Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
WinXP 32Bit, Bundesamt für Polizei, Sperrbildschirm

WinXP 32Bit, Bundesamt für Polizei, Sperrbildschirm


Log-Analyse und Auswertung: WinXP 32Bit, Bundesamt für Polizei, Sperrbildschirm

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 11.09.2013, 15:29   #1
buford80
 
WinXP 32Bit, Bundesamt für Polizei, Sperrbildschirm - Standard

WinXP 32Bit, Bundesamt für Polizei, Sperrbildschirm


Hallo zusammen

Wieder einmal einen "Bundesamt für Polizei"-Trojaner eingefangen. Den Sperrbildschirm habe ich nicht wegbekommen und beim Booten in den Safe-Mode stürzt der PC jedesmal ab.

Deshalb habe ich mit OTLpe eine Boot-CD erstellt. Nachfolgend die daraus entstanden Log-Files.

OTL.txt
Code:
ATTFilter
OTL logfile created on: 8/17/2013 3:11:42 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
991.00 Mb Total Physical Memory | 768.00 Mb Available Physical Memory | 77.00% Memory free
883.00 Mb Paging File | 795.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149.05 Gb Total Space | 123.54 Gb Free Space | 82.88% Space Free | Partition Type: NTFS
Drive I: | 7.45 Gb Total Space | 3.25 Gb Free Space | 43.63% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (winmgmt)
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2013/07/02 14:36:24 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/07/02 14:35:49 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/06/29 08:36:46 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/06 06:54:41 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/06 06:34:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2004/12/12 23:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 17:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2013/04/09 15:07:13 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/04/09 15:07:13 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/04/09 15:07:13 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 10:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/09/20 09:01:12 | 004,019,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/07/11 14:31:02 | 000,084,096 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/05/09 09:42:27 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand] -- C:\Programme\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2003/07/01 22:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/fsc/
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/index_d.html
IE - HKU\***_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
 
 
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/fsc/
IE - HKU\*****_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/26 16:02:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/11/06 06:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2011/03/23 09:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/11/06 06:34:35 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/06 06:34:33 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/11/06 06:34:11 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/11/06 06:34:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/11/06 06:34:11 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/11/06 06:34:11 | 000,003,581 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google.xml
[2012/11/06 06:34:11 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/11/06 06:34:11 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/11/06 06:34:10 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O3 - HKU\*****_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\*****_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\*****_ON_C\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\***_ON_C..\Run: []  File not found
O4 - HKU\***_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\*****_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\btmxvxjsjppnnthdtqc.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\***_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\*****_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.extrafilm.ch/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185287105812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_19-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} hxxp://www.extrafilm.ch/ExtraFilmUploader6.cab (ExtraFilm Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_19-windows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\***_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\***_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\***\Anwendungsdaten\msconfig.dat) -  File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/04 01:03:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/22 06:39:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/16 19:33:13 | 000,233,472 | -H-- | M] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2013/08/16 19:33:13 | 000,233,472 | -H-- | M] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2013/08/16 19:33:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/16 19:33:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2013/08/16 19:33:06 | 003,145,728 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2013/08/16 19:33:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/16 19:29:45 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2013/08/16 19:28:37 | 1039,519,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/16 18:38:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/14 19:21:59 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\*****\ntuser.ini
[2013/08/05 10:50:50 | 000,000,830 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\btmxvxjsjppnnthdtqc.lnk
[2013/07/23 06:18:39 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/22 06:43:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/22 06:40:43 | 001,038,476 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2013/07/22 06:40:43 | 000,464,300 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/07/22 06:40:43 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/22 06:40:43 | 000,086,682 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/07/22 06:40:43 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/05 10:50:49 | 000,000,830 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\btmxvxjsjppnnthdtqc.lnk
[2012/12/28 08:53:39 | 000,074,752 | ---- | C] () -- C:\Dokumente und Einstellungen\***\wgsdgsdgdsgsd.dll
[2012/08/17 11:57:54 | 000,000,045 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\msconfig.ini
[2012/02/15 06:10:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/28 10:04:01 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/24 07:23:06 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/03/23 09:51:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/22 17:52:10 | 001,656,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2011/03/22 17:52:10 | 000,012,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2011/03/22 17:52:10 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011/03/22 17:52:09 | 000,786,432 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2011/03/22 17:52:09 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2011/03/04 04:27:31 | 000,012,780 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\3614461715
[2011/03/04 04:27:31 | 000,012,780 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3614461715
[2007/10/27 03:12:23 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007/07/24 15:20:44 | 004,840,302 | -H-- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2007/07/24 15:20:44 | 000,012,328 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2007/07/24 15:20:44 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/07/24 15:20:43 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\*****\ntuser.ini
[2007/07/24 15:20:42 | 001,572,864 | -H-- | C] () -- C:\Dokumente und Einstellungen\*****\NTUSER.DAT
[2007/07/24 10:15:44 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/12 14:35:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\CnxE2FS.bin
[2007/07/12 14:31:10 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/03/05 07:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/27 09:01:29 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/01/27 09:01:28 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/01/27 09:01:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/01/11 09:52:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\mws.exe
[2007/01/11 09:26:26 | 000,044,437 | ---- | C] () -- C:\WINDOWS\System32\compare.dat
[2007/01/11 09:26:01 | 006,947,894 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2007/01/11 09:26:01 | 000,068,264 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2007/01/11 09:26:01 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/01/11 09:26:00 | 003,145,728 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2007/01/11 09:26:00 | 000,000,300 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2006/11/03 07:01:42 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2006/11/03 07:01:42 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2006/11/03 07:01:42 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2006/11/03 07:01:42 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2006/11/03 07:01:42 | 000,034,032 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2006/11/03 07:01:41 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2006/11/03 07:01:41 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2006/11/03 07:01:41 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2006/11/03 07:01:41 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2006/11/03 07:01:41 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2006/11/03 07:01:41 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2006/11/03 07:01:41 | 000,027,914 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2006/11/03 07:01:41 | 000,004,992 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2006/11/03 07:01:17 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2006/11/03 07:01:17 | 000,009,032 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2006/11/03 07:00:59 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2006/11/03 07:00:59 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2006/11/03 07:00:54 | 001,038,476 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2006/11/03 07:00:54 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2006/11/03 07:00:54 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2006/11/03 07:00:54 | 000,027,055 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2006/11/03 07:00:54 | 000,017,241 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2006/11/03 07:00:54 | 000,014,060 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2006/11/03 07:00:54 | 000,006,287 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2006/11/03 07:00:54 | 000,004,438 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2006/11/03 07:00:54 | 000,004,233 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2006/11/03 07:00:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/11/03 07:00:54 | 000,003,999 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2006/11/03 07:00:54 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/11/03 07:00:54 | 000,001,783 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2006/11/03 07:00:54 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2006/11/03 07:00:54 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/11/03 07:00:54 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/11/03 07:00:54 | 000,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/11/03 07:00:54 | 000,000,369 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2006/11/03 07:00:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/11/03 07:00:54 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006/11/03 07:00:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/03 07:00:54 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2006/11/03 07:00:54 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2006/11/03 07:00:54 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\NetworkService\ntuser.ini
[2006/11/03 07:00:54 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.ini
[2006/11/03 07:00:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2006/11/03 07:00:37 | 000,011,903 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2006/11/03 07:00:37 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2006/11/03 07:00:36 | 000,003,358 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2006/11/03 07:00:34 | 000,007,084 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2006/11/03 07:00:33 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2006/11/03 07:00:32 | 000,039,546 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2006/11/03 07:00:31 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2006/11/03 07:00:31 | 000,054,128 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2006/11/03 07:00:31 | 000,021,210 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2006/11/03 07:00:31 | 000,013,026 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2006/11/03 07:00:31 | 000,008,584 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2006/11/03 07:00:31 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2006/11/03 07:00:30 | 000,012,610 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2006/11/03 07:00:21 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2006/11/03 07:00:16 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2006/11/03 07:00:04 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2006/11/03 07:00:04 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/11/03 07:00:03 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2006/11/03 07:00:02 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2006/11/03 06:59:56 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2006/11/03 06:59:54 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2006/11/03 06:59:54 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2006/11/03 06:59:48 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2006/11/03 06:59:45 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2006/11/03 06:59:40 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2006/11/03 06:59:37 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2006/11/03 06:59:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/03 06:59:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/11/03 06:59:25 | 000,464,300 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/11/03 06:59:25 | 000,445,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/11/03 06:59:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/11/03 06:59:25 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/11/03 06:59:25 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/03 06:59:25 | 000,233,472 | -H-- | C] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2006/11/03 06:59:25 | 000,233,472 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2006/11/03 06:59:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/11/03 06:59:25 | 000,086,682 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/11/03 06:59:25 | 000,073,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/11/03 06:59:25 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/11/03 06:59:25 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/11/03 06:59:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/03 06:59:25 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/11/03 06:59:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/11/03 06:59:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/03 06:59:24 | 000,071,022 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2006/11/03 06:59:24 | 000,052,777 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2006/11/03 06:59:24 | 000,019,726 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2006/11/03 06:59:24 | 000,014,816 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2006/11/03 06:59:24 | 000,001,273 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2006/11/03 06:59:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/11/03 06:59:05 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/11/03 06:59:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/29 09:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 09:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 10:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 10:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2007/12/24 12:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Destinator
[2009/09/02 10:38:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo
[2012/10/11 11:43:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\InterVideo
[2008/05/16 05:28:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2009/09/02 10:38:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
 
========== Purity Check ==========
 
 
< End of report >
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 8/17/2013 3:11:42 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
991.00 Mb Total Physical Memory | 768.00 Mb Available Physical Memory | 77.00% Memory free
883.00 Mb Paging File | 795.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149.05 Gb Total Space | 123.54 Gb Free Space | 82.88% Space Free | Partition Type: NTFS
Drive I: | 7.45 Gb Total Space | 3.25 Gb Free Space | 43.63% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"LGE PC Portal for N10" = LGE PC Portal for N10
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NP_SO_2009" = SolothurnTax 2009 9.2.9
"NP_SO_2010" = SolothurnTax 2010 10.2.8
"NP_SO_2011" = SolothurnTax 2011 11.3.33
"NP_SO_2012" = SolothurnTax 2012 12.3.13
"SolothurnTax 2006 1.3.0" = SolothurnTax 2006 1.3.0
"SolothurnTax 2007 1.2.5" = SolothurnTax 2007 1.2.5
"SolothurnTax 2008 1.2.2" = SolothurnTax 2008 1.2.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Companion
"Yahoo! Messenger" = Yahoo! Messenger
 
< End of report >
Viel Dank für Eure Unterstützung bereits im Voraus!

 

Themen zu WinXP 32Bit, Bundesamt für Polizei, Sperrbildschirm
adobe, adobe reader xi, antivir, avira, bho, desktop, einstellungen, firefox, flash player, ftp, homepage, mozilla, object, plug-in, registry, rundll, schannel.dll, security, software, trojan.agent, trojan.exploitdrop.ws, trojan.ransom.ed, windows, windows xp


« JS/Agent.32548 in Sandboxie per Firefox u. mehr? | Windows 7: Webseitenumleitung ihavenet.com »


Ähnliche Themen: WinXP 32Bit, Bundesamt für Polizei, Sperrbildschirm


  1. Windows 7: Sperrbildschirm, Bundesamt für Sicherheit und Informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 29.09.2015 (33)
  2. GVU-Sperrbildschirm samt Geldforderung nach einigen Minuten (Win7, 32Bit)
    Plagegeister aller Art und deren Bekämpfung - 08.12.2014 (15)
  3. Windows Vista: Bundes Kriminal Polizei - Sperrbildschirm
    Plagegeister aller Art und deren Bekämpfung - 14.06.2014 (15)
  4. Polizei Sperrbildschirm - Trojander - Windows 7
    Log-Analyse und Auswertung - 18.01.2014 (11)
  5. BKA-Trojaner Sperrbildschirm Windows Vista (32bit) kein abgesicherter Modus
    Log-Analyse und Auswertung - 07.01.2014 (14)
  6. WinXP SP3 Malware - Virenscanner usw. lassen sich nicht installieren! Dualbootsystem WinXP/Win7
    Log-Analyse und Auswertung - 13.12.2013 (15)
  7. Windows Vista 32bit: Weisser Sperrbildschirm nach Start
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (10)
  8. Trojaner vom "Bundesamt für Polizei"
    Log-Analyse und Auswertung - 23.07.2013 (1)
  9. CIBS Pol Bundesamt für Polizei Trojaner
    Log-Analyse und Auswertung - 08.07.2013 (15)
  10. Win7 64bit Polizei sperrbildschirm
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (9)
  11. CIBS POL Bundesamt für Polizei - Eidgenossen-Trojaner auf Windows-XP
    Log-Analyse und Auswertung - 16.05.2013 (19)
  12. Bundesamt für Polizei, Vista 32Bit
    Log-Analyse und Auswertung - 14.05.2013 (10)
  13. CIBS POL Bundesamt für Polizei - Eidgenossen-Trojaner auf Windows-XP - Abgesicherter Modus nicht startbar
    Plagegeister aller Art und deren Bekämpfung - 12.05.2013 (16)
  14. Ich Computer wurde gesperrt - Bundesamt für Polizei
    Plagegeister aller Art und deren Bekämpfung - 15.04.2013 (3)
  15. PC fährt nicht hoch, mit Fehlermeldung - WinXP, 32bit, BIOS Version V1.3 110405
    Netzwerk und Hardware - 26.02.2013 (2)
  16. Polizei Control Department - Sperrbildschirm
    Log-Analyse und Auswertung - 10.01.2013 (29)
  17. REG:system.ini: UserInit=C:\WINXP\system32\userinit.exe,C:\WINXP\s ystem32\twext.exe
    Log-Analyse und Auswertung - 15.08.2009 (19)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema WinXP 32Bit, Bundesamt für Polizei, Sperrbildschirm - Hallo zusammen Wieder einmal einen "Bundesamt für Polizei"-Trojaner eingefangen. Den Sperrbildschirm habe ich nicht wegbekommen und beim Booten in den Safe-Mode stürzt der PC jedesmal ab. Deshalb habe ich mit - WinXP 32Bit, Bundesamt für Polizei, Sperrbildschirm...
Archiv
Du betrachtest: WinXP 32Bit, Bundesamt für Polizei, Sperrbildschirm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131