| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weisser Bildschirm nach hochfahren von WIN XPWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.06.2013, 18:01
| #1 |
| |  Weisser Bildschirm nach hochfahren von WIN XP Hallo, ich habe einen Notebook, der nur noch weissen Bildschirm zeigt. Momentan arbeite ich mit meinem Desktop PC, der i.O. ist. Gehe mal davon aus, ich habe mir da was eingefangen. Im gesicherten Modus läßt er sich hochfahren. Dateiexplorer funktioniert. Internet geht nicht. Was kann ich tun ? Habe hier gelesen mit OTL exe einen Scan machen. Aber wie gehts weiter? Grüße Wolfi |
|
12.06.2013, 18:03
| #2 | |
| /// TB-Ausbilder   | Weisser Bildschirm nach hochfahren von WIN XP Hallo Wolfi,
__________________Zitat:
(Die Logfiles bitte nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].)
__________________ |
|
12.06.2013, 18:12
| #3 |
| | Weisser Bildschirm nach hochfahren von WIN XP Mit dem Begriff codetags kann ich noch nichts anfangen.
__________________Reichen die nachfolgenden Daten aus OTL.text und extras.txt?OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.06.2013 16:51:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 894,16 Mb Total Physical Memory | 743,19 Mb Available Physical Memory | 83,12% Memory free 2,12 Gb Paging File | 2,07 Gb Available in Paging File | 97,49% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,53 Gb Total Space | 58,09 Gb Free Space | 77,94% Space Free | Partition Type: NTFS Drive E: | 978,28 Mb Total Space | 905,38 Mb Free Space | 92,55% Space Free | Partition Type: FAT Computer Name: WB-26DF723BDE8F | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.12 16:46:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallBrainService\ibsvc.exe /SERVICE -- (InstallBrainService) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.06.12 16:07:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.10 12:14:36 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.23 20:50:26 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009.07.27 02:15:30 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) [Auto | Stopped] -- C:\Programme\Nuance\PDF Professional 6\PDFProFiltSrv.exe -- (PDFProFiltSrv) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2005.05.18 16:14:42 | 000,208,896 | ---- | M] (Funk Software, Inc.) [Auto | Stopped] -- C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe -- (odClientService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Wbutton.sys -- (Wbutton) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (mailKmd) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.12.07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2010.12.07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag) DRV - [2010.12.07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps) DRV - [2010.12.07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2010.01.25 15:56:26 | 000,115,712 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm) DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2005.07.25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2005.05.18 13:52:56 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4) DRV - [2005.05.05 02:08:38 | 000,463,168 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2005.04.05 21:58:48 | 001,035,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.03.25 14:04:40 | 002,314,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2005.02.16 16:47:14 | 000,146,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2004.12.15 14:18:30 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI) DRV - [2004.12.15 14:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004.12.15 14:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2004.12.02 15:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.06.10 12:14:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.15 14:20:39 | 000,000,000 | ---D | M] [2012.11.05 10:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.01 16:37:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.05 10:50:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.06.10 12:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.06.10 12:14:38 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008.08.16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CgpCore.dll [2008.08.16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\confmgr.dll [2008.08.16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ctxlogging.dll [2008.05.21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcm80.dll [2008.05.21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcp80.dll [2008.05.21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcr80.dll [2008.08.16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npicaN.dll [2008.08.16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\TcpPServ.dll [2012.08.26 09:33:29 | 000,002,349 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Professional 6\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsWnd] C:\Programme\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LMgrVolOSD] C:\Programme\Launch Manager\OSD.exe (Wistron) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [Nuance PDF Professional 6-reminder] C:\Programme\Nuance\PDF Professional 6\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [OdTray.exe] C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe (Funk Software, Inc.) O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Programme\Nuance\PDF Professional 6\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Professional 6\PdfPro6Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DAB Profi Trader [2011.03.15 10:04:55 | 000,000,000 | ---D | M] O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Lexware Info Service.lnk = C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Quicken 2010 Zahlungserinnerung.lnk = C:\Programme\Lexware\Quicken\2010\billmind.exe (Lexware GmbH & Co. KG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\OdysseyClient: DllName - (odyEvent.dll) - C:\WINDOWS\System32\odyEvent.dll (Funk Software, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.19 11:32:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.12 16:31:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.12 16:24:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.06.12 16:23:00 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013.06.12 16:19:39 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Brownie.ini [2013.06.12 16:07:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.06.12 16:07:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.06.12 16:07:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.06.12 11:34:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.06.12 10:51:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.18 00:00:46 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013.05.17 10:21:03 | 000,128,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.16 10:17:08 | 000,459,844 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.16 10:17:08 | 000,441,906 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.16 10:17:08 | 000,085,170 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.16 10:17:08 | 000,071,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.09 12:08:13 | 000,002,478 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin [2012.07.16 19:38:59 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\to_r0tsef.pad [2012.02.16 11:56:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.09.06 21:46:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2011.09.06 21:46:34 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2011.08.27 20:32:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll [2011.08.27 20:32:18 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini ========== ZeroAccess Check ========== [2010.08.19 11:34:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 234 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:527B6DAD < End of report > Hier die Daten aus extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.06.2013 16:51:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
894,16 Mb Total Physical Memory | 743,19 Mb Available Physical Memory | 83,12% Memory free
2,12 Gb Paging File | 2,07 Gb Available in Paging File | 97,49% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 58,09 Gb Free Space | 77,94% Space Free | Partition Type: NTFS
Drive E: | 978,28 Mb Total Space | 905,38 Mb Free Space | 92,55% Space Free | Partition Type: FAT
Computer Name: WB-26DF723BDE8F | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1093648B-1375-44BC-BC5E-39BF977D53FA}" = Nuance PDF Professional 6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{450008C6-3722-4214-AB4F-9E45B57CB422}" = DDBAC
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}" = Quicken 2010 - Servicepack 5
"{4DDEADA8-25B8-41CB-9989-8F16D50A8E9C}" = OMNIKEY 3x21 PC/SC Driver
"{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken 2010
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{6C35CAC7-27C9-4CB0-BBB8-CBF9994215DA}" = Lexware online banking
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DA9F24A-CEC3-426E-BFFA-ADB94D922463}" = Quicken Import Export Server 2010
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF34076-9CEE-F248-013C-D4106793C723}" = Allianz Prozesskostenrechner Premium
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.4
"{DC05B0C0-F70E-4E89-BDD8-0DB271F1119D}" = Brother HL-2140
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}" = TIxx21/x515
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EFE315FB-CCE1-4678-87E1-77BF62D49301}" = Odyssey Client for Fujitsu Siemens Computers
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"BESA" = BESA
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_10921734" = SoftV90 Data Fax Modem with SmartCP
"com.pentos.air.allianzprozesskostenrechner.A768EEE467BE29480AA1493403DB72DCDA84E8C8.1" = Allianz Prozesskostenrechner Premium
"ie8" = Windows Internet Explorer 8
"InstallBrain Updater Service" = InstallBrain Updater Service
"InstallShield_{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken 2010
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.09.2012 05:46:30 | Computer Name = WB-26DF723BDE8F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 28.12.2012 02:32:19 | Computer Name = WB-26DF723BDE8F | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 16.01.2013 12:40:28 | Computer Name = WB-26DF723BDE8F | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/01/16 17:40:28.328]: [00001436]: Loading WtsapiDll
is Failed !!!!!
Error - 19.03.2013 14:13:20 | Computer Name = WB-26DF723BDE8F | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/03/19 19:13:08.859]: [00002124]: Loading WtsapiDll
is Failed !!!!!
Error - 17.04.2013 16:06:20 | Computer Name = WB-26DF723BDE8F | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/04/17 22:06:20.703]: [00001808]: Loading WtsapiDll
is Failed !!!!!
Error - 22.05.2013 11:49:07 | Computer Name = WB-26DF723BDE8F | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/05/22 17:49:07.984]: [00000536]: Loading WtsapiDll
is Failed !!!!!
Error - 24.05.2013 06:46:52 | Computer Name = WB-26DF723BDE8F | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/05/24 12:46:42.046]: [00002528]: Loading WtsapiDll
is Failed !!!!!
Error - 03.06.2013 13:08:55 | Computer Name = WB-26DF723BDE8F | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/06/03 19:08:55.609]: [00002652]: Loading WtsapiDll
is Failed !!!!!
Error - 06.06.2013 09:25:40 | Computer Name = WB-26DF723BDE8F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 06.06.2013 09:25:41 | Computer Name = WB-26DF723BDE8F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
[ System Events ]
Error - 12.06.2013 10:19:26 | Computer Name = WB-26DF723BDE8F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "InstallBrain Updater Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 12.06.2013 10:32:38 | Computer Name = WB-26DF723BDE8F | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 12.06.2013 10:32:38 | Computer Name = WB-26DF723BDE8F | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 12.06.2013 10:32:38 | Computer Name = WB-26DF723BDE8F | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 12.06.2013 10:32:38 | Computer Name = WB-26DF723BDE8F | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 12.06.2013 10:32:38 | Computer Name = WB-26DF723BDE8F | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD AmdK8 avipbb avkmgr Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
Error - 12.06.2013 10:36:55 | Computer Name = WB-26DF723BDE8F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 12.06.2013 10:36:56 | Computer Name = WB-26DF723BDE8F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 12.06.2013 10:37:39 | Computer Name = WB-26DF723BDE8F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 12.06.2013 10:49:09 | Computer Name = WB-26DF723BDE8F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
|
|
12.06.2013, 18:19
| #4 |
| /// TB-Ausbilder | Weisser Bildschirm nach hochfahren von WIN XP Hallo, da seh ich wohl zu wenig in diesem Log. Kannst du den OTL-Scan bitte wie folgt wiederholen: Starte bitte die OTL.exe.
__________________ cheers, Leo |
|
12.06.2013, 18:44
| #5 |
| | Weisser Bildschirm nach hochfahren von WIN XP So hier der neue Inhalt.OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.06.2013 19:37:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 894,16 Mb Total Physical Memory | 628,35 Mb Available Physical Memory | 70,27% Memory free 2,12 Gb Paging File | 1,98 Gb Available in Paging File | 93,31% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,53 Gb Total Space | 58,06 Gb Free Space | 77,91% Space Free | Partition Type: NTFS Drive E: | 978,28 Mb Total Space | 895,98 Mb Free Space | 91,59% Space Free | Partition Type: FAT Computer Name: WB-26DF723BDE8F | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.12 16:46:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2009.12.01 11:50:04 | 015,942,936 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Programme\Lexware\Quicken\2010\QW.EXE PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013.05.17 10:24:19 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll MOD - [2013.05.16 10:16:50 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2013.01.12 17:30:19 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll MOD - [2013.01.12 17:25:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013.01.12 17:24:26 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll MOD - [2013.01.12 17:23:43 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll MOD - [2013.01.12 17:20:20 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013.01.12 17:19:22 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2007.04.02 14:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallBrainService\ibsvc.exe /SERVICE -- (InstallBrainService) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.06.12 16:07:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.10 12:14:36 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.23 20:50:26 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009.07.27 02:15:30 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) [Auto | Stopped] -- C:\Programme\Nuance\PDF Professional 6\PDFProFiltSrv.exe -- (PDFProFiltSrv) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2005.05.18 16:14:42 | 000,208,896 | ---- | M] (Funk Software, Inc.) [Auto | Stopped] -- C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe -- (odClientService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Wbutton.sys -- (Wbutton) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (mailKmd) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.12.07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2010.12.07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag) DRV - [2010.12.07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps) DRV - [2010.12.07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2010.01.25 15:56:26 | 000,115,712 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm) DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2005.07.25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2005.05.18 13:52:56 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4) DRV - [2005.05.05 02:08:38 | 000,463,168 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2005.04.05 21:58:48 | 001,035,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.03.25 14:04:40 | 002,314,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2005.02.16 16:47:14 | 000,146,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2004.12.15 14:18:30 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI) DRV - [2004.12.15 14:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004.12.15 14:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2004.12.02 15:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-583907252-1960408961-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.06.10 12:14:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.15 14:20:39 | 000,000,000 | ---D | M] [2013.06.12 18:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012.11.05 10:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.01 16:37:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.05 10:50:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.06.10 12:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.06.10 12:14:38 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008.08.16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CgpCore.dll [2008.08.16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\confmgr.dll [2008.08.16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ctxlogging.dll [2008.05.21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcm80.dll [2008.05.21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcp80.dll [2008.05.21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcr80.dll [2008.08.16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npicaN.dll [2008.08.16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\TcpPServ.dll [2012.08.26 09:33:29 | 000,002,349 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Professional 6\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsWnd] C:\Programme\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LMgrVolOSD] C:\Programme\Launch Manager\OSD.exe (Wistron) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [Nuance PDF Professional 6-reminder] C:\Programme\Nuance\PDF Professional 6\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [OdTray.exe] C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe (Funk Software, Inc.) O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Programme\Nuance\PDF Professional 6\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Professional 6\PdfPro6Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DAB Profi Trader [2011.03.15 10:04:55 | 000,000,000 | ---D | M] O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Lexware Info Service.lnk = C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Quicken 2010 Zahlungserinnerung.lnk = C:\Programme\Lexware\Quicken\2010\billmind.exe (Lexware GmbH & Co. KG) O4 - Startup: C:\Dokumente und Einstellungen\WB\Startmenü\Programme\Autostart\Dropbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-583907252-1960408961-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\OdysseyClient: DllName - (odyEvent.dll) - C:\WINDOWS\System32\odyEvent.dll (Funk Software, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.19 11:32:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.12 19:40:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe [2013.06.12 19:40:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Zeon [2013.06.12 18:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataDesign [2013.06.12 18:38:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla [2013.06.12 18:38:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla [2013.06.12 18:01:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira [2013.06.12 18:00:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.12 16:31:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.12 16:24:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.06.12 16:23:00 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013.06.12 16:19:39 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Brownie.ini [2013.06.12 16:07:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.06.12 11:34:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.06.12 10:51:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.17 10:21:03 | 000,128,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.16 10:17:08 | 000,459,844 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.16 10:17:08 | 000,441,906 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.16 10:17:08 | 000,085,170 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.16 10:17:08 | 000,071,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.09 12:08:13 | 000,002,478 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin [2012.07.16 19:38:59 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\to_r0tsef.pad [2012.02.16 11:56:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.09.06 21:46:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2011.09.06 21:46:34 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2011.08.27 20:32:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll [2011.08.27 20:32:18 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini ========== ZeroAccess Check ========== [2010.08.19 11:34:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.06.12 18:47:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataDesign [2013.06.12 19:40:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Zeon [2012.11.05 10:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask [2012.08.26 09:33:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.09.12 11:47:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallBrainService [2010.08.23 18:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.09.06 12:31:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LGMOBILEAX [2010.08.19 19:30:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nuance [2011.09.06 22:11:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012.04.22 19:30:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2011.02.09 23:13:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2013.06.12 16:19:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.08.19 19:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zeon [2010.08.23 16:33:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Nuance [2013.01.02 14:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\AskToolbar [2012.08.26 09:33:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Babylon [2012.08.26 09:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\BabylonToolbar [2010.08.23 18:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\DataDesign [2013.06.12 16:20:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Dropbox [2010.08.29 16:27:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\GetRightToGo [2010.09.15 08:38:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\ICAClient [2010.08.23 18:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Lexware [2010.08.24 14:22:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Nuance [2011.09.06 22:11:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\PC Suite [2011.03.15 12:42:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\profitrader [2012.04.22 20:05:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Samsung [2011.03.18 11:21:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\ScanSoft [2013.01.09 12:08:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Systweak [2010.08.19 19:31:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Zeon [2010.08.24 12:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\DataDesign [2010.08.24 12:25:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Lexware [2010.08.31 10:27:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 234 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:527B6DAD < End of report > |
|
12.06.2013, 20:45
| #6 |
| /// TB-Ausbilder | Weisser Bildschirm nach hochfahren von WIN XP Ok. Scan mit Combofix
__________________ --> Weisser Bildschirm nach hochfahren von WIN XP |
|
12.06.2013, 21:22
| #7 |
| | Weisser Bildschirm nach hochfahren von WIN XP Hallo aharonov, leichter gesagt als getan. Ich kann mit dem defekten notebook nicht aufs internet, daher kann die Wiederherstellungskonsole nicht heruntergeladen werden. Jetzt sucht das System nach infizierten Dateien. |
|
12.06.2013, 21:34
| #8 |
| /// TB-Ausbilder | Weisser Bildschirm nach hochfahren von WIN XP Funktioniert denn der abgesicherte Modus mit Netzwerktreibern nicht?
__________________ cheers, Leo |
|
12.06.2013, 22:00
| #9 |
| | Weisser Bildschirm nach hochfahren von WIN XP Habe es jetzt geschafft (nochmal start im abgesicherten modus) die Wiederherstellungskonsole ist installiert. Es wird nach malware gesucht. jetzt habe ich die combofix txt, jedoch ist das die datei aus dem zweiten scan. beim ersten scan, als die netzwerkverbindung nicht ging, hat er ja schon einmal eine datei erstellt. Die wurde jetzt aber wohl überschrieben. Combofix Logfile: Code:
ATTFilter ComboFix 13-06-08.02 - Administrator 12.06.2013 23:00:24.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.894.598 [GMT 2:00]
ausgeführt von:: C:\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\WB\WINDOWS
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-12 17:40 . 2013-06-12 17:40 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
2013-06-12 17:40 . 2013-06-12 17:40 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Zeon
2013-06-12 16:47 . 2013-06-12 16:47 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DataDesign
2013-06-12 16:38 . 2013-06-12 16:38 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
2013-06-12 16:00 . 2013-06-12 20:05 -------- d-----r- c:\dokumente und einstellungen\Administrator\Eigene Dateien
2013-06-10 10:14 . 2013-06-10 10:14 74136 ----a-w- c:\programme\Mozilla Firefox\breakpadinjector.dll
2013-06-10 10:14 . 2013-06-10 10:14 262552 ----a-w- c:\programme\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-10 10:14 . 2013-06-10 10:14 770384 ----a-w- c:\programme\Mozilla Firefox\msvcr100.dll
2013-06-10 10:14 . 2013-06-10 10:14 421200 ----a-w- c:\programme\Mozilla Firefox\msvcp100.dll
2013-06-10 10:14 . 2013-06-10 10:14 96664 ----a-w- c:\programme\Mozilla Firefox\webapprt-stub.exe
2013-06-10 10:14 . 2013-06-10 10:14 26520 ----a-w- c:\programme\Mozilla Firefox\plugin-hang-ui.exe
2013-06-10 10:14 . 2013-06-10 10:14 170232 ----a-w- c:\programme\Mozilla Firefox\webapp-uninstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 14:07 . 2012-04-07 06:29 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:07 . 2011-05-18 08:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:28 . 2004-09-29 18:47 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:28 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:28 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 05:39 . 2004-08-04 12:00 2195840 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39 . 2004-08-04 00:50 2072448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-12 14:00 . 2004-08-04 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys
2013-03-23 18:50 . 2013-03-23 18:50 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-23 18:50 . 2012-09-01 14:37 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-23 18:50 . 2012-09-01 14:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-23 18:50 . 2010-09-19 11:14 782240 ----a-w- c:\windows\system32\deployJava1.dll
2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\programme\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\programme\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\programme\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\programme\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\programme\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\programme\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\programme\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\programme\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\programme\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\programme\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\programme\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\programme\mozilla firefox\plugins\TcpPServ.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 339968]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 77824]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-09-16 737369]
"PDFHook"="c:\programme\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-07-27 1275168]
"PDF6 Registry Controller"="c:\programme\Nuance\PDF Professional 6\RegistryController.exe" [2009-07-27 110880]
"Nuance PDF Professional 6-reminder"="c:\programme\Nuance\PDF Professional 6\Ereg\Ereg.exe" [2008-11-03 54560]
"BrStsWnd"="c:\programme\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"LaunchAp"="c:\programme\Launch Manager\LaunchAp.exe" [2005-03-30 32768]
"HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2005-05-02 57344]
"LMgrVolOSD"="c:\programme\Launch Manager\OSD.exe" [2005-03-16 204800]
"LMgrOSD"="c:\programme\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]
"Wbutton"="c:\programme\Launch Manager\Wbutton.exe" [2005-04-18 81920]
"OdTray.exe"="c:\programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 1015871]
"CtrlVol"="c:\programme\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Lexware Info Service.lnk - c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [2008-11-3 339240]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Quicken 2010 Zahlungserinnerung.lnk - c:\programme\Lexware\Quicken\2010\billmind.exe [2009-8-14 192512]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\DAB Profi Trader
DAB Profi Trader.lnk - c:\programme\DAB Profi Trader\DABProfiTrader.exe [2011-3-15 57344]
Uninstall DAB Profi Trader.lnk - c:\programme\DAB Profi Trader\Uninstaller\uninstaller.jar [2011-3-15 191669]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2010-12-25 12:12 106496 ----a-w- c:\windows\system32\odyEvent.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Dokumente und Einstellungen\\WB\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
.
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.09.2009 08:11 10496]
S1 mailKmd;mailKmd; [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [06.09.2011 21:46 238952]
S2 InstallBrainService;InstallBrain Updater Service;"c:\dokumente und einstellungen\All Users\Anwendungsdaten\InstallBrainService\ibsvc.exe" /SERVICE --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\InstallBrainService\ibsvc.exe [?]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\programme\Nuance\PDF Professional 6\PDFProFiltSrv.exe [27.07.2009 02:15 134944]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [02.09.2011 11:34 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [02.09.2011 11:34 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [02.09.2011 11:34 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [02.09.2011 11:34 25088]
S3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [14.09.2010 10:16 115712]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [06.09.2011 21:46 36608]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [19.08.2010 16:05 200192]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.09.2009 08:11 12160]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.09.2009 08:11 12928]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\3.0.318\McCHSvc.exe [05.02.2013 17:48 235216]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [22.04.2012 20:07 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [22.04.2012 20:07 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [22.04.2012 20:07 123648]
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 14:07]
.
2013-06-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2013-02-08 13:17]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\93sscmux.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-06-12 23:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\programme\Launch Manager\CtrlVol.exe?????p???T??? ??|h??|????a??|Nj?w?j?w????????0??? ???|???????????\??????|????????h?????@??:??????????{2?s????f??st??sx??s@??????????????|h??sl???????t=?s???????????????????s?!?sx??s??????7~??@?8&?s?E??-6@?(E?????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-1960408961-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,c4,72,43,5d,a1,f2,48,88,df,f3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,c4,72,43,5d,a1,f2,48,88,df,f3,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(436)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\odyEvent.dll
.
Zeit der Fertigstellung: 2013-06-12 23:08:53
ComboFix-quarantined-files.txt 2013-06-12 21:08
ComboFix2.txt 2013-06-12 20:43
.
Vor Suchlauf: 12 Verzeichnis(se), 62.995.271.680 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 62.983.147.520 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 51BC5181B1417FE6520F45059CBDBF7A
72B8CE41AF0DE751C946802B3ED844B4 |
|
13.06.2013, 00:04
| #10 | |
| /// TB-Ausbilder | Weisser Bildschirm nach hochfahren von WIN XP Hallo, Zitat:
 Ich sollte das erste Log auch noch sehen - poste dieses bitte auch noch. Du solltest es unter C:\Qoobox\Combofix2.txt finden.
__________________ cheers, Leo |
|
13.06.2013, 06:05
| #11 |
| | Weisser Bildschirm nach hochfahren von WIN XP Ah, super, hier der Dateiinhalt Combofix Logfile: Code:
ATTFilter ComboFix 13-06-08.02 - Administrator 12.06.2013 22:22:25.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.894.657 [GMT 2:00]
ausgeführt von:: C:\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\to_r0tsef.pad
c:\windows\EventSystem.log
c:\windows\system32\roboot.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-12 20:13 . 2013-06-12 20:13 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\PrivacIE
2013-06-12 17:40 . 2013-06-12 17:40 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
2013-06-12 17:40 . 2013-06-12 17:40 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Zeon
2013-06-12 16:47 . 2013-06-12 16:47 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DataDesign
2013-06-12 16:38 . 2013-06-12 16:38 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
2013-06-12 16:00 . 2013-06-12 20:05 -------- d-----r- c:\dokumente und einstellungen\Administrator\Eigene Dateien
2013-06-10 10:14 . 2013-06-10 10:14 74136 ----a-w- c:\programme\Mozilla Firefox\breakpadinjector.dll
2013-06-10 10:14 . 2013-06-10 10:14 262552 ----a-w- c:\programme\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-10 10:14 . 2013-06-10 10:14 770384 ----a-w- c:\programme\Mozilla Firefox\msvcr100.dll
2013-06-10 10:14 . 2013-06-10 10:14 421200 ----a-w- c:\programme\Mozilla Firefox\msvcp100.dll
2013-06-10 10:14 . 2013-06-10 10:14 96664 ----a-w- c:\programme\Mozilla Firefox\webapprt-stub.exe
2013-06-10 10:14 . 2013-06-10 10:14 26520 ----a-w- c:\programme\Mozilla Firefox\plugin-hang-ui.exe
2013-06-10 10:14 . 2013-06-10 10:14 170232 ----a-w- c:\programme\Mozilla Firefox\webapp-uninstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 14:07 . 2012-04-07 06:29 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:07 . 2011-05-18 08:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:28 . 2004-09-29 18:47 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:28 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:28 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 05:39 . 2004-08-04 12:00 2195840 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39 . 2004-08-04 00:50 2072448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-12 14:00 . 2004-08-04 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys
2013-03-23 18:50 . 2013-03-23 18:50 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-23 18:50 . 2012-09-01 14:37 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-23 18:50 . 2012-09-01 14:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-23 18:50 . 2010-09-19 11:14 782240 ----a-w- c:\windows\system32\deployJava1.dll
2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\programme\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\programme\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\programme\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\programme\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\programme\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\programme\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\programme\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\programme\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\programme\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\programme\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\programme\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\programme\mozilla firefox\plugins\TcpPServ.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 339968]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 77824]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-09-16 737369]
"PDFHook"="c:\programme\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-07-27 1275168]
"PDF6 Registry Controller"="c:\programme\Nuance\PDF Professional 6\RegistryController.exe" [2009-07-27 110880]
"Nuance PDF Professional 6-reminder"="c:\programme\Nuance\PDF Professional 6\Ereg\Ereg.exe" [2008-11-03 54560]
"BrStsWnd"="c:\programme\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"LaunchAp"="c:\programme\Launch Manager\LaunchAp.exe" [2005-03-30 32768]
"HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2005-05-02 57344]
"LMgrVolOSD"="c:\programme\Launch Manager\OSD.exe" [2005-03-16 204800]
"LMgrOSD"="c:\programme\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]
"Wbutton"="c:\programme\Launch Manager\Wbutton.exe" [2005-04-18 81920]
"OdTray.exe"="c:\programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 1015871]
"CtrlVol"="c:\programme\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Lexware Info Service.lnk - c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [2008-11-3 339240]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Quicken 2010 Zahlungserinnerung.lnk - c:\programme\Lexware\Quicken\2010\billmind.exe [2009-8-14 192512]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\DAB Profi Trader
DAB Profi Trader.lnk - c:\programme\DAB Profi Trader\DABProfiTrader.exe [2011-3-15 57344]
Uninstall DAB Profi Trader.lnk - c:\programme\DAB Profi Trader\Uninstaller\uninstaller.jar [2011-3-15 191669]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2010-12-25 12:12 106496 ----a-w- c:\windows\system32\odyEvent.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Dokumente und Einstellungen\\WB\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
.
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.09.2009 08:11 10496]
S1 mailKmd;mailKmd; [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [06.09.2011 21:46 238952]
S2 InstallBrainService;InstallBrain Updater Service;"c:\dokumente und einstellungen\All Users\Anwendungsdaten\InstallBrainService\ibsvc.exe" /SERVICE --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\InstallBrainService\ibsvc.exe [?]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\programme\Nuance\PDF Professional 6\PDFProFiltSrv.exe [27.07.2009 02:15 134944]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [02.09.2011 11:34 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [02.09.2011 11:34 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [02.09.2011 11:34 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [02.09.2011 11:34 25088]
S3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [14.09.2010 10:16 115712]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [06.09.2011 21:46 36608]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [19.08.2010 16:05 200192]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.09.2009 08:11 12160]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.09.2009 08:11 12928]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\3.0.318\McCHSvc.exe [05.02.2013 17:48 235216]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [22.04.2012 20:07 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [22.04.2012 20:07 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [22.04.2012 20:07 123648]
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 14:07]
.
2013-06-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2013-02-08 13:17]
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\93sscmux.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-NPSStartup - (no file)
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe
AddRemove-InstallBrain Updater Service - c:\dokumente und einstellungen\All Users\Anwendungsdaten\InstallBrainService\ibsvc.exe
AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-06-12 22:38
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\programme\Launch Manager\CtrlVol.exe?????p???T??? ??|h??|????a??|Nj?w?j?w????????0??? ???|???????????\??????|????????h?????@??:??????????{2?s????f??st??sx??s@??????????????|h??sl???????t=?s???????????????????s?!?sx??s??????7~??@?8&?s?E??-6@?(E?????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-1960408961-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,c4,72,43,5d,a1,f2,48,88,df,f3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,c4,72,43,5d,a1,f2,48,88,df,f3,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(196)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\odyEvent.dll
.
Zeit der Fertigstellung: 2013-06-12 22:43:25
ComboFix-quarantined-files.txt 2013-06-12 20:43
.
Vor Suchlauf: 12 Verzeichnis(se), 62.592.069.632 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 63.004.266.496 Bytes frei
.
- - End Of File - - 8CBE562EC46F43554ACC8407DDA9121F
72B8CE41AF0DE751C946802B3ED844B4 Hier nochmal, ist anscheinend vorher verschwunden. Combofix Logfile: Code:
ATTFilter ComboFix 13-06-08.02 - Administrator 12.06.2013 22:22:25.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.894.657 [GMT 2:00]
ausgeführt von:: C:\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\to_r0tsef.pad
c:\windows\EventSystem.log
c:\windows\system32\roboot.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-12 20:13 . 2013-06-12 20:13 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\PrivacIE
2013-06-12 17:40 . 2013-06-12 17:40 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
2013-06-12 17:40 . 2013-06-12 17:40 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Zeon
2013-06-12 16:47 . 2013-06-12 16:47 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DataDesign
2013-06-12 16:38 . 2013-06-12 16:38 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
2013-06-12 16:00 . 2013-06-12 20:05 -------- d-----r- c:\dokumente und einstellungen\Administrator\Eigene Dateien
2013-06-10 10:14 . 2013-06-10 10:14 74136 ----a-w- c:\programme\Mozilla Firefox\breakpadinjector.dll
2013-06-10 10:14 . 2013-06-10 10:14 262552 ----a-w- c:\programme\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-10 10:14 . 2013-06-10 10:14 770384 ----a-w- c:\programme\Mozilla Firefox\msvcr100.dll
2013-06-10 10:14 . 2013-06-10 10:14 421200 ----a-w- c:\programme\Mozilla Firefox\msvcp100.dll
2013-06-10 10:14 . 2013-06-10 10:14 96664 ----a-w- c:\programme\Mozilla Firefox\webapprt-stub.exe
2013-06-10 10:14 . 2013-06-10 10:14 26520 ----a-w- c:\programme\Mozilla Firefox\plugin-hang-ui.exe
2013-06-10 10:14 . 2013-06-10 10:14 170232 ----a-w- c:\programme\Mozilla Firefox\webapp-uninstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 14:07 . 2012-04-07 06:29 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:07 . 2011-05-18 08:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:28 . 2004-09-29 18:47 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:28 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:28 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 05:39 . 2004-08-04 12:00 2195840 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39 . 2004-08-04 00:50 2072448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-12 14:00 . 2004-08-04 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys
2013-03-23 18:50 . 2013-03-23 18:50 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-23 18:50 . 2012-09-01 14:37 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-23 18:50 . 2012-09-01 14:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-23 18:50 . 2010-09-19 11:14 782240 ----a-w- c:\windows\system32\deployJava1.dll
2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\programme\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\programme\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\programme\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\programme\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\programme\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\programme\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\programme\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\programme\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\programme\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\programme\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\programme\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\programme\mozilla firefox\plugins\TcpPServ.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 339968]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 77824]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-09-16 737369]
"PDFHook"="c:\programme\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-07-27 1275168]
"PDF6 Registry Controller"="c:\programme\Nuance\PDF Professional 6\RegistryController.exe" [2009-07-27 110880]
"Nuance PDF Professional 6-reminder"="c:\programme\Nuance\PDF Professional 6\Ereg\Ereg.exe" [2008-11-03 54560]
"BrStsWnd"="c:\programme\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"LaunchAp"="c:\programme\Launch Manager\LaunchAp.exe" [2005-03-30 32768]
"HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2005-05-02 57344]
"LMgrVolOSD"="c:\programme\Launch Manager\OSD.exe" [2005-03-16 204800]
"LMgrOSD"="c:\programme\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]
"Wbutton"="c:\programme\Launch Manager\Wbutton.exe" [2005-04-18 81920]
"OdTray.exe"="c:\programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 1015871]
"CtrlVol"="c:\programme\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Lexware Info Service.lnk - c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [2008-11-3 339240]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Quicken 2010 Zahlungserinnerung.lnk - c:\programme\Lexware\Quicken\2010\billmind.exe [2009-8-14 192512]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\DAB Profi Trader
DAB Profi Trader.lnk - c:\programme\DAB Profi Trader\DABProfiTrader.exe [2011-3-15 57344]
Uninstall DAB Profi Trader.lnk - c:\programme\DAB Profi Trader\Uninstaller\uninstaller.jar [2011-3-15 191669]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2010-12-25 12:12 106496 ----a-w- c:\windows\system32\odyEvent.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Dokumente und Einstellungen\\WB\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
.
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.09.2009 08:11 10496]
S1 mailKmd;mailKmd; [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [06.09.2011 21:46 238952]
S2 InstallBrainService;InstallBrain Updater Service;"c:\dokumente und einstellungen\All Users\Anwendungsdaten\InstallBrainService\ibsvc.exe" /SERVICE --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\InstallBrainService\ibsvc.exe [?]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\programme\Nuance\PDF Professional 6\PDFProFiltSrv.exe [27.07.2009 02:15 134944]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [02.09.2011 11:34 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [02.09.2011 11:34 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [02.09.2011 11:34 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [02.09.2011 11:34 25088]
S3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [14.09.2010 10:16 115712]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [06.09.2011 21:46 36608]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [19.08.2010 16:05 200192]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.09.2009 08:11 12160]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.09.2009 08:11 12928]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\3.0.318\McCHSvc.exe [05.02.2013 17:48 235216]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [22.04.2012 20:07 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [22.04.2012 20:07 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [22.04.2012 20:07 123648]
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 14:07]
.
2013-06-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2013-02-08 13:17]
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\93sscmux.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-NPSStartup - (no file)
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe
AddRemove-InstallBrain Updater Service - c:\dokumente und einstellungen\All Users\Anwendungsdaten\InstallBrainService\ibsvc.exe
AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-06-12 22:38
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\programme\Launch Manager\CtrlVol.exe?????p???T??? ??|h??|????a??|Nj?w?j?w????????0??? ???|???????????\??????|????????h?????@??:??????????{2?s????f??st??sx??s@??????????????|h??sl???????t=?s???????????????????s?!?sx??s??????7~??@?8&?s?E??-6@?(E?????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-1960408961-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,c4,72,43,5d,a1,f2,48,88,df,f3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,c4,72,43,5d,a1,f2,48,88,df,f3,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(196)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\odyEvent.dll
.
Zeit der Fertigstellung: 2013-06-12 22:43:25
ComboFix-quarantined-files.txt 2013-06-12 20:43
.
Vor Suchlauf: 12 Verzeichnis(se), 62.592.069.632 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 63.004.266.496 Bytes frei
.
- - End Of File - - 8CBE562EC46F43554ACC8407DDA9121F
72B8CE41AF0DE751C946802B3ED844B4 |
|
13.06.2013, 10:59
| #12 |
| /// TB-Ausbilder | Weisser Bildschirm nach hochfahren von WIN XP Hallo, ist denn der weisse Sperrbildschirm immer noch vorhanden beim Aufstarten?
__________________ cheers, Leo |
|
13.06.2013, 11:21
| #13 |
| | Weisser Bildschirm nach hochfahren von WIN XP Folgender neuer Status: Nachdem die Windows Wiese erscheint, wird der Bildschirm weiss. Im Hintegrund arbeitet die Platte. Dann kommt ein Bildschirminhalt mit anscheinend einem Betrugsinhalt. Der Computer sei gesperrt und ich soll 100 Euro zahlen, dann wir er entsperrt. Diesen Bildschirm hatte ich vorher nicht. Grüße Wolfi |
|
13.06.2013, 12:50
| #14 |
| /// TB-Ausbilder | Weisser Bildschirm nach hochfahren von WIN XP Ok, dann machen wir es so: Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten: Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD. Lade  OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Bebilderte Anleitung: OTLpe-Scan
__________________ cheers, Leo |
|
13.06.2013, 21:15
| #15 |
| | Weisser Bildschirm nach hochfahren von WIN XP So, habe es geschafft. nach dem Scan wurde aber keine extras.txt Datei geschrieben, nur die OTL.txt.OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/13/2013 11:03:30 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
894.00 Mb Total Physical Memory | 700.00 Mb Available Physical Memory | 78.00% Memory free
806.00 Mb Paging File | 720.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.53 Gb Total Space | 57.97 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
Drive D: | 978.28 Mb Total Space | 895.86 Mb Free Space | 91.57% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (InstallBrainService)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/06/13 08:00:03 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/06/13 07:59:51 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/06/13 07:59:47 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/06/13 07:05:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/10 06:14:36 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/23 14:50:26 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/07/04 13:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/07/26 20:15:30 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) [Auto] -- C:\Programme\Nuance\PDF Professional 6\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2008/04/07 03:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/05/18 10:14:42 | 000,208,896 | ---- | M] (Funk Software, Inc.) [Auto] -- C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe -- (odClientService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- -- (Wbutton)
DRV - File not found [Kernel | On_Demand] -- -- (USBModem)
DRV - File not found [Kernel | On_Demand] -- -- (UsbDiag)
DRV - File not found [Kernel | On_Demand] -- -- (usbbus)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (mailKmd)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2013/06/13 08:00:11 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/06/13 08:00:11 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/06/13 08:00:11 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/06/13 08:00:11 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/12/07 08:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 08:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 08:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 08:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/06/14 03:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/04/26 22:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/04/26 22:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010/04/26 22:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2010/01/25 09:56:26 | 000,115,712 | ---- | M] (HID Global Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2009/09/29 02:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 02:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 02:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2007/09/17 09:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2005/07/25 04:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/05/18 07:52:56 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2005/05/04 20:08:38 | 000,463,168 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/04/05 15:58:48 | 001,035,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/25 08:04:40 | 002,314,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/02/16 10:47:14 | 000,146,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/12/15 08:18:30 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2004/12/15 08:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 08:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/12/02 09:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2003/04/28 06:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\WB_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\WB_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\WB_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Wolfgang_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013/06/10 06:14:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013/01/15 08:20:39 | 000,000,000 | ---D | M]
[2013/06/12 12:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions
[2013/06/13 08:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\93sscmux.default\extensions
[2013/06/13 08:07:23 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\93sscmux.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/11/05 04:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/09/01 10:37:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/05 04:50:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/06/10 06:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013/06/10 06:14:38 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2008/08/16 11:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 11:42:12 | 000,091,448 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\confmgr.dll
[2008/08/16 11:42:08 | 000,020,800 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ctxlogging.dll
[2008/05/21 02:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 02:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 02:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcr80.dll
[2008/08/16 11:44:46 | 000,427,312 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npicaN.dll
[2008/08/16 11:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\TcpPServ.dll
[2012/08/26 03:33:29 | 000,002,349 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
O1 HOSTS File: ([2013/06/12 16:38:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Professional 6\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKU\WB_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsWnd] C:\Programme\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LMgrVolOSD] C:\Programme\Launch Manager\OSD.exe (Wistron)
O4 - HKLM..\Run: [Nuance PDF Professional 6-reminder] C:\Programme\Nuance\PDF Professional 6\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [OdTray.exe] C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe (Funk Software, Inc.)
O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Programme\Nuance\PDF Professional 6\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Professional 6\PdfPro6Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe ()
O4 - HKU\Administrator_ON_C..\Run: [RDReminder] C:\Programme\RegClean Pro\RegCleanPro.exe (Systweak Inc)
O4 - HKU\WB_ON_C..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DAB Profi Trader [2011/03/15 04:04:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Lexware Info Service.lnk = C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Quicken 2010 Zahlungserinnerung.lnk = C:\Programme\Lexware\Quicken\2010\billmind.exe (Lexware GmbH & Co. KG)
O4 - Startup: C:\Dokumente und Einstellungen\WB\Startmenü\Programme\Autostart\Dropbox.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\WB_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\WB_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Wolfgang_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Wolfgang_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\WB_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\WB_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\WB\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\WB\Anwendungsdaten\skype.dat ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OdysseyClient: DllName - odyEvent.dll - C:\WINDOWS\System32\odyEvent.dll (Funk Software, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/19 05:32:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/06/13 11:24:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Systweak
[2013/06/13 08:14:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira
[2013/06/13 08:07:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\QuickScan
[2013/06/13 08:02:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2013/06/13 08:01:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013/06/13 08:01:55 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/06/13 08:01:55 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/06/13 08:01:55 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/06/13 08:01:53 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2013/06/13 07:47:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[2013/06/13 07:24:00 | 000,000,000 | ---D | C] -- C:\Programme\Advanced System Protector
[2013/06/13 07:23:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Systweak
[2013/06/13 07:23:31 | 000,018,952 | ---- | C] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\WINDOWS\System32\roboot.exe
[2013/06/13 07:23:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RegClean Pro
[2013/06/13 07:23:26 | 000,000,000 | ---D | C] -- C:\Programme\RegClean Pro
[2013/06/13 07:05:10 | 017,617,288 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/06/13 07:04:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/13 06:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Eigene Dateien\Downloads
[2013/06/13 06:31:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\AskToolbar
[2013/06/13 06:16:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2013/06/13 06:16:19 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\LocalService\Cookies
[2013/06/13 04:51:53 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\NetworkService\Cookies
[2013/06/12 17:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/06/12 16:57:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/06/12 16:16:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/12 16:16:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/12 16:16:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/12 16:16:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/12 16:13:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\PrivacIE
[2013/06/12 16:06:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/12 16:05:54 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2013/06/12 16:05:54 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Videos
[2013/06/12 16:05:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung
[2013/06/12 16:05:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Musik
[2013/06/12 16:05:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Bilder
[2013/06/12 16:05:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/12 16:00:19 | 005,078,680 | R--- | C] (Swearware) -- C:\ComboFix.exe
[2013/06/12 13:40:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
[2013/06/12 13:40:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2013/06/12 13:40:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Zeon
[2013/06/12 12:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataDesign
[2013/06/12 12:38:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2013/06/12 12:38:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2013/06/12 12:00:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/06/13 15:52:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/13 08:02:25 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013/06/13 08:02:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2013/06/13 08:00:11 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/06/13 08:00:11 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/06/13 08:00:11 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/06/13 08:00:11 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013/06/13 07:57:05 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[2013/06/13 07:53:27 | 000,001,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Registry kostenlos entrümpeln!.lnk
[2013/06/13 07:23:29 | 000,000,697 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegClean Pro.lnk
[2013/06/13 07:23:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RegClean Pro
[2013/06/13 07:19:54 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2013/06/13 07:18:00 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/06/13 07:05:25 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/13 07:05:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/13 07:05:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/06/13 07:05:19 | 017,617,288 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/06/13 06:37:19 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\skype.ini
[2013/06/13 06:21:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/12 16:57:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/06/12 16:38:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/12 16:00:30 | 005,078,680 | R--- | M] (Swearware) -- C:\ComboFix.exe
[2013/06/12 05:34:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/12 04:51:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/17 18:00:46 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/17 04:21:03 | 000,128,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/16 04:17:08 | 000,459,844 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/05/16 04:17:08 | 000,441,906 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/16 04:17:08 | 000,085,170 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/05/16 04:17:08 | 000,071,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/06/13 08:02:25 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013/06/13 07:23:43 | 000,001,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Registry kostenlos entrümpeln!.lnk
[2013/06/13 07:23:29 | 000,000,697 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegClean Pro.lnk
[2013/06/12 16:57:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/06/12 16:57:47 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013/06/12 16:16:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/12 16:16:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/12 16:16:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/12 16:16:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/12 16:16:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/06/12 10:12:15 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\skype.ini
[2013/01/09 06:08:13 | 000,002,478 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2012/02/16 05:56:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/06 15:46:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/09/06 15:46:34 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/09/06 15:46:21 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\$_hpcst$.hpc
[2011/08/27 14:32:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/08/27 14:32:18 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/02/09 17:17:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2011/02/09 17:14:47 | 000,031,864 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/12/25 08:11:26 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2010/10/04 19:59:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2010/09/28 17:03:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/22 14:54:18 | 000,000,112 | ---- | C] () -- C:\WINDOWS\init.ini
[2010/09/09 12:39:33 | 023,537,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\VA001Gespr Eschrich Nar 24032010.MP3
[2010/08/23 12:40:29 | 000,466,944 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\PRIVAT.QEL
[2010/08/23 12:40:29 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\PRIVAT.QAF
[2010/08/19 15:01:10 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/08/19 15:01:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/08/19 15:00:55 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2010/08/19 15:00:54 | 000,009,868 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2010/08/19 15:00:48 | 000,000,441 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/19 15:00:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT
[2010/08/19 14:59:26 | 000,000,320 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/08/19 11:13:49 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/19 10:11:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2010/08/19 10:11:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/08/19 10:04:21 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/08/19 10:04:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/08/19 10:04:19 | 000,001,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2010/08/19 07:17:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/19 07:00:33 | 000,000,135 | ---- | C] () -- C:\Dokumente und Einstellungen\WB\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/08/19 06:20:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/19 06:19:07 | 000,128,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/19 05:40:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/19 05:36:18 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/08/19 05:28:17 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/02 15:10:14 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2009/02/02 15:08:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2009/02/02 15:08:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2005/03/17 06:29:58 | 000,081,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/02/16 10:47:24 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,459,844 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/04 08:00:00 | 000,441,906 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,110,592 | ---- | C] () -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\skype.dat
[2004/08/04 08:00:00 | 000,085,170 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/04 08:00:00 | 000,071,842 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/30 05:48:28 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/30 04:49:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2010/08/19 13:30:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Zeon
[2013/06/12 12:47:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataDesign
[2013/06/13 08:07:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\QuickScan
[2013/06/13 07:55:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Systweak
[2013/06/12 13:40:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Zeon
[2010/08/23 10:33:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Nuance
[2013/01/02 08:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\AskToolbar
[2012/08/26 03:33:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Babylon
[2012/08/26 03:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\BabylonToolbar
[2010/08/23 12:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\DataDesign
[2013/06/13 06:37:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Dropbox
[2010/08/29 10:27:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\GetRightToGo
[2010/09/15 02:38:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\ICAClient
[2010/08/23 12:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Lexware
[2010/08/24 08:22:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Nuance
[2011/09/06 16:11:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\PC Suite
[2011/03/15 06:42:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\profitrader
[2012/04/22 14:05:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Samsung
[2011/03/18 05:21:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\ScanSoft
[2013/01/09 06:08:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Systweak
[2010/08/19 13:31:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\WB\Anwendungsdaten\Zeon
[2010/08/24 06:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\DataDesign
[2010/08/24 06:25:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Lexware
[2010/08/31 04:27:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Zeon
[2012/11/05 04:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2012/08/26 03:33:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012/09/12 05:47:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallBrainService
[2010/08/23 12:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2011/09/06 06:31:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LGMOBILEAX
[2010/08/19 13:30:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nuance
[2011/09/06 16:11:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012/04/22 13:30:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2011/02/09 17:13:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2013/06/13 11:24:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Systweak
[2013/06/13 06:38:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010/08/19 13:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zeon
[2013/06/13 07:18:00 | 000,000,220 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 234 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:527B6DAD
< End of report >
|
|
| Themen zu Weisser Bildschirm nach hochfahren von WIN XP |
| bildschirm, desktop, ebook, exe, funktionier, hochfahren, inter, interne, internet, modus, momentan, notebook, scan, tan, weisse, weisser, weisser bildschirm, win, win xp |
WARNUNG an die MITLESER: 
Linear-Darstellung
