Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU Trojaner auf Windows 7 Rechner (https://www.trojaner-board.de/137633-gvu-trojaner-windows-7-rechner.html)

hansi14 03.07.2013 15:19
GVU Trojaner auf Windows 7 Rechner
 
GVU Trojaner sperrt meinen Rechner. Habe mit OTLPE einen Scan durchgeführt. OTL.txt wurde erstellt. Kann mir bitte jemand weiterhelfen, was ich nun tun soll?
Gruß
Hansi


Code:
OTL logfile created on: 7/3/2013 5:00:14 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 12.76 Gb Total Space | 5.30 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive D: | 285.29 Gb Total Space | 173.29 Gb Free Space | 60.74% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/09/11 09:32:12 | 000,158,720 | ---- | M] (Total Defense Inc.) [Auto] -- D:\Program Files\CA\SharedComponents\Agent\TDAgent.exe -- (TD Agent Service)
SRV:64bit: - [2012/09/11 03:24:36 | 000,240,640 | ---- | M] (Total Defense, Inc.) [Auto] -- D:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\isafe.exe -- (isafe)
SRV:64bit: - [2012/09/11 03:24:32 | 000,413,776 | ---- | M] (Total Defense, Inc.) [Auto] -- D:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\ccschedulersvc.exe -- (ccSchedulerSvc)
SRV:64bit: - [2012/09/11 03:24:31 | 000,320,080 | ---- | M] (Total Defense, Inc.) [Auto] -- D:\Program Files\CA\Entitlement\ccprovsp.exe -- (Total Defense Common Elevation Service)
SRV:64bit: - [2012/03/03 01:50:24 | 000,901,632 | ---- | M] (CA) [Auto] -- D:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2011/09/12 16:26:08 | 000,291,656 | ---- | M] (CA) [Auto] -- D:\Program Files\CA\SharedComponents\AMS\win\x64\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/08/24 17:17:34 | 002,279,320 | ---- | M] (Dell Inc.) [Auto] -- D:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService)
SRV:64bit: - [2011/07/01 14:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto] -- D:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV:64bit: - [2011/05/27 18:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto] -- D:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2011/05/24 16:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand] -- D:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2011/05/13 11:10:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto] -- D:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2011/05/13 11:10:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto] -- D:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2011/02/08 02:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto] -- D:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto] -- D:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/23 15:23:48 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2010/12/23 15:14:10 | 000,992,256 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7) Intel(R)
SRV:64bit: - [2010/12/23 15:07:12 | 000,845,584 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/22 01:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto] -- D:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV:64bit: - [2010/02/10 21:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto] -- D:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto] -- D:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/10/24 11:20:04 | 001,242,992 | ---- | M] (RealVNC Ltd.) [Auto] -- D:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2013/06/03 10:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/26 01:25:36 | 000,389,632 | ---- | M] (Apple Inc.) [Auto] -- D:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe -- (RIM MDNS)
SRV - [2013/04/26 01:25:18 | 001,235,456 | ---- | M] (Research In Motion Limited) [Auto] -- D:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe -- (RIM Tunnel Service)
SRV - [2013/02/06 06:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand] -- D:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)
SRV - [2012/12/14 05:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files (x86)\Teamviewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/09/23 15:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/08 19:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/08/08 23:46:06 | 002,656,536 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/08/08 23:46:04 | 000,325,912 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011/06/07 13:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand] -- D:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/12 17:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2011/02/17 10:08:52 | 001,633,280 | ---- | M] () [Auto] -- D:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto] -- D:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- D:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/22 09:21:26 | 000,104,784 | ---- | M] (Ferrari electronic AG) [Auto] -- D:\Program Files (x86)\Common Files\FFUMS\ffmux32.exe -- (ffmux32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/16 03:39:58 | 000,064,000 | ---- | M] (Oracle Corporation) [Auto] -- D:\oracle\product\10.2.0\client_2\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/26 01:23:00 | 000,017,920 | ---- | M] (Research in Motion Limited) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rimvndis6_AMD64.sys -- (rimvndis)
DRV:64bit: - [2013/02/12 00:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2013/01/03 07:50:48 | 000,078,336 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012/12/10 09:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012/03/03 01:55:04 | 000,126,544 | ---- | M] (CA) [File_System | System] -- D:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2012/03/03 01:54:26 | 000,383,568 | ---- | M] (CA) [Kernel | System] -- D:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2012/03/03 01:52:42 | 000,182,864 | ---- | M] (CA) [File_System | Boot] -- D:\Windows\System32\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/08/01 10:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/22 16:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand] -- D:\Windows\System32\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011/07/19 18:24:20 | 000,020,424 | ---- | M] (Dell Inc.) [Kernel | On_Demand] -- D:\Windows\system32\drivers\HBtnKey.sys -- (HBtnKey)
DRV:64bit: - [2011/07/15 16:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot] -- D:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/06/17 15:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- D:\Windows\System32\drivers\RsFx0151.sys -- (RsFx0151)
DRV:64bit: - [2011/06/10 15:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/26 14:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/05/10 15:05:48 | 000,038,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/03/23 17:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/03 18:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2011/01/03 16:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- D:\Windows\system32\drivers\O2MDFw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2010/12/21 15:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/28 11:42:32 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/07/21 14:13:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot] -- D:\Windows\System32\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- D:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/26 20:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/16 17:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator.TH-HOEFT_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKU\Administrator.TH-HOEFT_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8
IE - HKU\Administrator.TH-HOEFT_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKU\administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8
IE - HKU\administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\hoeft.TUGDOM_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKU\hoeft.TUGDOM_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.thomashilfen.com/
IE - HKU\hoeft.TUGDOM_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Hoeft_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKU\Hoeft_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8
IE - HKU\Hoeft_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: D:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: D:\Program Files (x86)\Common Files\Research in Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013/02/08 09:29:12 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - D:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - D:\Program Files (x86)\Softonic\Softonic\1.8.8.11\bh\Softonic.dll (Softonic.com)
O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - D:\Program Files (x86)\Softonic\Softonic\1.8.8.11\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\administrator_ON_D\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\hoeft.TUGDOM_ON_D\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] D:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CATM] D:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\catm.exe (Total Defense, Inc.)
O4:64bit: - HKLM..\Run: [DBRMTray] D:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [DFEPApplication] D:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [EventMgt] D:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\ccEvtMgr.exe (Total Defense, Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] D:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] D:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [pdfFactory Dispatcher v3] D:\Windows\System32\spool\DRIVERS\x64\3\fppdis3a.exe (FinePrint Software, LLC)
O4:64bit: - HKLM..\Run: [SysTrayApp] D:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TdmNotify] D:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4:64bit: - HKLM..\Run: [UpdateOnStartUp] D:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\catm.exe (Total Defense, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Dell Webcam Central] D:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IMSS] D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [RIM PeerManager] D:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] D:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\hoeft.TUGDOM_ON_D..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] D:\Users\hoeft.TUGDOM\AppData\Local\Temp\mkmemvfppwkisnljh.exe (NVIDIA Corporation)
O4 - HKU\hoeft.TUGDOM_ON_D..\Run: [wwomqhshfkkbwas]  File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] D:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - Startup: D:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ()
O4 - Startup: D:\Users\Administrator.TH-HOEFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ()
O4 - Startup: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ()
O4 - Startup: D:\Users\Hoeft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ()
O4 - Startup: D:\Users\hoeft.TUGDOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O4 - Startup: D:\Users\hoeft.TUGDOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\Administrator.TH-HOEFT_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\hoeft.TUGDOM_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\hoeft.TUGDOM_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Windows\SysWow64\VetRedir.dll (Total Defense, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Windows\SysWow64\VetRedir.dll (Total Defense, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\Windows\SysWow64\VetRedir.dll (Total Defense, Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - administrator_ON_D\..Trusted Domains: localhost ([]http in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tugnet.de
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\hoeft.TUGDOM_ON_D Winlogon: Shell - (cmd.exe) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O20:64bit: - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - D:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O30:64bit: - LSA: Authentication Packages - (wvauth) - D:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/20 16:33:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/06/20 16:33:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/06/20 16:33:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/06/20 16:33:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/06/20 16:33:36 | 000,237,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/06/20 16:33:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/06/20 16:33:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/06/20 16:33:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/06/20 16:33:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/06/20 16:33:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/06/20 16:33:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/06/20 16:33:35 | 000,729,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/06/20 16:33:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/06/20 16:33:34 | 001,800,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/06/20 16:33:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/06/20 16:33:34 | 000,717,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/06/20 16:33:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/06/14 02:00:06 | 000,751,104 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32spl.dll
[2013/06/14 02:00:06 | 000,492,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\win32spl.dll
[2013/06/14 02:00:04 | 001,464,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\crypt32.dll
[2013/06/14 02:00:04 | 001,192,448 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\certutil.exe
[2013/06/14 02:00:04 | 000,903,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\certutil.exe
[2013/06/14 02:00:04 | 000,139,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\cryptnet.dll
[2013/06/14 02:00:03 | 000,052,224 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\certenc.dll
[2013/06/14 02:00:03 | 000,043,008 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\certenc.dll
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/03 08:56:04 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/07/03 08:56:01 | 3127,558,144 | -HS- | M] () -- D:\hiberfil.sys
[2013/07/02 17:55:33 | 000,083,452 | ---- | M] () -- D:\Windows\System32\drivers\KmxAgent.asc
[2013/07/02 17:55:33 | 000,032,093 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k0
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k7
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k6
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k5
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k4
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k3
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k2
[2013/07/02 17:55:33 | 000,000,085 | ---- | M] () -- D:\Windows\System32\drivers\kmxcfg.u2k1
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k7
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k6
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k5
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k4
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k3
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k2
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k1
[2013/07/02 17:55:33 | 000,000,049 | ---- | M] () -- D:\Windows\System32\drivers\kmxzone.u2k0
[2013/07/02 17:48:10 | 000,021,088 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/02 17:48:10 | 000,021,088 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/02 17:30:45 | 001,084,731 | ---- | M] () -- D:\Users\hoeft.TUGDOM\AppData\Roaming\2433f433
[2013/07/02 17:30:45 | 001,084,686 | ---- | M] () -- D:\ProgramData\2433f433
[2013/07/02 17:30:45 | 001,084,677 | ---- | M] () -- D:\Users\hoeft.TUGDOM\AppData\Local\2433f433
[2013/06/26 17:16:57 | 000,101,714 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\de.delta.com_PCCOciWeb_selectBoardingPassNext.action.pdf
[2013/06/26 17:16:57 | 000,101,714 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\de.delta.com_PCCOciWeb_selectBoardingPassNext.action - Kopie.pdf
[2013/06/20 13:49:19 | 003,604,831 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\Kimba_neo_647G771-EN-05-1204p.pdf
[2013/06/20 13:42:39 | 003,862,637 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\Kimba-family-of-products-brochure.pdf
[2013/06/17 15:58:17 | 000,102,925 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\Internet-CheckIn-Boarding-Docs_18062013.pdf
[2013/06/17 15:35:52 | 000,221,221 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\Internet-CheckIn-Boarding-Docs.pdf
[2013/06/14 07:27:53 | 004,328,225 | ---- | M] () -- D:\Users\hoeft.TUGDOM\Documents\pic1.jpg
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/02 17:30:45 | 001,084,731 | ---- | C] () -- D:\Users\hoeft.TUGDOM\AppData\Roaming\2433f433
[2013/07/02 17:30:45 | 001,084,686 | ---- | C] () -- D:\ProgramData\2433f433
[2013/07/02 17:30:45 | 001,084,677 | ---- | C] () -- D:\Users\hoeft.TUGDOM\AppData\Local\2433f433
[2013/07/01 11:40:21 | 000,101,714 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\de.delta.com_PCCOciWeb_selectBoardingPassNext.action - Kopie.pdf
[2013/06/26 17:16:57 | 000,101,714 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\de.delta.com_PCCOciWeb_selectBoardingPassNext.action.pdf
[2013/06/26 15:51:57 | 000,150,102 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\Export2008 142 - Kopie.jpg
[2013/06/20 13:49:19 | 003,604,831 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\Kimba_neo_647G771-EN-05-1204p.pdf
[2013/06/20 13:42:38 | 003,862,637 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\Kimba-family-of-products-brochure.pdf
[2013/06/17 15:58:17 | 000,102,925 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\Internet-CheckIn-Boarding-Docs_18062013.pdf
[2013/06/14 07:27:11 | 004,328,225 | ---- | C] () -- D:\Users\hoeft.TUGDOM\Documents\pic1.jpg
[2012/02/02 05:00:25 | 000,007,168 | ---- | C] () -- D:\Users\hoeft.TUGDOM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 09:13:20 | 000,000,225 | ---- | C] () -- D:\Windows\ODBC.INI
[2011/11/03 16:40:33 | 000,963,116 | ---- | C] () -- D:\Windows\SysWow64\igkrng600.bin
[2011/11/03 16:40:32 | 000,218,304 | ---- | C] () -- D:\Windows\SysWow64\igfcg600m.bin
[2011/11/03 16:40:31 | 000,056,832 | ---- | C] () -- D:\Windows\SysWow64\igdde32.dll
[2011/11/03 16:40:29 | 000,145,804 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng600.bin
[2011/11/03 16:40:28 | 013,906,944 | ---- | C] () -- D:\Windows\SysWow64\ig4icd32.dll
[2011/11/03 14:22:52 | 000,080,368 | ---- | C] () -- D:\Windows\SysWow64\pbadrvdll.dll
[2011/11/03 14:19:51 | 000,032,256 | ---- | C] () -- D:\Windows\SysWow64\instsrv.exe
[2011/11/03 14:19:51 | 000,008,192 | ---- | C] () -- D:\Windows\SysWow64\srvany.exe
[2011/07/17 14:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/02/11 13:45:27 | 001,777,104 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2010/10/29 08:56:58 | 000,100,352 | ---- | C] () -- D:\Windows\SysWow64\pg32conv.dll
[2010/10/29 08:56:58 | 000,036,360 | ---- | C] () -- D:\Windows\SysWow64\vcgantt.ini
[2010/10/29 08:56:55 | 000,003,964 | ---- | C] () -- D:\Windows\SysWow64\CONTBMP.DAT
[2010/08/19 18:18:20 | 001,008,640 | ---- | C] () -- D:\Windows\SysWow64\DemoLicense.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2007/08/16 11:17:50 | 000,143,360 | ---- | C] () -- D:\Windows\SysWow64\nsldap32v50.dll
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2005/12/21 12:57:04 | 000,024,576 | ---- | C] () -- D:\Windows\SysWow64\nsldappr32v50.dll
[2005/12/21 12:54:34 | 000,040,960 | ---- | C] () -- D:\Windows\SysWow64\nsldapssl32v50.dll
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
 
========== LOP Check ==========
 
[2011/07/17 14:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 14:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 14:49:08 | 000,000,000 | R--D | M] -- \SFX
[2013/06/15 14:53:45 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

cosinus 03.07.2013 15:25
:hallo:

Zitat:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = t**net.de
Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

hansi14 03.07.2013 15:33
Natürlich würde ich mich für eine Hilfe gerne mit einer Spende bedanken. Ist doch gar keine Frage.

cosinus 03.07.2013 15:46
Es geht eher um den farbigen Text

hansi14 03.07.2013 16:23
Ok, wahrscheinlich hast du recht und ich sollte den Rechner lieber sofort platt machen. Trotzdem Danke für den Support.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131