Hi,

am Rechner der Freundin GUV Trojaner eingefangen. Ich werde vermutlich der Schuldige sein daher bitte ich um Mitleid und schnelle Hilfe xD. Trojaner blockt auch Abgesicherten Modus, da er nach dem Start des AM sofort wieder runter fährt. Habe mit OTLPENet.exe von CD aus starten wollen. (Hinweis aus http://www.trojaner-board.de/129849-...r-starten.html). Aber da kommt beim WinXP Starten ein Blue Screen und jetzt komm ich an keine otl.log, die ich euch schon gerne präsentiert hätte.

Danke mal im vorraus.

Hallo,

Zitat:

Aber da kommt beim WinXP Starten ein Blue Screen

Geh mal ins BIOS deines Computers und stell den Plattencontroller von AHCI auf IDE bzw. Compatible um. Genauere Anleitungen kann man nicht posten, da fast jedes BIOS anders aussieht. Schau notfalls ins Handbuch.

Um das installierte Windows wieder booten zu können musst du natürlich auf AHCI wieder umstellen.

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 2/28/2013 11:28:34 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 9.96 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive D: | 204.03 Gb Total Space | 164.54 Gb Free Space | 80.64% Space Free | Partition Type: NTFS
Drive E: | 3.90 Gb Total Space | 3.45 Gb Free Space | 88.58% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV:64bit: - (lxct_device) -- C:\Windows\System32\lxctcoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (lxct_device) -- C:\Windows\SysWow64\lxctcoms.exe ( )
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\System32\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\System32\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys ()
DRV:64bit: - (athr) -- C:\Windows\System32\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) -- C:\Windows\System32\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (CVirtA) -- C:\Windows\System32\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV:64bit: - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV:64bit: - (Ntfs) -- C:\Windows\System32\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\system32\DRIVERS\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\System32\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\System32\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (DNE) -- C:\Windows\System32\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Krissi_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\Krissi_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\Krissi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Krissi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Krissi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Search Safer"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_6_602_171.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013/02/13 12:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/21 04:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/08/05 14:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krissi\AppData\Roaming\Mozilla\Extensions
[2013/02/17 18:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\extensions
[2011/12/19 05:39:51 | 000,000,933 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\11-suche.xml
[2011/12/19 05:39:51 | 000,002,419 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\englische-ergebnisse.xml
[2011/12/19 05:39:51 | 000,010,525 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\gmx-suche.xml
[2011/12/19 05:39:51 | 000,002,457 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\lastminute.xml
[2012/01/06 18:16:10 | 000,002,203 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\MyStart Search.xml
[2012/09/22 11:01:35 | 000,000,642 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\search-safer.xml
[2012/08/04 16:27:27 | 000,002,062 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\softonic.xml
[2011/12/19 05:39:51 | 000,005,508 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\webde-suche.xml
[2013/01/28 05:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- 
[2013/02/13 12:37:01 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES (X86)\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
[2013/02/21 04:02:11 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/16 19:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/10/12 09:39:47 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/01/16 19:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/16 19:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013/01/16 19:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/01/16 19:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/01/16 19:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (IEAddonBHO Class) - {47B614AF-B4CC-485B-B331-BE26F02ED4CC} - C:\Program Files (x86)\Internet Explorer\IEAddon.dll (APC)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Krissi_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\x64\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\Krissi_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Krissi_ON_C..\Run: [RESTART_STICKY_NOTES]  File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Krissi_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Krissi_ON_C Winlogon: Shell - (C:\Users\Krissi\AppData\Roaming\skype.dat) - C:\Users\Krissi\AppData\Roaming\skype.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{64255835-f41e-11e0-86f4-20cf30569eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{64255835-f41e-11e0-86f4-20cf30569eb6}\Shell\AutoRun\command - "" = I:\Launch.exe
O33 - MountPoints2\{8b345790-c44d-11e0-8f28-20cf30569eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{8b345790-c44d-11e0-8f28-20cf30569eb6}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/26 15:06:18 | 000,000,000 | ---D | C] -- C:\Users\Krissi\Desktop\Gimp Beispiele
[2013/02/26 14:19:27 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Local\fontconfig
[2013/02/26 14:19:25 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Local\gegl-0.2
[2013/02/26 14:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/02/26 14:16:57 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Local\Programs
[2013/02/26 14:11:23 | 000,000,000 | ---D | C] -- C:\Users\Krissi\Documents\gegl-0.0
[2013/02/24 11:24:46 | 000,000,000 | ---D | C] -- C:\Users\Krissi\Desktop\Märzseminar
[2013/02/24 10:29:14 | 000,000,000 | ---D | C] -- C:\Users\Krissi\Desktop\Offene Kinder- und Jugendarbeit
[2013/02/14 11:27:33 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Roaming\Apple Computer
[2013/02/14 11:27:33 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Local\Apple Computer
[2013/02/14 11:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/14 11:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/14 11:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/14 11:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/02/14 11:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/02/14 11:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/14 11:26:08 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Local\Apple
[2013/02/14 11:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/02/14 11:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/02/14 11:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/02/14 11:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/02/14 11:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/02/14 11:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/02/14 06:43:25 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
[2013/02/13 12:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/02/13 12:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/01/29 12:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2013/01/29 12:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2013/01/29 12:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
[2011/10/03 09:49:55 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctserv.dll
[2011/10/03 09:49:55 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctusb1.dll
[2011/10/03 09:49:55 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcthbn3.dll
[2011/10/03 09:49:55 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctcomc.dll
[2011/10/03 09:49:55 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctpmui.dll
[2011/10/03 09:49:55 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctlmpm.dll
[2011/10/03 09:49:55 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctcoms.exe
[2011/10/03 09:49:55 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctcomm.dll
[2011/10/03 09:49:55 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctinpa.dll
[2011/10/03 09:49:55 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctiesc.dll
[2011/10/03 09:49:55 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctih.exe
[2011/10/03 09:49:55 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctcfg.exe
[2011/10/03 09:49:55 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctppls.exe
[2011/10/03 09:49:55 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctprox.dll
[2011/10/03 09:49:55 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctpplc.dll
[2007/08/13 11:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Krissi\AppData\Local\CDRip.dll
[2007/01/18 15:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Krissi\AppData\Local\No23 Recorder.exe
[2006/12/11 13:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Krissi\AppData\Local\basscd.dll
[2006/12/11 13:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Krissi\AppData\Local\bass.dll
[2 C:\Users\Krissi\Desktop\*.tmp files -> C:\Users\Krissi\Desktop\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/28 04:22:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/28 04:22:05 | 000,000,004 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\skype.ini
[2013/02/28 04:20:08 | 3018,039,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/27 20:22:48 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 20:22:48 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 20:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/27 14:32:49 | 000,007,682 | ---- | M] () -- C:\Users\Krissi\AppData\Local\recently-used.xbel
[2013/02/27 14:00:41 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/27 14:00:41 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/27 12:26:21 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/02/27 12:26:21 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/27 12:26:21 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/02/27 12:26:21 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/26 14:19:08 | 000,000,894 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013/02/14 11:33:38 | 000,001,472 | ---- | M] () -- C:\Users\Krissi\AppData\Local\RecConfig.xml
[2013/02/14 11:27:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/14 11:26:07 | 000,002,519 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/02/13 12:37:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/01/29 12:53:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2 C:\Users\Krissi\Desktop\*.tmp files -> C:\Users\Krissi\Desktop\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/27 20:15:46 | 000,000,004 | ---- | C] () -- C:\Users\Krissi\AppData\Roaming\skype.ini
[2013/02/27 14:32:49 | 000,007,682 | ---- | C] () -- C:\Users\Krissi\AppData\Local\recently-used.xbel
[2013/02/26 14:19:08 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013/02/14 11:33:38 | 000,001,472 | ---- | C] () -- C:\Users\Krissi\AppData\Local\RecConfig.xml
[2013/02/14 11:26:07 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/11 11:31:02 | 000,000,890 | ---- | C] () -- C:\Users\Krissi\AppData\Roaming\psppirerc
[2012/07/25 08:13:23 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/07/25 08:13:23 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/07/12 14:06:52 | 000,000,017 | ---- | C] () -- C:\Users\Krissi\AppData\Local\resmon.resmoncfg
[2012/05/08 07:20:19 | 000,000,521 | ---- | C] () -- C:\Windows\eReg.dat
[2012/02/19 14:22:40 | 000,007,168 | ---- | C] () -- C:\Users\Krissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/04 11:38:14 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2012/01/04 11:38:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/10/03 09:49:56 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCTinst.dll
[2011/08/13 05:17:10 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/06 07:24:45 | 000,087,040 | -HS- | C] () -- C:\Users\Krissi\AppData\Roaming\skype.dat
[2011/03/09 14:20:38 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/08 09:00:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/08 08:46:15 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/02/09 02:07:38 | 000,020,480 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2010/02/09 02:07:38 | 000,000,269 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/10/25 22:38:22 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/07/29 00:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/08/13 11:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Krissi\AppData\Local\lame_enc.dll
[2006/10/25 19:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Krissi\AppData\Local\vorbisenc.dll
[2006/10/25 19:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Krissi\AppData\Local\vorbisfile.dll
[2006/10/25 19:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Krissi\AppData\Local\vorbis.dll
[2006/10/25 19:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Krissi\AppData\Local\ogg.dll
[2006/05/18 22:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2005/08/23 16:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Krissi\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2011/10/03 09:54:54 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\5400 Series
[2012/12/24 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Augentraining 2
[2012/10/12 09:39:38 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Babylon
[2011/08/11 15:48:26 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\DAEMON Tools Lite
[2012/05/31 10:16:46 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Downloaded Installations
[2012/12/24 18:02:37 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Dr. Tool Mathe
[2012/11/27 08:29:22 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Dropbox
[2013/02/13 12:36:47 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\DVDVideoSoft
[2011/08/07 09:00:44 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/25 09:37:22 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Epson
[2012/05/31 10:20:03 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\FileOpen
[2012/11/27 08:30:18 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\FreeScreenToVideo
[2012/10/21 05:13:37 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Funlinker
[2012/12/24 18:12:17 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Gehirnsport Extra
[2012/11/27 08:30:39 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\GrassGames
[2012/05/22 08:02:45 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\gtk-2.0
[2012/12/13 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\IE Addon
[2012/12/28 04:41:02 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Nitro PDF
[2013/02/13 12:36:48 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\OpenCandy
[2012/03/08 06:16:48 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\PixelPlanet
[2012/10/27 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Settlement. Colossus
[2012/01/13 08:49:27 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\SoftGrid Client
[2011/08/13 05:17:51 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\TP
[2012/09/26 16:22:06 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\TuneUp Software
[2013/02/14 11:27:27 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2011/10/03 09:50:13 | 000,000,000 | ---D | M] -- C:\ProgramData\5400 Series
[2012/10/27 12:43:12 | 000,000,000 | ---D | M] -- C:\ProgramData\AlawarWrapper
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/06/15 17:49:22 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2012/10/12 09:39:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2012/07/12 14:30:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Big Fish Games
[2012/09/26 16:21:17 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2011/08/11 15:46:56 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/05/25 09:23:06 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2012/04/14 05:51:45 | 000,000,000 | ---D | M] -- C:\ProgramData\FarmFrenzy_Rome
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/05/31 10:20:03 | 000,000,000 | ---D | M] -- C:\ProgramData\FileOpen
[2011/08/05 08:03:06 | 000,000,000 | ---D | M] -- C:\ProgramData\GoBoingo
[2012/08/04 15:48:59 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallBrainService
[2012/08/04 16:27:40 | 000,000,000 | ---D | M] -- C:\ProgramData\install_clap
[2012/04/14 05:51:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2012/05/31 10:19:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF
[2011/08/05 08:26:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Partner
[2012/03/08 06:14:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PixelPlanet
[2013/01/29 12:54:04 | 000,000,000 | ---D | M] -- C:\ProgramData\PMS
[2012/07/25 08:16:25 | 000,000,000 | ---D | M] -- C:\ProgramData\SafeNet Sentinel
[2013/01/08 12:37:55 | 000,000,000 | ---D | M] -- C:\ProgramData\SevenOne
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/10/23 17:39:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2012/01/12 10:38:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/09/26 16:22:08 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2012/05/25 09:27:10 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2011/08/14 14:42:38 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2012/09/26 16:21:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/02/21 03:58:29 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 2/28/2013 11:28:34 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 9.96 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive D: | 204.03 Gb Total Space | 164.54 Gb Free Space | 80.64% Space Free | Partition Type: NTFS
Drive E: | 3.90 Gb Total Space | 3.45 Gb Free Space | 88.58% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{2304AF3E-F694-38CA-B0F9-E80D5CA390F4}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A69B08B1-51B4-46CD-82D2-81232BD51F4A}" = Nitro Reader 2
"{B6D5A1D7-6E4B-7FE0-790E-864A77AFD773}" = ccc-utility64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON SX235 Series" = Druckerdeinstallation für EPSON SX235 Series
"GIMP-2_is1" = GIMP 2.8.4
"Lexmark 5400 Series" = Lexmark 5400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{2304AF3E-F694-38CA-B0F9-E80D5CA390F4}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A69B08B1-51B4-46CD-82D2-81232BD51F4A}" = Nitro Reader 2
"{B6D5A1D7-6E4B-7FE0-790E-864A77AFD773}" = ccc-utility64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON SX235 Series" = Druckerdeinstallation für EPSON SX235 Series
"GIMP-2_is1" = GIMP 2.8.4
"Lexmark 5400 Series" = Lexmark 5400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
< End of report >
         

Sagmal aus welcher Quelle stammt eigentlich das bei dir installierte MS Office 2010?

Eigentlich Original CD, aber könnte auch mit nem keylogger später freigeschaltet worden sein.

Du meinst wohl mit nem crack - und das glaube ich auch

Zitat:

[2012/01/04 11:38:14 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2012/01/04 11:38:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

Der ist schon ewig drauf. Aber mein Vater hatte für 3 Original Keys gekauft. Ich hab einen, mein Vater hat einen und noch irgendwer. Dann hab ich mit der CD auf meiner Freundin den Rechner installiert, weil ich den als Zweitrechner nutze und da brauch ich doch nicht noch ne Lizenz, wenn fast nur ich den nutze und ne gültige Lizenz habe.

kmservice/srvany ist aber mit gecracktem Office verknüpft....

Stimmt, jedoch war es nur meine Absicht das Ding zum Laufen zu bekommen auf meinem Zweitrechner. Für nen Zweitrechner brauch man doch keine neue Lizenz oder? Wenn ja fliegt das mit runter und ich kauf noch eine.

Zitat:

Für nen Zweitrechner brauch man doch keine neue Lizenz oder?

Du brauchst für JEDE Installation eine Lizenz!
Ich glaube das weißt du selbst sonst hättest du wohl auch nicht mit irgendwelchen dämlichen Cracks herumhantiert.

Jedenfalls gibt es jetzt nur noch Hilfe bei Datensicherung und Neuinstallation von Windows.

Naja gut nützt ja nix dann muss ich neu aufsetzen. Hab mal in die Anleitung geschaut. Woher weiß ich ob mein USB Stick bootfähig ist? Und wie soll ich die Daten sichern wenn ich den Rechner nicht mal gestartet bekomme?

Zitat:

Woher weiß ich ob mein USB Stick bootfähig ist?

Indem du es ausprobierst?
Warum bootest du nicht einfach von einer Linux-Live-CD um die Daten zu sichern?

Ich hatte zwei Partizipationen erstellt. ist es ratsam die mit Daten auch platt zu machen bzw. kann ich auch neu installierne und die Daten Partizipation erhalten?

Habt ihr ne Anleitung zum Erstellen einer Linux Live CD?

Zitat:

Ich hatte zwei Partizipationen erstellt. ist es ratsam die mit Daten auch platt zu machen bzw. kann ich auch neu installierne und die Daten Partizipation erhalten?

Anmerkung: es heißt Partition und nicht Partizipation

Du solltest alles komplett plattmachen. Vorher alle Daten sichern, dann ist das Auflösen und neu erstellen der Partitionen auf deiner internen Platte auch kein Problem

Zitat:

Habt ihr ne Anleitung zum Erstellen einer Linux Live CD?

Google kaputt?
Sry nit böse gemeint, schau mal hier => Ubuntu-CD
Ist ein Beispiel zu Ubuntu aber das ist ja irrelevant, prinzipiell ist das Brennen eines ISO-Images immer gleich, egal ob das ubuntu.iso oder christoph999.iso heißt

XD Partizipationen, dieses gefährliche Halbwissen...

Habe jetzt über Ret... irgendwas X-PE gestartet, da er die Linux Puppy (oder so) und Parted Magic nicht erkannt hat, gestartet. Daten soweit gesichert. Du hast ja die log gesehen. ist es nötig Online Banking usw. zu sperren?