot3svc - ok
20:16:12.0328 2260 dpti2o - ok
20:16:12.0390 2260 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:16:12.0625 2260 drmkaud - ok
20:16:12.0703 2260 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:16:12.0968 2260 EapHost - ok
20:16:13.0015 2260 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:16:13.0250 2260 ERSvc - ok
20:16:13.0312 2260 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
20:16:13.0359 2260 Eventlog - ok
20:16:13.0453 2260 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
20:16:13.0609 2260 EventSystem - ok
20:16:13.0671 2260 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:16:13.0921 2260 Fastfat - ok
20:16:13.0984 2260 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:16:14.0109 2260 FastUserSwitchingCompatibility - ok
20:16:14.0187 2260 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:16:14.0437 2260 Fdc - ok
20:16:14.0500 2260 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
20:16:14.0765 2260 FETNDIS - ok
20:16:14.0828 2260 [ CC6B6DF3C35C20531492E1B700F700FA ] FETNDISB C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
20:16:14.0906 2260 FETNDISB - ok
20:16:14.0968 2260 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:16:15.0250 2260 Fips - ok
20:16:15.0312 2260 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:16:15.0546 2260 Flpydisk - ok
20:16:15.0625 2260 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:16:15.0875 2260 FltMgr - ok
20:16:16.0031 2260 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:16:16.0046 2260 FontCache3.0.0.0 - ok
20:16:16.0109 2260 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:16:16.0375 2260 Fs_Rec - ok
20:16:16.0437 2260 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:16:16.0656 2260 Ftdisk - ok
20:16:16.0718 2260 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:16:16.0937 2260 gameenum - ok
20:16:17.0031 2260 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:16:17.0281 2260 Gpc - ok
20:16:17.0375 2260 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
20:16:17.0406 2260 gupdate - ok
20:16:17.0437 2260 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
20:16:17.0468 2260 gupdatem - ok
20:16:17.0578 2260 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:16:17.0812 2260 helpsvc - ok
20:16:17.0875 2260 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
20:16:18.0109 2260 HidServ - ok
20:16:18.0187 2260 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:16:18.0421 2260 HidUsb - ok
20:16:18.0484 2260 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:16:18.0687 2260 hkmsvc - ok
20:16:18.0734 2260 hpn - ok
20:16:18.0812 2260 [ 863CC3A82C63C9F60ACF2E85D5310620 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:16:18.0890 2260 HPZid412 - ok
20:16:18.0953 2260 [ 08CB72E95DD75B61F2966B311D0E4366 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:16:19.0031 2260 HPZipr12 - ok
20:16:19.0093 2260 [ CA990306ED4EF732AF9695BFF24FC96F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:16:19.0203 2260 HPZius12 - ok
20:16:19.0281 2260 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:16:19.0375 2260 HTTP - ok
20:16:19.0453 2260 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:16:19.0734 2260 HTTPFilter - ok
20:16:19.0750 2260 i2omgmt - ok
20:16:19.0781 2260 i2omp - ok
20:16:19.0859 2260 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:16:20.0093 2260 i8042prt - ok
20:16:20.0265 2260 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:16:20.0390 2260 idsvc - ok
20:16:20.0484 2260 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:16:20.0750 2260 Imapi - ok
20:16:20.0828 2260 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe
20:16:21.0046 2260 ImapiService - ok
20:16:21.0078 2260 ini910u - ok
20:16:21.0125 2260 IntelIde - ok
20:16:21.0218 2260 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:16:21.0484 2260 ip6fw - ok
20:16:21.0546 2260 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:16:21.0796 2260 IpFilterDriver - ok
20:16:21.0828 2260 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:16:22.0062 2260 IpInIp - ok
20:16:22.0140 2260 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:16:22.0375 2260 IpNat - ok
20:16:22.0390 2260 iPod Service - ok
20:16:22.0453 2260 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:16:22.0656 2260 IPSec - ok
20:16:22.0703 2260 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:16:22.0828 2260 IRENUM - ok
20:16:22.0906 2260 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:16:23.0156 2260 isapnp - ok
20:16:23.0281 2260 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
20:16:23.0312 2260 JavaQuickStarterService - ok
20:16:23.0375 2260 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:16:23.0578 2260 Kbdclass - ok
20:16:23.0671 2260 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:16:23.0890 2260 kbdhid - ok
20:16:23.0968 2260 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:16:24.0187 2260 kmixer - ok
20:16:24.0265 2260 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:16:24.0406 2260 KSecDD - ok
20:16:24.0484 2260 [ FD1D572C705BD70953621DA8334F5A5C ] L8042mou C:\WINDOWS\system32\Drivers\L8042mou.sys
20:16:24.0578 2260 L8042mou - ok
20:16:24.0656 2260 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:16:24.0750 2260 lanmanserver - ok
20:16:24.0828 2260 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:16:24.0890 2260 lanmanworkstation - ok
20:16:24.0906 2260 lbrtfdc - ok
20:16:24.0984 2260 LEC TranslateDotNet Server - ok
20:16:25.0062 2260 [ 6F6FED015CD3D33A048F9FC40F42E076 ] LHidKe C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
20:16:25.0093 2260 LHidKe - ok
20:16:25.0156 2260 [ C9FEEB4604C303CBD68E0A6780B5F50C ] LHidUsbK C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
20:16:25.0234 2260 LHidUsbK - ok
20:16:25.0312 2260 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:16:25.0515 2260 LmHosts - ok
20:16:25.0593 2260 [ E424EB5F4FCF486490A17BEA3DFC64A9 ] LMouKE C:\WINDOWS\system32\Drivers\LMouKE.sys
20:16:25.0640 2260 LMouKE - ok
20:16:25.0718 2260 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:16:25.0953 2260 Messenger - ok
20:16:26.0015 2260 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:16:26.0218 2260 mnmdd - ok
20:16:26.0281 2260 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:16:26.0515 2260 mnmsrvc - ok
20:16:26.0578 2260 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:16:26.0796 2260 Modem - ok
20:16:26.0859 2260 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:16:27.0078 2260 Mouclass - ok
20:16:27.0125 2260 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:16:27.0312 2260 mouhid - ok
20:16:27.0375 2260 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:16:27.0593 2260 MountMgr - ok
20:16:27.0625 2260 mraid35x - ok
20:16:27.0671 2260 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:16:27.0875 2260 MRxDAV - ok
20:16:28.0000 2260 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:16:28.0125 2260 MRxSmb - ok
20:16:28.0187 2260 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:16:28.0375 2260 MSDTC - ok
20:16:28.0531 2260 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:16:28.0734 2260 Msfs - ok
20:16:28.0765 2260 MSIServer - ok
20:16:28.0859 2260 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:16:29.0078 2260 MSKSSRV - ok
20:16:29.0140 2260 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:16:29.0359 2260 MSPCLOCK - ok
20:16:29.0421 2260 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:16:29.0640 2260 MSPQM - ok
20:16:29.0703 2260 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:16:29.0906 2260 mssmbios - ok
20:16:30.0015 2260 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
20:16:30.0187 2260 ms_mpu401 - ok
20:16:30.0312 2260 [ F24F3B21F3E4F57EBB9B83DDCEB94222 ] Mtlmnt5 C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
20:16:30.0375 2260 Mtlmnt5 - ok
20:16:30.0484 2260 [ A7BCCDE80E2AA9913B6AB0C38A891DA8 ] Mtlstrm C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
20:16:30.0765 2260 Mtlstrm - ok
20:16:30.0843 2260 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:16:30.0890 2260 Mup - ok
20:16:30.0984 2260 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
20:16:31.0218 2260 napagent - ok
20:16:31.0281 2260 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:16:31.0484 2260 NDIS - ok
20:16:31.0562 2260 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:16:31.0640 2260 NdisTapi - ok
20:16:31.0703 2260 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:16:31.0921 2260 Ndisuio - ok
20:16:31.0984 2260 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:16:32.0187 2260 NdisWan - ok
20:16:32.0281 2260 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:16:32.0359 2260 NDProxy - ok
20:16:32.0421 2260 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:16:32.0640 2260 NetBIOS - ok
20:16:32.0703 2260 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:16:32.0906 2260 NetBT - ok
20:16:33.0000 2260 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
20:16:33.0203 2260 NetDDE - ok
20:16:33.0234 2260 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:16:33.0421 2260 NetDDEdsdm - ok
20:16:33.0500 2260 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe
20:16:33.0687 2260 Netlogon - ok
20:16:33.0781 2260 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
20:16:33.0984 2260 Netman - ok
20:16:34.0062 2260 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:16:34.0093 2260 NetTcpPortSharing - ok
20:16:34.0171 2260 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
20:16:34.0203 2260 Nla - ok
20:16:34.0312 2260 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
20:16:34.0359 2260 NMSAccess - ok
20:16:34.0421 2260 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\npf.sys
20:16:34.0437 2260 NPF - ok
20:16:34.0500 2260 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:16:34.0687 2260 Npfs - ok
20:16:34.0765 2260 [ A8E6014CB525F30ADB461310E27E6585 ] nsysaudm C:\WINDOWS\System32\Drivers\nsysaudm.sys
20:16:34.0765 2260 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\nsysaudm.sys. md5: A8E6014CB525F30ADB461310E27E6585
20:16:34.0765 2260 nsysaudm ( LockedFile.Multi.Generic ) - warning
20:16:34.0765 2260 nsysaudm - detected LockedFile.Multi.Generic (1)
20:16:34.0843 2260 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:16:35.0062 2260 Ntfs - ok
20:16:35.0109 2260 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:16:35.0296 2260 NtLmSsp - ok
20:16:35.0390 2260 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:16:35.0609 2260 NtmsSvc - ok
20:16:35.0718 2260 [ E18ADA400E7A5DA5CBF1BBAF9C5D0B60 ] NtMtlFax C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
20:16:35.0750 2260 NtMtlFax - ok
20:16:35.0843 2260 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:16:36.0031 2260 Null - ok
20:16:36.0140 2260 [ 586B3DDB22E468071B63D3A44A6D7CFD ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:16:36.0421 2260 nv - ok
20:16:36.0484 2260 [ 4B17A1424F4BAB51681552307F20A2A1 ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
20:16:36.0515 2260 NVSvc - ok
20:16:36.0578 2260 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:16:36.0812 2260 NwlnkFlt - ok
20:16:36.0875 2260 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:16:37.0062 2260 NwlnkFwd - ok
20:16:37.0140 2260 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:16:37.0359 2260 Parport - ok
20:16:37.0421 2260 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:16:37.0609 2260 PartMgr - ok
20:16:37.0687 2260 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:16:37.0890 2260 ParVdm - ok
20:16:37.0968 2260 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:16:38.0140 2260 PCI - ok
20:16:38.0187 2260 PCIDump - ok
20:16:38.0234 2260 PCIIde - ok
20:16:38.0296 2260 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:16:38.0500 2260 Pcmcia - ok
20:16:38.0531 2260 PDCOMP - ok
20:16:38.0578 2260 PDFRAME - ok
20:16:38.0609 2260 PDRELI - ok
20:16:38.0640 2260 PDRFRAME - ok
20:16:38.0671 2260 perc2 - ok
20:16:38.0718 2260 perc2hib - ok
20:16:38.0843 2260 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
20:16:38.0875 2260 PlugPlay - ok
20:16:38.0921 2260 [ FB03F341FF5380394BF2EE52F1979925 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
20:16:38.0968 2260 Pml Driver HPZ12 - ok
20:16:39.0000 2260 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
20:16:39.0171 2260 PolicyAgent - ok
20:16:39.0250 2260 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:16:39.0484 2260 PptpMiniport - ok
20:16:39.0578 2260 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:16:39.0781 2260 ProtectedStorage - ok
20:16:39.0859 2260 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:16:40.0078 2260 PSched - ok
20:16:40.0187 2260 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:16:40.0390 2260 Ptilink - ok
20:16:40.0421 2260 ql1080 - ok
20:16:40.0453 2260 Ql10wnt - ok
20:16:40.0500 2260 ql12160 - ok
20:16:40.0531 2260 ql1240 - ok
20:16:40.0562 2260 ql1280 - ok
20:16:40.0640 2260 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:16:40.0875 2260 RasAcd - ok
20:16:40.0953 2260 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:16:41.0203 2260 RasAuto - ok
20:16:41.0359 2260 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:16:41.0562 2260 Rasl2tp - ok
20:16:41.0703 2260 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:16:41.0921 2260 RasMan - ok
20:16:42.0000 2260 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:16:42.0203 2260 RasPppoe - ok
20:16:42.0281 2260 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:16:42.0546 2260 Raspti - ok
20:16:42.0968 2260 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:16:43.0281 2260 Rdbss - ok
20:16:43.0375 2260 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:16:43.0625 2260 RDPCDD - ok
20:16:43.0843 2260 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:16:44.0109 2260 RDPWD - ok
20:16:44.0250 2260 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:16:44.0609 2260 RDSessMgr - ok
20:16:44.0703 2260 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:16:44.0921 2260 redbook - ok
20:16:44.0984 2260 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:16:45.0171 2260 RemoteAccess - ok
20:16:45.0281 2260 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Programme\WinPcap\rpcapd.exe
20:16:45.0296 2260 rpcapd - ok
20:16:45.0390 2260 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
20:16:45.0593 2260 RpcLocator - ok
20:16:45.0687 2260 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:16:45.0750 2260 RpcSs - ok
20:16:45.0812 2260 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:16:46.0031 2260 RSVP - ok
20:16:46.0093 2260 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
20:16:46.0265 2260 SamSs - ok
20:16:46.0328 2260 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:16:46.0546 2260 SCardSvr - ok
20:16:46.0656 2260 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:16:46.0921 2260 Schedule - ok
20:16:47.0015 2260 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:16:47.0156 2260 Secdrv - ok
20:16:47.0281 2260 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
20:16:47.0484 2260 seclogon - ok
20:16:47.0562 2260 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
20:16:47.0765 2260 SENS - ok
20:16:47.0812 2260 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:16:48.0078 2260 serenum - ok
20:16:48.0109 2260 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:16:48.0328 2260 Serial - ok
20:16:48.0468 2260 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:16:48.0671 2260 Sfloppy - ok
20:16:48.0765 2260 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:16:48.0953 2260 SharedAccess - ok
20:16:49.0015 2260 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:16:49.0078 2260 ShellHWDetection - ok
20:16:49.0109 2260 Simbad - ok
20:16:49.0218 2260 [ B3764BC11B854F1C120FD5FB670F909E ] Slntamr C:\WINDOWS\system32\DRIVERS\slntamr.sys
20:16:49.0343 2260 Slntamr - ok
20:16:49.0390 2260 [ 42B28042491C5344579738AF49914C48 ] SlNtHal C:\WINDOWS\system32\DRIVERS\Slnthal.sys
20:16:49.0437 2260 SlNtHal - ok
20:16:49.0453 2260 SLService - ok
20:16:49.0531 2260 [ 671A8E72CEEE56FC61BA11367B8C61D5 ] SlWdmSup C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
20:16:49.0562 2260 SlWdmSup - ok
20:16:49.0609 2260 Sparrow - ok
20:16:49.0671 2260 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:16:49.0875 2260 splitter - ok
20:16:49.0953 2260 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:16:50.0031 2260 Spooler - ok
20:16:50.0109 2260 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:16:50.0218 2260 sr - ok
20:16:50.0296 2260 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll
20:16:50.0406 2260 srservice - ok
20:16:50.0515 2260 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:16:50.0609 2260 Srv - ok
20:16:50.0671 2260 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:16:50.0796 2260 SSDPSRV - ok
20:16:50.0875 2260 [ CFC9B1CA57B41323A721D5F01FB2F899 ] SSHDRV84 C:\WINDOWS\System32\drivers\SSHDRV84.sys
20:16:50.0906 2260 SSHDRV84 ( UnsignedFile.Multi.Generic ) - warning
20:16:50.0906 2260 SSHDRV84 - detected UnsignedFile.Multi.Generic (1)
20:16:50.0968 2260 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:16:50.0984 2260 ssmdrv - ok
20:16:51.0031 2260 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
20:16:51.0046 2260 StarOpen ( UnsignedFile.Multi.Generic ) - warning
20:16:51.0046 2260 StarOpen - detected UnsignedFile.Multi.Generic (1)
20:16:51.0140 2260 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:16:51.0375 2260 stisvc - ok
20:16:51.0453 2260 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:16:51.0640 2260 swenum - ok
20:16:51.0718 2260 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:16:51.0906 2260 swmidi - ok
20:16:51.0937 2260 SwPrv - ok
20:16:51.0984 2260 symc810 - ok
20:16:52.0015 2260 symc8xx - ok
20:16:52.0062 2260 sym_hi - ok
20:16:52.0093 2260 sym_u3 - ok
20:16:52.0171 2260 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:16:52.0390 2260 sysaudio - ok
20:16:52.0453 2260 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:16:52.0640 2260 SysmonLog - ok
20:16:52.0734 2260 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:16:52.0968 2260 TapiSrv - ok
20:16:53.0046 2260 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:16:53.0093 2260 Tcpip - ok
20:16:53.0171 2260 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:16:53.0343 2260 TDPIPE - ok
20:16:53.0375 2260 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:16:53.0562 2260 TDTCP - ok
20:16:53.0593 2260 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:16:53.0781 2260 TermDD - ok
20:16:53.0875 2260 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
20:16:54.0046 2260 TermService - ok
20:16:54.0093 2260 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:16:54.0125 2260 Themes - ok
20:16:54.0156 2260 TosIde - ok
20:16:54.0234 2260 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:16:54.0421 2260 TrkWks - ok
20:16:54.0531 2260 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:16:54.0703 2260 Udfs - ok
20:16:54.0750 2260 ultra - ok
20:16:54.0828 2260 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
20:16:54.0921 2260 UMWdf - ok
20:16:55.0000 2260 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:16:55.0218 2260 Update - ok
20:16:55.0296 2260 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:16:55.0437 2260 upnphost - ok
20:16:55.0468 2260 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
20:16:55.0671 2260 UPS - ok
20:16:55.0750 2260 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:16:55.0937 2260 usbaudio - ok
20:16:56.0046 2260 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:16:56.0234 2260 usbccgp - ok
20:16:56.0281 2260 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:16:56.0468 2260 usbehci - ok
20:16:56.0500 2260 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:16:56.0687 2260 usbhub - ok
20:16:56.0765 2260 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:16:56.0937 2260 usbprint - ok
20:16:56.0968 2260 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:16:57.0187 2260 usbscan - ok
20:16:57.0218 2260 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:16:57.0406 2260 USBSTOR - ok
20:16:57.0453 2260 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:16:57.0625 2260 usbuhci - ok
20:16:57.0703 2260 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:16:57.0906 2260 VgaSave - ok
20:16:57.0968 2260 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:16:58.0125 2260 viaagp - ok
20:16:58.0171 2260 [ F76EA9AE8D32EC50159795D29674465E ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
20:16:58.0250 2260 viaagp1 - ok
20:16:58.0328 2260 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:16:58.0515 2260 ViaIde - ok
20:16:58.0593 2260 [ 4D1F307CEC72CEF24602D7ECACD8D6CF ] VIAudio C:\WINDOWS\system32\drivers\viaudio.sys
20:16:58.0671 2260 VIAudio - ok
20:16:58.0750 2260 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:16:58.0937 2260 VolSnap - ok
20:16:59.0031 2260 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
20:16:59.0156 2260 VSS - ok
20:16:59.0296 2260 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll
20:16:59.0468 2260 W32Time - ok
20:16:59.0593 2260 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:16:59.0781 2260 Wanarp - ok
20:16:59.0796 2260 wanatw - ok
20:16:59.0828 2260 WDICA - ok
20:16:59.0906 2260 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:17:00.0078 2260 wdmaud - ok
20:17:00.0140 2260 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:17:00.0359 2260 WebClient - ok
20:17:00.0546 2260 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:17:00.0750 2260 winmgmt - ok
20:17:00.0875 2260 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:17:00.0968 2260 WmdmPmSN - ok
20:17:01.0062 2260 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:17:01.0234 2260 WmiApSrv - ok
20:17:01.0390 2260 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:17:01.0468 2260 WPFFontCache_v0400 - ok
20:17:01.0531 2260 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:17:01.0703 2260 WS2IFSL - ok
20:17:01.0781 2260 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:17:01.0984 2260 wscsvc - ok
20:17:02.0046 2260 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:17:02.0250 2260 wuauserv - ok
20:17:02.0359 2260 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:17:02.0625 2260 WZCSVC - ok
20:17:02.0703 2260 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:17:02.0921 2260 xmlprov - ok
20:17:02.0937 2260 ================ Scan global ===============================
20:17:03.0000 2260 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
20:17:03.0062 2260 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:17:03.0109 2260 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:17:03.0156 2260 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
20:17:03.0156 2260 [Global] - ok
20:17:03.0171 2260 ================ Scan MBR ==================================
20:17:03.0218 2260 [ D70E003772426DE74EB7664C570343CB ] \Device\Harddisk0\DR0
20:17:03.0640 2260 \Device\Harddisk0\DR0 - ok
20:17:03.0656 2260 ================ Scan VBR ==================================
20:17:03.0703 2260 [ 2340AE0FB6F22904425EF81DBFC4837E ] \Device\Harddisk0\DR0\Partition1
20:17:03.0703 2260 \Device\Harddisk0\DR0\Partition1 - ok
20:17:03.0718 2260 ============================================================
20:17:03.0718 2260 Scan finished
20:17:03.0718 2260 ============================================================
20:17:03.0875 3616 Detected object count: 4
20:17:03.0875 3616 Actual detected object count: 4
20:17:26.0390 3616 AFS2K ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:26.0390 3616 AFS2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:26.0390 3616 nsysaudm ( LockedFile.Multi.Generic ) - skipped by user
20:17:26.0390 3616 nsysaudm ( LockedFile.Multi.Generic ) - User select action: Skip
20:17:26.0406 3616 SSHDRV84 ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:26.0406 3616 SSHDRV84 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:26.0406 3616 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:26.0406 3616 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
07.01.2013, 20:23
| #11 | |
| /// Malware-holic | GVU auf Windows XP / abgesicherter Modus startet nicht Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.01.2013, 22:40
| #12 |
| | GVU auf Windows XP / abgesicherter Modus startet nicht ComboFix lief mit Neustart durch: Code:
ATTFilter ComboFix 13-01-06.01 - Dieter 07.01.2013 22:12:23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.767.482 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Dieter\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\dokumente und einstellungen\Default User\WINDOWS
c:\dokumente und einstellungen\Dieter\WINDOWS
c:\dokumente und einstellungen\Helga\WINDOWS
c:\windows\_iserr31.ini
c:\windows\IsUn0407.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASAPI
-------\Service_Asapi
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-07 bis 2013-01-07 ))))))))))))))))))))))))))))))
.
.
2013-01-05 22:12 . 2013-01-06 22:12 -------- d-----w- C:\_OTL
2012-12-15 17:54 . 2012-12-15 17:54 -------- d-----w- c:\dokumente und einstellungen\Dieter\Lokale Einstellungen\Anwendungsdaten\AskToolbar
2012-12-11 00:33 . 2012-12-11 00:33 -------- d-----w- c:\dokumente und einstellungen\Dieter\.jivex
2012-12-10 23:38 . 2012-12-10 23:39 -------- d-----w- c:\dokumente und einstellungen\Dieter\tmpjex1
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2003-04-30 15:55 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2003-04-30 15:55 1866496 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2003-04-30 08:07 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-11-11 18:50 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2003-04-30 15:55 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2003-04-30 15:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 07:42 385024 ------w- c:\windows\system32\html.iec
2003-04-02 06:09 . 2003-04-02 06:09 405504 ----a-w- c:\programme\gtermddo.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2012-04-04 5156128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-14 380928]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-02 4616192]
"nwiz"="nwiz.exe" [2003-04-02 323584]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2011-03-22 155648]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2003-11-25 151597]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-02-16 282624]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 29696]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-28 348664]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-04-02 49152]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Desktop Application Director 9.LNK - c:\programme\Corel\WordPerfect Office 2000\programs\dad9.exe [2003-4-30 225280]
hp psc 1000 series.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
Logitech Desktop Messenger.lnk - c:\programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-9-16 196608]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\KEM.exe [2011-9-16 573440]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-w- c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [28.08.2012 19:57 36000]
R1 SSHDRV84;SSHDRV84;c:\windows\system32\drivers\SSHDRV84.sys [18.10.2004 13:55 76800]
R2 AntiVirMailService;Avira Email Schutz;c:\programme\Avira\AntiVir Desktop\avmailc.exe [28.08.2012 19:57 375760]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [28.08.2012 19:58 86224]
R2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [28.08.2012 19:57 465360]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
2012-12-15 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4355595189.job
- c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-27 09:47]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-27 09:47]
.
2013-01-07 c:\windows\Tasks\User_Feed_Synchronization-{0A7B626A-BF2D-4691-B49F-6B535575183A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-LDM - c:\programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
HKU-Default-Run-Symantec Network Driver Update Warning - c:\progra~1\Symantec\LIVEUP~1\SNDWarn.EXE
HKU-Default-Run-Symantec NetDriver Warning - c:\progra~1\SYMNET~1\SNDWarn.exe
MSConfigStartUp-{0CE3651A-C78A-4911-7A0C-C977D8CAAF97} - c:\dokumente und einstellungen\Dieter\Anwendungsdaten\Eqx\liugad.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-PRINT FIT - Das große CD-Druck Paket - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-07 22:30
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,a7,e9,c9,83,b5,a3,47,a1,bf,cf,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,a7,e9,c9,83,b5,a3,47,a1,bf,cf,\
.
[HKEY_USERS\S-1-5-21-2231320169-86855034-4251418335-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2231320169-86855034-4251418335-1006\Software\SecuROM\License information*]
"datasecu"=hex:69,fd,3f,d9,88,ad,69,06,c7,62,d5,64,89,a7,4c,29,13,fa,1d,8f,12,
98,34,72,97,2c,f4,6d,fc,49,ee,12,b9,3f,4f,0a,44,a0,50,cd,04,3f,65,2e,e1,fb,\
"rkeysecu"=hex:b3,11,10,fd,ee,a1,e3,3b,4d,78,c2,b2,ea,db,2d,f2
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(692)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(3900)
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Logitech\SetPoint\KHALMNPR.EXE
c:\programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-07 22:41:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-07 21:41
.
Vor Suchlauf: 14 Verzeichnis(se), 19.374.804.992 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 19.606.888.448 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 22A29E864C2508A87C8739AE423E7E4F
|
|
08.01.2013, 18:06
| #13 |
| /// Malware-holic | GVU auf Windows XP / abgesicherter Modus startet nicht Hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.01.2013, 23:29
| #14 |
| | GVU auf Windows XP / abgesicherter Modus startet nicht Hi, hat lange gedauert, Funde gab's keine: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.08.12 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Dieter :: COMPUTER [Administrator] 08.01.2013 21:02:12 mbam-log-2013-01-08 (21-02-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 340834 Laufzeit: 2 Stunde(n), 17 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
08.01.2013, 23:34
| #15 |
| /// Malware-holic | GVU auf Windows XP / abgesicherter Modus startet nicht Hi lade den CCleaner standard: CCleaner Download - CCleaner 3.21.1767 falls der CCleaner bereits instaliert ist, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU auf Windows XP / abgesicherter Modus startet nicht |
| abgesicherter modus startet nicht, administrator, avira, bho, cdburnerxp, desktop, dllcache, einstellungen, explorer, format, homepage, logfile, nvidia, opera, plug-in, registry, server, software, symantec, system, tr/tobfy.g.75, trojaner, windows, windows xp, winlogon |
Linear-Darstellung
