Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich

Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich


Log-Analyse und Auswertung: Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.10.2013, 20:21   #1
webpeter
 
Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich - Standard

Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich


Hallo,

ich habe mir einen Trojaner mit Sperrbildschirm eingefangen, der auch im abgesicherten Modus erscheint.

Ich habe einen FRST und einen OTL-Scan erstellt.

Wäre klasse wenn mir jemand helfen könnte.

Ingo

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
Ran by SYSTEM on REATOGO on 20-10-2013 23:07:47
Running from E:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-31] (Synaptics, Inc.)
HKLM\...\Run: [PLFSetL] - C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix)
HKLM\...\Run: [LaunchAp] - C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] ()
HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron)
HKLM\...\Run: [LMgrOSD] - C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.)
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\weimann\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [ 2007-10-15] (Nero AG)
HKU\weimann\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res [ 2013-07-09] () <==== ATTENTION 

========================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-06-27] ()
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH)
S2 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [40960 2007-11-02] (Softex Inc.)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2007-09-11] (Wistron Corp.)

==================== Drivers (Whitelisted) ====================

S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
S3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [805416 2007-08-30] (Bison Electronics. Inc. )
S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S1 Hotkey; C:\Windows\System32\Drivers\Hotkey.sys [9867 2003-04-28] ()
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [23424 2007-08-08] (Huawei Tech. Co., Ltd.)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
S0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)
S0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)
S0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749760 2007-08-22] ()
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S3 Aelmaninss; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [100864 2008-01-22] (Huawei Technologies Co., Ltd.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-20 23:07 - 2013-10-20 23:07 - 00000000 ____D C:\FRST
2013-10-20 21:28 - 2013-10-20 21:28 - 00057174 _____ C:\OTL.Txt
2013-10-19 13:39 - 2013-10-19 14:04 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-10 11:24 - 2013-09-23 08:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-10 11:24 - 2013-09-23 08:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-10 11:24 - 2013-09-23 08:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-10-10 11:24 - 2013-09-23 08:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-10-10 11:24 - 2013-09-23 08:53 - 00611840 _____ (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-10-10 11:24 - 2013-09-23 08:52 - 06017024 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-10 11:24 - 2013-09-23 08:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-10 11:24 - 2013-09-23 08:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-10-10 11:24 - 2013-09-23 08:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 11111936 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 02005504 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-10-10 11:24 - 2013-09-23 08:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-10 11:24 - 2013-09-23 08:50 - 00387584 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-10-10 11:24 - 2013-09-23 08:49 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\corpol.dll
2013-10-10 11:24 - 2013-09-23 07:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-10-10 11:24 - 2013-09-23 05:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-10 11:24 - 2013-09-23 05:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-10-10 11:24 - 2013-09-23 05:27 - 01638912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-10 11:24 - 2013-09-23 05:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-10-10 11:24 - 2013-08-29 03:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-10 11:24 - 2013-07-31 23:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-10 11:24 - 2013-07-31 22:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-10-10 11:24 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 11:24 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-10 11:24 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-10 11:24 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-10 11:24 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-10 11:24 - 2013-06-28 22:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-10 11:24 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-10 11:24 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-10 11:24 - 2013-06-26 19:01 - 00047720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-10-10 11:24 - 2013-06-26 19:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-10-10 11:24 - 2013-06-04 00:16 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-10 11:24 - 2013-06-03 21:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-10 11:24 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-10 11:24 - 2011-05-05 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-05 08:45 - 2013-10-05 08:45 - 00000000 ____D C:\Windows\System32\Adobe

==================== One Month Modified Files and Folders =======

2013-10-20 23:07 - 2013-10-20 23:07 - 00000000 ____D C:\FRST
2013-10-20 21:28 - 2013-10-20 21:28 - 00057174 _____ C:\OTL.Txt
2013-10-20 21:25 - 2008-02-21 04:08 - 00000000 ____D C:\users\weimann
2013-10-20 06:25 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-20 06:25 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-20 06:16 - 2008-02-21 04:03 - 01703518 _____ C:\Windows\WindowsUpdate.log
2013-10-20 06:15 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\tracing
2013-10-19 16:07 - 2012-06-18 15:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-19 14:04 - 2013-10-19 13:39 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-17 12:37 - 2008-04-01 14:53 - 00028029 _____ C:\Users\weimann\AppData\Roaming\nvModes.001
2013-10-16 09:47 - 2008-02-21 08:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-12 14:04 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 13:46 - 2006-11-02 06:33 - 01445786 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-10 13:40 - 2006-11-02 08:47 - 00350640 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-10 12:40 - 2013-08-14 09:43 - 00000000 ____D C:\Windows\System32\MRT
2013-10-10 12:36 - 2006-11-02 06:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-10-09 14:35 - 2012-06-18 15:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-10-09 14:35 - 2012-02-22 14:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-10-09 08:26 - 2008-04-11 12:10 - 00000000 ____D C:\Susan
2013-10-05 08:45 - 2013-10-05 08:45 - 00000000 ____D C:\Windows\System32\Adobe
2013-09-23 16:15 - 2008-02-29 06:59 - 00000030 _____ C:\Windows\Iedit_.INI
2013-09-23 08:57 - 2013-10-10 11:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-23 08:57 - 2013-10-10 11:24 - 00916992 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-23 08:57 - 2013-10-10 11:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-09-23 08:55 - 2013-10-10 11:24 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-09-23 08:53 - 2013-10-10 11:24 - 00611840 _____ (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-09-23 08:52 - 2013-10-10 11:24 - 06017024 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-23 08:52 - 2013-10-10 11:24 - 00630272 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-23 08:52 - 2013-10-10 11:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-09-23 08:52 - 2013-10-10 11:24 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 11111936 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 02005504 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-09-23 08:51 - 2013-10-10 11:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-23 08:50 - 2013-10-10 11:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-09-23 08:49 - 2013-10-10 11:24 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\corpol.dll
2013-09-23 07:14 - 2013-10-10 11:24 - 00385024 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-09-23 05:29 - 2013-10-10 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-23 05:29 - 2013-10-10 11:24 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-09-23 05:27 - 2013-10-10 11:24 - 01638912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-23 05:27 - 2013-10-10 11:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

Files to move or delete:
====================
C:\Users\weimann\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\weimann\AppData\Local\Temp\rpgaynnrvylmehevggufkpnrc.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

18
Restore point made on: 2013-07-23 13:54:59
Restore point made on: 2013-07-30 12:56:55
Restore point made on: 2013-08-02 13:30:25
Restore point made on: 2013-08-07 13:39:38
Restore point made on: 2013-08-14 03:04:05
Restore point made on: 2013-08-14 09:40:42
Restore point made on: 2013-08-20 13:36:10
Restore point made on: 2013-08-27 12:13:01
Restore point made on: 2013-08-29 13:49:47
Restore point made on: 2013-09-13 04:17:54
Restore point made on: 2013-09-13 07:54:11
Restore point made on: 2013-09-17 12:59:29
Restore point made on: 2013-09-24 14:07:20
Restore point made on: 2013-10-01 10:10:45
Restore point made on: 2013-10-05 04:13:21
Restore point made on: 2013-10-10 11:17:47
Restore point made on: 2013-10-10 12:34:43
Restore point made on: 2013-10-15 13:36:25

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 3070.36 MB
Available physical RAM: 2766.04 MB
Total Pagefile: 2895.05 MB
Available Pagefile: 2823.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.65 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (BOOT) (Fixed) (Total:126.37 GB) (Free:51.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVER) (Fixed) (Total:22.66 GB) (Free:12.23 GB) FAT32
Drive e: (USB-STICK) (Removable) (Total:1.88 GB) (Free:1.78 GB) FAT
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 2 GB) (Disk ID: 6B736964)
No partition Table on disk 0.

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 08DB956A)
Partition 1: (Not Active) - (Size=23 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=126 GB) - (Type=07 NTFS)


LastRegBack: 2013-10-19 16:22

==================== End Of Log ============================
Code:
ATTFilter
OTL logfile created on: 10/20/2013 9:25:48 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19475)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126.37 Gb Total Space | 51.33 Gb Free Space | 40.62% Space Free | Partition Type: NTFS
Drive D: | 22.66 Gb Total Space | 12.23 Gb Free Space | 53.98% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/10/19 13:39:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/09 14:35:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/12/08 14:31:24 | 001,527,104 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/08 14:28:00 | 000,029,504 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/02 07:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007/10/03 10:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [On_Demand] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/09/11 09:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007/04/19 07:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto] -- C:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/11/17 10:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (igfx)
DRV - File not found [Adapter | On_Demand] --  -- (Aelmaninss)
DRV - [2010/10/07 06:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/03/17 05:05:30 | 000,101,632 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/12/18 06:31:00 | 007,630,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/30 14:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007/08/28 10:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/08/22 13:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/08/08 22:06:40 | 000,023,424 | R--- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2007/08/08 02:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/07/31 05:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007/06/01 04:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007/05/25 03:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/05/25 03:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007/04/30 07:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/30 09:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/11/28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2003/04/28 05:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\weimann_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\weimann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\weimann_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\weimann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 15:33:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 15:33:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
[2012/06/18 15:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/14 18:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/25 15:23:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/14 18:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/14 18:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/14 18:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/14 18:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/14 18:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\weimann_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197719312979 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\weimann_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\weimann_ON_C Winlogon: Shell - (C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res) - C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4f1b10c9-f3d2-11de-8448-0015af79c5b9}\Shell - "" = AutoRun
O33 - MountPoints2\{4f1b10c9-f3d2-11de-8448-0015af79c5b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5abeca54-f3d1-11de-9de2-0015af79c5b9}\Shell - "" = AutoRun
O33 - MountPoints2\{5abeca54-f3d1-11de-9de2-0015af79c5b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{64d0c4f1-616e-11de-9654-0015af79c5b9}\Shell - "" = AutoRun
O33 - MountPoints2\{64d0c4f1-616e-11de-9654-0015af79c5b9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{64d0c4f7-616e-11de-9654-0015af79c5b9}\Shell - "" = AutoRun
O33 - MountPoints2\{64d0c4f7-616e-11de-9654-0015af79c5b9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{65f5f7b3-a6ac-11e2-b03d-85ef2b60e62a}\Shell - "" = AutoRun
O33 - MountPoints2\{65f5f7b3-a6ac-11e2-b03d-85ef2b60e62a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{df8716cd-f86f-11de-8059-0015af79c5b9}\Shell - "" = AutoRun
O33 - MountPoints2\{df8716cd-f86f-11de-8059-0015af79c5b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e170774b-dc26-11df-9fad-0015af79c5b9}\Shell - "" = AutoRun
O33 - MountPoints2\{e170774b-dc26-11df-9fad-0015af79c5b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f3d32600-60f4-11df-b6ed-0016d387311e}\Shell - "" = AutoRun
O33 - MountPoints2\{f3d32600-60f4-11df-b6ed-0016d387311e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/19 13:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/10/10 11:24:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/10 11:24:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/10 11:24:38 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/10 11:24:38 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/10/10 11:24:38 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/10/10 11:24:38 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/10/10 11:24:38 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/10/10 11:24:38 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/10 11:24:38 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/10 11:24:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/10/10 11:24:38 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/10 11:24:37 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/10/10 11:24:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/10/10 11:24:37 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/10/10 11:24:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/10/10 11:24:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/10/10 11:24:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/10 11:24:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2013/10/10 11:24:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/10/10 11:24:36 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/10 11:24:35 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 11:24:34 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/10 11:24:26 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/10/10 11:24:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/10/10 11:24:24 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/10 11:24:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/10 11:24:23 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/10 11:24:23 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/10 11:24:21 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/10/05 08:45:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2007/10/22 07:45:46 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/10/22 07:45:45 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/20 06:29:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/20 06:26:45 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32850A4D-009D-44A4-93C4-83647F4DFAD0}.job
[2013/10/20 06:25:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/20 06:25:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/20 06:24:11 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/19 16:35:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/10 13:46:46 | 000,628,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/10/10 13:46:46 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/10 13:46:46 | 000,127,056 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/10/10 13:46:46 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/10 13:40:33 | 000,350,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/09 14:35:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/09 14:35:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/23 16:15:43 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit_.INI
[2013/09/23 08:57:27 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/23 08:53:10 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/09/23 08:52:31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/23 08:52:31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/09/23 08:51:49 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/09/23 08:51:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/23 08:51:24 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/09/23 08:51:07 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/23 08:51:07 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/23 08:51:06 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/23 08:51:04 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/09/23 08:51:04 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/23 08:50:58 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/09/23 08:49:22 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2013/09/23 07:14:03 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/09/23 05:29:22 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/09/23 05:29:11 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/23 05:27:55 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/09/23 05:27:14 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
 
========== Files Created - No Company Name ==========
 
[2013/10/20 06:24:11 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/14 08:17:43 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res
[2013/03/22 14:54:01 | 000,000,032 | ---- | C] () -- C:\Windows\setup.INI
[2012/02/24 18:09:58 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/01/04 07:45:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/04 07:45:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/04 07:44:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/23 14:54:11 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/23 14:31:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009/06/23 14:31:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2008/03/25 09:35:44 | 000,000,552 | ---- | C] () -- C:\Users\weimann\AppData\Local\d3d8caps.dat
[2008/03/25 09:25:22 | 000,001,356 | ---- | C] () -- C:\Users\weimann\AppData\Local\d3d9caps.dat
[2008/03/25 09:10:35 | 000,001,158 | ---- | C] () -- C:\Windows\mozver.dat
[2008/02/29 06:59:48 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI
[2008/02/21 10:03:37 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2008/02/21 10:03:35 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll
[2008/02/21 10:03:34 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll
[2008/02/21 08:29:48 | 000,022,016 | ---- | C] () -- C:\Users\weimann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/21 08:23:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/21 04:09:23 | 000,000,095 | ---- | C] () -- C:\Users\weimann\AppData\Local\fusioncache.dat
[2007/12/15 01:36:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/10/25 03:15:05 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007/10/25 03:15:04 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/10/22 22:20:15 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007/10/22 07:45:45 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/10/22 07:45:45 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/10/22 07:45:45 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007/10/22 07:45:45 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2007/09/18 03:38:30 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007/09/18 03:33:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2007/09/18 03:16:24 | 000,000,132 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2007/09/12 03:36:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/12 03:35:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/09/12 03:35:31 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2006/12/11 00:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/04 18:16:26 | 000,409,600 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll
[2006/11/03 22:58:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll
[2006/11/02 11:33:31 | 000,628,448 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,127,056 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,350,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,940 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/29 10:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2006/09/24 16:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2006/09/24 16:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2006/09/21 08:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll
[2006/09/21 08:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll
[2006/09/21 08:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll
[2005/11/09 07:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll
[2005/11/09 07:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll
[2005/11/09 07:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll
[2001/10/10 03:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll
[2001/10/10 03:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll
[2001/03/07 03:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll
 
========== LOP Check ==========
 
[2010/01/17 15:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Meine Traffic
[2013/10/20 06:16:14 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/10/20 06:26:45 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{32850A4D-009D-44A4-93C4-83647F4DFAD0}.job
 
========== Purity Check ==========
 
 
< End of report >

 

Themen zu Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich
adobe, adobe flash player, association, autorun, bho, bka - trojaner, defender, error, explorer, farbar, farbar recovery scan tool, flash player, format, home, logfile, mozilla, nicht möglich, nvidia, pdf, plug-in, realtek, registry, rundll, services.exe, software, sperrbildschirm, svchost.exe, system, temp, trojaner, vista, winlogon.exe


« Nicht zuordenbaren Traffic und mehrere Anzeichen auf Spionage | Nach Neustart:Weisser Bildschirm mit Nachricht: Die Navigation zur Webseite wurde abgebrochen. »


Ähnliche Themen: Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich


  1. Gvu /BKA /Interpol –Virus, starten im abgesicherten Modus nicht möglich (Windows XP 32bit)
    Log-Analyse und Auswertung - 13.11.2014 (19)
  2. Windows 7: BKA Trojaner - Sperrbildschirm - abges. Modus startet nicht
    Log-Analyse und Auswertung - 11.06.2014 (3)
  3. Windows XP: GVU Sperrbildschirm, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 27.05.2014 (17)
  4. Gvu /BKA /Interpol –Virus, starten im abgesicherten Modus nicht möglich (Windows XP 32bit)
    Log-Analyse und Auswertung - 16.03.2014 (5)
  5. Interpol Trojaner - auch abgesicherter Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 10.03.2014 (11)
  6. Interpol-Sperrbildschirm, Win XP, kein abgesicherter Modus klappt - dauernder Neustart
    Log-Analyse und Auswertung - 02.03.2014 (5)
  7. Windows7: GUV/Interpol-Trojaner mit Sperrbildschirm... Komme nicht weiter
    Log-Analyse und Auswertung - 05.02.2014 (6)
  8. Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich!
    Log-Analyse und Auswertung - 11.01.2014 (15)
  9. Interpol-Sperrbildschirm,Windows7Professional, PC startet im abgesichterten Modus von alleine neu
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (16)
  10. Win 7: GVU Trojaner mit Sperrbildschirm - starten im abgesicherten Modus nicht möglich!
    Log-Analyse und Auswertung - 31.10.2013 (13)
  11. GZV Trojaner - abgesichter Modus startet nicht - Schritt 1 bis 4 erledigt
    Log-Analyse und Auswertung - 03.09.2013 (7)
  12. BKA/Interpol-Trojaner - Win 7 - Nur abgesicherter Modus mit Eingabeaufforderung möglich
    Plagegeister aller Art und deren Bekämpfung - 27.08.2013 (9)
  13. GUV Trojaner - kein abgesichter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (33)
  14. GVU Trojaner Abgesichter Modus funktioniert nicht! FRST Scan durchgeführt.
    Log-Analyse und Auswertung - 15.07.2013 (5)
  15. GVU Trojaner / abgesichter Modus blockiert
    Log-Analyse und Auswertung - 14.05.2013 (2)
  16. Und noch ein GVU Trojaner! Abgesichter Modus nicht verfügbar
    Plagegeister aller Art und deren Bekämpfung - 26.01.2013 (1)
  17. Rechner ist sehr langsam und Abgesichter MOdus geht nicht
    Log-Analyse und Auswertung - 21.12.2007 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich - Hallo, ich habe mir einen Trojaner mit Sperrbildschirm eingefangen, der auch im abgesicherten Modus erscheint. Ich habe einen FRST und einen OTL-Scan erstellt. Wäre klasse wenn mir jemand helfen könnte. - Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich...
Archiv
Du betrachtest: Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19