| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows XP: GVU Trojaner, abgesicherter Modus geht nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.09.2013, 18:51
| #1 |
| |  Windows XP: GVU Trojaner, abgesicherter Modus geht nicht Hallo wertes Forum, ich sitze hier neben einem WindowsXP-Rechner, der sich zwar noch starten lässt, allerdings nach kurzer Zeit einen GVU-Sperrbildschirm zeigt. Ich habe mir OTLPE 3.1.48.0 heruntergeladen, gebrannt, den XP-Rechner gescannt und der Log aus der OTL.txt sieht folgendermaßen aus (eine Datei Extra.txt gab es nicht): Code:
ATTFilter OTL logfile created on: 9/5/2013 8:37:30 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40.00 Gb Total Space | 6.72 Gb Free Space | 16.81% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 146.22 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive E: | 138.67 Gb Total Space | 138.41 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive F: | 140.61 Gb Total Space | 112.29 Gb Free Space | 79.86% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/08/29 02:08:53 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/20 08:29:42 | 000,060,352 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2013/03/06 11:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/01/14 15:16:40 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/08/30 13:03:54 | 000,189,128 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Programme\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)
SRV - [2011/08/30 13:03:46 | 000,189,128 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Programme\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2011/08/30 13:03:32 | 000,582,344 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Programme\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/08/30 13:03:10 | 000,221,896 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2011/07/20 00:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/05/25 08:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/30 11:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/05/01 21:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/10/11 02:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/06/27 13:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 07:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006/04/10 11:54:14 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2004/10/21 21:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GT680x)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/07/10 09:38:51 | 000,145,856 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand] -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012/08/15 11:39:31 | 000,044,240 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2011/08/30 13:03:42 | 000,072,552 | ---- | M] (F-Secure Corporation) [Kernel | System] -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2011/08/30 13:03:32 | 000,083,304 | ---- | M] (F-Secure Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2010/11/12 11:15:07 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2010/08/22 16:24:33 | 000,083,344 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510obex.sys -- (k510obex)
DRV - [2010/08/22 16:24:32 | 000,094,064 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510mdm.sys -- (k510mdm)
DRV - [2010/08/22 16:24:32 | 000,085,408 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510mgmt.sys -- (k510mgmt) Sony Ericsson K510 USB WMC Device Management Drivers (WDM)
DRV - [2010/08/22 16:24:32 | 000,058,288 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510bus.sys -- (k510bus) Sony Ericsson K510 Driver driver (WDM)
DRV - [2010/08/22 16:24:32 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510mdfl.sys -- (k510mdfl)
DRV - [2009/03/02 19:20:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/09/24 05:52:52 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/02/28 22:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/28 22:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/28 22:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/28 22:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/28 22:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/28 09:50:36 | 000,517,632 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/05/10 05:28:00 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/14 04:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/06/18 17:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/14 01:56:00 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005/10/18 09:01:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005/02/23 08:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/04/17 07:43:50 | 000,076,800 | ---- | M] (TerraTec Electronic GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\BT848.SYS -- (BT848)
DRV - [2003/04/17 07:43:50 | 000,012,288 | ---- | M] (TerraTec Electronic GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\BTTUNER.SYS -- (BTTUNER)
DRV - [2003/04/17 07:43:50 | 000,011,264 | ---- | M] (TerraTec Electronic GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\BTXBAR.SYS -- (BTXBAR)
DRV - [2001/08/09 20:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Heinrich_Schmidt_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\Heinrich_Schmidt_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\Heinrich_Schmidt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Heinrich_Schmidt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/01 04:39:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013/07/31 03:05:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/01 04:39:03 | 000,000,000 | ---D | M]
[2009/01/20 11:03:10 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
O1 HOSTS File: ([2010/06/15 10:38:12 | 000,404,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13983 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\Heinrich_Schmidt_ON_C\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\Heinrich_Schmidt_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [IQmG7lF7] C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TerraTec Scheduler] C:\Programme\Gemeinsame Dateien\TerraTec\Scheduler\TTTimer.exe (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKU\Heinrich_Schmidt_ON_C..\Run: [cleansweep.exe] File not found
O4 - HKU\Heinrich_Schmidt_ON_C..\Run: [IQmG7lF7] C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Hama Wireless LAN Utility.lnk = C:\Programme\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\Heinrich_Schmidt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_30.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1364985392843 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/24 05:39:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/08/15 15:44:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2010/11/12 11:15:06 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/09/05 13:07:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/05 12:58:12 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/05 12:58:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/05 12:45:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/04 04:14:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/04 04:13:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/09/04 04:13:31 | 000,180,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\e15932d3-1ac3-4889-910e-977df90645d7
[2013/09/04 04:13:18 | 000,121,344 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe
[2013/09/04 03:52:01 | 000,001,110 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/03 06:37:56 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2013/09/02 03:00:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\{E9FC15DF-1F8F-4BE9-99A3-FBC52C00FB6E}_HEINRICH-43F1D3_Heinrich Schmidt.job
[2013/08/29 02:08:52 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/29 02:08:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/15 15:46:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/15 15:40:10 | 000,484,360 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/08/15 15:40:10 | 000,442,816 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/15 15:40:10 | 000,094,398 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/08/15 15:40:10 | 000,071,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/09/04 04:13:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/04 04:13:31 | 000,180,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\e15932d3-1ac3-4889-910e-977df90645d7
[2013/09/04 04:13:25 | 000,121,344 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe
[2013/04/13 05:42:49 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/13 05:42:49 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/13 05:42:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/02/07 23:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/06/20 16:48:59 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/05/06 07:30:47 | 000,000,696 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012/02/16 07:09:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/10 10:25:30 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/02/08 15:14:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\wsutil.exe
[2011/02/08 15:14:15 | 000,000,031 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2011/02/08 15:13:24 | 000,172,032 | ---- | C] () -- C:\WINDOWS\WsBtn.dll
[2010/06/03 06:34:23 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\dhxiuw.dat
[2010/02/01 04:38:33 | 000,023,671 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/01/18 12:31:24 | 000,019,556 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2009/12/10 18:48:39 | 000,078,170 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/09/15 12:49:05 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/09/15 12:49:05 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/09/15 12:49:05 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/09/15 12:49:05 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/09/15 12:49:05 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/09/15 12:49:05 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/09/15 12:49:05 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/09/15 12:49:05 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/09/15 12:49:05 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/09/15 12:49:05 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/09/15 12:49:05 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/09/15 12:49:05 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/09/15 12:49:05 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/09/15 12:49:05 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/09/15 12:49:05 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/09/15 12:49:05 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/09/15 12:49:05 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/09/15 12:49:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/09/15 12:49:05 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/17 10:51:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/01/16 11:16:36 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Ÿ9Ÿ9
[2009/01/16 07:39:22 | 000,179,210 | ---- | C] () -- C:\WINDOWS\hpoins29.dat
[2009/01/16 07:39:22 | 000,000,986 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat
[2008/12/26 12:34:38 | 000,000,090 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\default.pls
[2008/11/02 09:41:27 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/10/27 06:01:40 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini
[2008/10/27 05:26:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2008/09/27 16:30:52 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 09:40:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/27 09:27:10 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini
[2008/09/27 09:19:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Gtwatch.exe
[2008/09/27 08:46:40 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2008/09/27 08:46:40 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2008/09/27 08:46:39 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2008/09/27 08:46:39 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2008/09/27 08:46:39 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2008/09/27 08:46:39 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2008/09/27 08:46:39 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2008/09/27 08:46:39 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2008/09/27 08:46:39 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2008/09/27 08:46:39 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2008/09/27 08:35:43 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/24 06:30:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/24 06:29:04 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/24 05:51:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/09/24 05:40:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/24 05:37:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 16:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 16:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 16:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,484,360 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/04/14 08:00:00 | 000,442,816 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,094,398 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/04/14 08:00:00 | 000,071,828 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/01 05:22:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 05:22:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/06/01 05:22:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 05:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/06/01 05:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 05:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 05:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 05:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/06/01 05:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/01 05:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/07/01 20:04:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\EPLPSE02.DLL
[2001/09/03 20:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2000/09/28 20:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\EPLUUE02.DLL
[1999/01/26 17:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
========== LOP Check ==========
[2009/12/20 13:33:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\becker
[2012/05/06 07:31:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Buhl Data Service
[2011/12/11 15:50:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Desktopicon
[2012/05/24 03:26:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\F-Secure
[2009/01/20 11:15:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Haufe
[2008/09/27 11:25:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Leadertech
[2009/01/20 11:09:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Lexware
[2009/09/15 12:49:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Panasonic
[2012/05/23 06:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Pofois
[2010/08/22 16:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Teleca
[2008/09/27 10:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Windows Desktop Search
[2008/09/27 11:05:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Windows Search
[2012/06/20 16:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Ybak
[2012/05/31 09:15:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Zobyu
[2011/12/28 13:02:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2009/01/20 11:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2013/04/05 06:44:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2011/12/10 10:25:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2011/12/10 10:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg
[2009/01/20 11:02:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2009/01/20 11:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2010/05/19 13:42:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2010/05/19 13:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2010/06/16 08:20:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008/09/27 11:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2011/07/02 08:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/05/17 10:00:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\{65B82898-C980-4BA0-BF9D-E471B1124929}_HEINRICH-43F1D3_Heinrich Schmidt.job
[2013/07/15 10:00:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\{A52BE7FC-5A94-46DC-97B7-F7074335C5E8}_HEINRICH-43F1D3_Heinrich Schmidt.job
[2013/09/02 03:00:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\{E9FC15DF-1F8F-4BE9-99A3-FBC52C00FB6E}_HEINRICH-43F1D3_Heinrich Schmidt.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 159 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
< End of report >
Viele Grüße Cassi |
| Themen zu Windows XP: GVU Trojaner, abgesicherter Modus geht nicht |
| abgesicherter modus funktioniert nicht, adobe, adobe flash player, asus, bho, bonjour, desktop, einstellungen, error, explorer, firefox, flash player, format, gvu windows xp, helper, homepage, log, logfile, mdm.exe, plug-in, realtek, registry, software, starten, trojaner, usb, windows, windows xp |
Baum-Darstellung