![]() |
|
Log-Analyse und Auswertung: Windows XP: Sperrschirm nach PolizeitrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Windows XP: Sperrschirm nach Polizeitrojaner Hallo Heute ist auf dem Laptop meines Bruders (32 Bit, Windows XP) leider der berühmte Polizei-Trojaner (österreichische Variante) aufgetaucht. Ich habe versucht den Hinweisen in den Foren zu folgen (Start im abgesicherten Modus) aber der Computer hat sich ständig selbst abgeschalten. Auch das scheint ein bereits bekanntes Problem zu sein. Ich habe daher OLTPENet.exe auf CD gebrannt (von 2ten Rechner aus) und am infizierten Computer den Scan laufen lassen. Dort wurde auch eine OTL.txt erstellt (Extras.txt habe ich über exporer keine gefunden und ist auch nicht als popup entstanden). (siehe Anhang) Ich bitte um weitere Anweisungen. Danke vielmals Beste Grüße HaHu Anbei nochmal der OTL.txt als postOTL Logfile: Code:
ATTFilter OTL logfile created on: 2/7/2014 1:03:17 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,022.00 Mb Total Physical Memory | 784.00 Mb Available Physical Memory | 77.00% Memory free 906.00 Mb Paging File | 833.00 Mb Available in Paging File | 92.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 88.35 Gb Total Space | 13.76 Gb Free Space | 15.57% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (HidServ) SRV - [2014/02/07 02:31:46 | 000,241,553 | ---- | M] (Microsoft Corporation) [Auto] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\flerxcljr.cpp -- (winmgmt) SRV - [2013/10/02 11:05:04 | 000,103,112 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2013/09/06 12:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService) SRV - [2013/05/26 09:55:11 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/02/19 08:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV - [2013/02/19 08:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV - [2013/02/19 08:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe -- (McShield) SRV - [2012/11/16 15:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012/08/31 07:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2012/08/31 07:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2012/08/31 07:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2012/08/31 07:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2012/08/31 07:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2012/08/31 07:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/01/05 05:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/05/05 20:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\lxebcoms.exe -- (lxeb_device) SRV - [2010/04/14 14:55:54 | 000,193,192 | ---- | M] () [Auto] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe -- (lxebCATSCustConnectService) SRV - [2009/11/12 16:00:39 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Programme\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist) SRV - [2006/06/30 08:51:12 | 000,068,096 | ---- | M] () [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2005/12/28 06:04:56 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R) SRV - [2005/06/21 15:19:38 | 000,491,520 | ---- | M] () [On_Demand] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device) SRV - [2004/10/21 21:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003/06/19 17:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install) DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install) DRV - File not found [Kernel | On_Demand] -- -- (Wdm1) DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (Ndiptttmeu) DRV - File not found [Kernel | On_Demand] -- -- (MRESP50) DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5) DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5) DRV - File not found [Kernel | On_Demand] -- -- (MREMP50) DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk01) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [Kernel | On_Demand] -- -- (AFGSp50) DRV - File not found [Kernel | On_Demand] -- -- (AFGMp50) DRV - [2013/02/19 08:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids) DRV - [2013/02/19 08:11:42 | 000,091,640 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k) DRV - [2013/02/19 08:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2013/02/19 08:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2013/02/19 08:09:10 | 000,084,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp) DRV - [2013/02/19 08:09:10 | 000,084,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk) DRV - [2013/02/19 08:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek) DRV - [2013/02/19 08:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2013/02/19 08:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2013/02/19 08:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2013/02/11 19:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2012/04/20 10:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HipShieldK.sys -- (HipShieldK) DRV - [2011/08/21 03:00:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Programme\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2011/08/21 03:00:36 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Programme\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) DRV - [2011/08/21 03:00:36 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL) DRV - [2011/08/03 02:06:01 | 000,216,912 | ---- | M] () [Kernel | System] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574) DRV - [2010/05/05 20:46:36 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva) DRV - [2009/06/23 03:37:10 | 003,486,336 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007/04/10 10:33:34 | 000,033,824 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32) DRV - [2006/06/01 08:59:20 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto] -- C:\WINDOWS\system32\STEC3.sys -- (STEC3) DRV - [2006/02/16 00:39:00 | 001,421,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/12/28 07:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005/12/04 10:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R) DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005/08/12 10:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) DRV - [2005/08/05 10:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci) DRV - [1999/09/10 06:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\ASPI32.sys -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*hxxp://uk.search.yahoo.com/ IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*hxxp://uk.docs.yahoo.com/info/bt_side.html IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Hanspeter_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*hxxp://uk.search.yahoo.com/ IE - HKU\Hanspeter_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\Hanspeter_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\Hanspeter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\Hanspeter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Hanspeter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Programme\McAfee\MSC\npMcSnFFPl.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Programme\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011/03/06 16:16:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011/03/06 16:16:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Programme\McAfee\SiteAdvisor [2013/11/08 03:53:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013/05/26 09:55:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013/05/26 09:54:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Programme\McAfee\MSK [2013/06/12 03:34:10 | 000,000,000 | ---D | M] [2013/05/26 09:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013/05/26 09:54:50 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2013/05/26 09:54:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/05/26 09:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013/05/26 09:55:14 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/09/27 07:27:37 | 000,001,949 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\McSiteAdvisor.xml O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: () - {D810B78A-D010-44DF-8445-AC58086B600E} - File not found O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKU\Gast_ON_C\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKU\Gast_ON_C\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKU\Hanspeter_ON_C\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKU\Hanspeter_ON_C\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKU\Hanspeter_ON_C\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [EzPrint] C:\Programme\Lexmark Pro200-S500 Series\ezprint.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [lxebmon.exe] C:\Programme\Lexmark Pro200-S500 Series\lxebmon.exe () O4 - HKLM..\Run: [mcui_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [OpwareSE4] C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [plsi] File not found O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Programme\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\Administrator_ON_C..\Run: [ModemOnHold] C:\Programme\NetWaiting\netwaiting.exe () O4 - HKU\Gast_ON_C..\Run: [ModemOnHold] C:\Programme\NetWaiting\netwaiting.exe () O4 - HKU\Gast_ON_C..\Run: [Rapportexe] C:\Programme\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) O4 - HKU\Hanspeter_ON_C..\Run: [ares] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Hanspeter\Startmenü\Programme\Autostart\rjlcxrelf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Gast_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/AT/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} hxxp://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab?ae1c4527a33a11031c936f5485447839684c6bd8cb228c03de8df5715489ad2df05e703c0997290e5a16540af9ac1a102f8e9bca68c2607712c47610232c53f10fd72e661f86:c4feb8a70702459b15d3c47945c52d3d (Reg Error: Key error.) O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab (Dell PC Checkup Installer Control) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - C:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/13 06:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2014/02/07 02:31:46 | 000,241,553 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flerxcljr.cpp [2014/02/06 16:03:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee [2010/12/01 11:49:56 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [2010/12/01 11:49:49 | 000,241,664 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [2010/10/06 03:41:46 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoin.dll [2010/10/06 03:37:05 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll [2010/10/06 03:37:05 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEBhcp.dll [2010/10/06 03:37:04 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll [2010/10/06 03:37:04 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll [2010/10/06 03:37:03 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll [2010/10/06 03:37:03 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll [2010/10/06 03:37:02 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll [2010/10/06 03:37:00 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll [2010/10/06 03:37:00 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebih.exe [2010/10/06 03:36:58 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoms.exe [2010/10/06 03:36:57 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll [2010/10/06 03:36:57 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcfg.exe [2010/10/06 03:36:57 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll [4 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/02/07 06:15:00 | 000,001,226 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-93856354-3251833586-2270642434-1006UA.job [2014/02/07 05:57:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/02/07 05:57:16 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys [2014/02/07 05:14:42 | 095,027,928 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rjlcxrelf.fee [2014/02/07 03:15:00 | 000,001,174 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-93856354-3251833586-2270642434-1006Core.job [2014/02/07 03:04:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/02/07 02:32:19 | 000,000,802 | ---- | M] () -- C:\Dokumente und Einstellungen\Hanspeter\Startmenü\Programme\Autostart\rjlcxrelf.lnk [2014/02/07 02:31:46 | 000,241,553 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flerxcljr.cpp [2014/02/06 16:03:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee [2014/02/06 06:05:40 | 000,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2014/02/06 05:45:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2014/02/06 05:26:34 | 000,002,406 | ---- | M] () -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2014/01/19 13:20:40 | 000,000,772 | ---- | M] () -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk [2014/01/19 13:18:43 | 000,062,366 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2014/01/19 13:16:58 | 000,419,222 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2014/01/19 13:16:58 | 000,402,760 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2014/01/19 13:16:58 | 000,076,210 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2014/01/17 12:30:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com - Virenscan - Mein Computer (D6GD782J-Hanspeter).job [4 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/02/07 05:57:16 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys [2014/02/07 02:32:18 | 000,000,802 | ---- | C] () -- C:\Dokumente und Einstellungen\Hanspeter\Startmenü\Programme\Autostart\rjlcxrelf.lnk [2014/02/07 02:32:01 | 095,027,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rjlcxrelf.fee [2012/02/24 11:44:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010/12/23 13:25:49 | 000,038,475 | ---- | C] () -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\Microsoft Excel.ADR [2010/12/21 04:38:42 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2010/12/12 06:39:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/12/01 11:49:56 | 003,486,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2010/12/01 11:49:56 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys [2010/12/01 11:49:56 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2010/12/01 11:49:45 | 000,172,103 | ---- | C] () -- C:\WINDOWS\BM.exe [2010/10/06 03:41:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxebvs.dll [2010/10/06 03:41:27 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxebgcfg.dll [2010/10/06 03:41:25 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxebcui.dll [2010/10/06 03:41:25 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebcuir.dll [2010/10/06 03:37:21 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxebrwrd.ini [2010/10/06 03:37:06 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll [2010/10/06 03:37:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll [2010/10/06 03:37:01 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll [2010/10/06 03:37:01 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll [2010/10/06 03:37:01 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll [2010/10/06 03:36:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll [2010/10/06 03:36:59 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll [2010/10/06 03:36:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll [2010/10/06 03:36:58 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll [2010/10/06 03:34:20 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEBsm.dll [2010/10/06 03:34:20 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\LXEBsmr.dll [2009/11/12 15:58:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/08/03 10:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe [2009/03/26 14:06:04 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2008/12/14 09:29:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2008/12/08 16:10:15 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\pinf.sys [2008/12/07 12:55:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jRegistryKey.dll [2008/12/07 12:55:48 | 000,000,321 | -HS- | C] () -- C:\WINDOWS\System32\3021628570.sys [2008/05/03 09:50:46 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat [2008/05/03 04:48:52 | 000,001,144 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008/05/03 02:55:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/03/25 02:12:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2008/03/25 02:12:16 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2008/03/05 02:50:55 | 000,000,404 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2007/07/15 18:29:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll [2007/04/10 10:33:34 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys [2007/04/10 10:28:31 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007/04/10 10:28:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007/04/03 07:33:45 | 000,000,105 | ---- | C] () -- C:\WINDOWS\NovaBackup.INI [2006/10/26 13:26:59 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/10/11 01:52:07 | 000,000,010 | ---- | C] () -- C:\WINDOWS\smdat32m.sys [2006/10/11 01:52:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\smdat32a.sys [2006/06/29 07:31:04 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\F3988D83C9.sys [2006/06/01 07:50:02 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini [2006/06/01 07:50:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI [2006/06/01 07:22:22 | 000,003,953 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll [2006/05/30 04:20:08 | 000,022,286 | ---- | C] () -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\Kommagetrennte Werte (DOS).ADR [2006/05/30 04:16:14 | 000,005,743 | ---- | C] () -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\Adressbuch Mai 2006.csv.2048390.xml [2006/05/30 04:16:12 | 000,000,615 | ---- | C] () -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\BCMMappings.xml [2006/05/30 04:01:19 | 000,038,520 | ---- | C] () -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR [2006/05/24 09:14:39 | 000,000,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\dm.ini [2006/05/22 08:45:55 | 000,006,216 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/05/22 08:45:55 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\266857C46B.sys [2006/05/22 06:45:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe [2006/05/21 09:19:42 | 000,105,472 | ---- | C] () -- C:\Dokumente und Einstellungen\Hanspeter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/05/21 08:54:00 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006/05/21 08:18:29 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\Hanspeter\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006/05/04 15:22:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/05/04 15:11:37 | 000,000,187 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/05/04 15:09:25 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/05/04 15:04:03 | 000,000,004 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QSLLPSVCShare [2006/05/04 14:36:42 | 000,112,425 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006/05/04 14:36:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe [2006/05/04 14:36:24 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006/05/04 14:36:22 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/08/02 08:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini [2005/07/22 14:47:20 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll [2005/07/22 14:47:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll [2005/07/22 14:47:08 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll [2005/07/22 14:47:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll [2005/07/22 14:45:22 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll [2005/06/29 03:41:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll [2005/06/29 03:41:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll [2005/06/29 03:40:58 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll [2005/06/22 06:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/06/21 15:27:56 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll [2005/06/21 15:27:02 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll [2005/06/21 15:22:06 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll [2005/06/21 15:21:40 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll [2005/06/21 15:21:30 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.exe [2005/06/21 15:20:08 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlccih.exe [2005/06/21 15:19:48 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll [2005/06/21 15:19:38 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcccoms.exe [2005/06/21 15:18:58 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll [2005/06/21 15:18:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll [2005/06/21 15:12:48 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll [2005/06/21 15:09:22 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll [2005/06/06 10:58:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll [2005/03/30 10:19:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll [2004/08/13 07:04:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/13 07:02:49 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2004/08/13 06:59:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/08/13 06:52:23 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/13 06:51:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/13 06:47:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/13 06:46:51 | 000,278,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/13 06:40:53 | 000,419,222 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004/08/13 06:40:53 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004/08/13 06:40:53 | 000,076,210 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004/08/13 06:40:53 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004/08/13 06:40:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/13 06:40:39 | 000,402,760 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/13 06:40:39 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/13 06:40:39 | 000,062,366 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/13 06:40:39 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/13 06:40:37 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/13 06:40:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/13 06:40:35 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/13 06:40:30 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/13 06:40:30 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/13 06:40:22 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/13 06:40:14 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009/04/08 16:38:34 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\SACore [2010/02/27 04:59:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Trusteer [2010/12/01 11:26:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\Audio Recorder for Free 2010 [2006/06/05 19:06:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\Azureus [2011/04/11 03:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\DDMSettings [2011/08/12 04:43:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\go [2010/12/08 11:28:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\HartlauerFotoService3 [2006/05/21 08:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\Leadertech [2007/10/21 09:14:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\OfficeUpdate12 [2008/03/05 02:50:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\ScanSoft [2010/01/03 10:26:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hanspeter\Anwendungsdaten\Trusteer [2009/09/06 11:31:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore [2010/01/03 10:43:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Trusteer [2010/09/03 11:55:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco [2011/08/12 04:44:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO [2011/12/28 08:34:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexmark Pro200-S500 Series [2008/03/05 02:50:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2010/12/01 11:37:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2010/12/08 10:41:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2010/01/03 10:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trusteer [2011/12/28 08:33:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/12/28 08:33:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} ========== Purity Check ========== < End of report > Geändert von hahu (07.02.2014 um 13:29 Uhr) |
Themen zu Windows XP: Sperrschirm nach Polizeitrojaner |
32 bit, abgesicherten, anhang, berühmte, computer, dell pc, erstell, erstellt, folge, folgen, foren, hinweise, infizierte, infizierten, laptop, laufen, modus, popup, problem, rechner, scan, schei, start, variante, versucht, windows, windows xp |