Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   BKA Virus Logfile OTLPE bitte checken (https://www.trojaner-board.de/138754-bka-virus-logfile-otlpe-bitte-checken.html)

joerg_online 25.07.2013 11:22
BKA Virus Logfile OTLPE bitte checken
 
Hallo habe einen Rechner vor mir.... BKA Virus..kein abgesicherter Modus....
gestartet mit OTLPE..... erstellt OTL.txt aber keine extras.txt!
OTL.txt anhängend.
Wie nun weiter?

Vorab vielen Dank
Joerg

Code:
OTL logfile created on: 7/25/2013 12:30:08 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894.00 Mb Total Physical Memory | 685.00 Mb Available Physical Memory | 77.00% Memory free
806.00 Mb Paging File | 718.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 45.48 Gb Total Space | 1.35 Gb Free Space | 2.98% Space Free | Partition Type: FAT32
Drive D: | 1.87 Gb Total Space | 1.54 Gb Free Space | 82.57% Space Free | Partition Type: FAT
Drive E: | 5.51 Gb Total Space | 2.50 Gb Free Space | 45.32% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2013/06/05 23:42:04 | 000,163,840 | ---- | M] () [Auto] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nifoozd.dat -- (winmgmt)
SRV - [2013/05/22 22:09:58 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/17 00:43:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/01 21:12:42 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/06/29 00:18:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 08:28:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/08/31 10:43:46 | 000,241,664 | ---- | M] () [Auto] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/04/27 12:10:30 | 000,254,050 | ---- | M] () [Auto] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/04/27 12:10:30 | 000,114,784 | ---- | M] () [Auto] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/04/27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) [Auto] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006/03/29 20:53:34 | 000,028,672 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/02/17 15:26:32 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] --  -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] --  -- (upperdev)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [File_System | Auto] --  -- (eLock2FSCTLDriver)
DRV - File not found [File_System | Auto] --  -- (eLock2BurnerLockDriver)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2011/06/29 00:18:32 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 00:18:32 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:04 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:26:54 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/04/22 16:35:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/02/02 18:14:20 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/02/02 18:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/02/02 18:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/12/11 14:46:42 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006/06/28 01:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/16 04:56:38 | 000,083,968 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/06/12 02:00:42 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/06/12 01:59:52 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/06/12 01:59:46 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/02 13:59:54 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006/06/02 13:59:52 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006/06/02 13:59:50 | 000,069,632 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006/05/24 19:19:48 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/05/24 19:19:44 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/05/24 19:19:40 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/05/24 15:46:34 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/05/10 11:27:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/27 09:46:50 | 001,540,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/24 19:44:52 | 000,488,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004/10/15 16:49:22 | 000,029,292 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FTD2XX.sys -- (FTD2XX)
DRV - [2004/07/14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\CB_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\CB_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\CB_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
IE - HKU\CB_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKU\CB_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\CB_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\CB_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\CB\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\CB\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2012/10/19 00:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\Mozilla\Extensions
[2012/10/23 23:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\Mozilla\Firefox\Profiles\xyjhppct.default\extensions
[2013/05/28 07:15:48 | 000,000,000 | ---D | M] (FileConverter 1.3) -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\Mozilla\Firefox\Profiles\xyjhppct.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}
[2013/05/22 22:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013/05/22 22:10:08 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
 
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\CB_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKLM..\Run: [TFGprBkucoKY.exe]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\web'n'walk Manager [2008/06/18 09:21:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\CB\Startmenü\Programme\Autostart\msconfig.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\msconfig.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\CB_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\CB_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1322999113250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} hxxp://193.29.55.80/WebDiginet.CAB (WebDigiNet Control)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} hxxp://77.70.63.230:81/xplugLite.cab (Gif89 Lite Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} hxxp://213.23.177.209:8000/ocx/IMMP4.cab (IMMP4Control Control)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\pnrlierxcvwxm: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/23 12:37:04 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - D:\AUTORUN.INF -- [ FAT ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{28d630b0-3acf-11dd-9fe3-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{28d630b0-3acf-11dd-9fe3-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28d630b0-3acf-11dd-9fe3-0016d4154413}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{28d630b1-3acf-11dd-9fe3-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{28d630b1-3acf-11dd-9fe3-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28d630b1-3acf-11dd-9fe3-0016d4154413}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{4c7eb8fe-6a52-11dd-9ffa-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{4c7eb8fe-6a52-11dd-9ffa-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c7eb8fe-6a52-11dd-9ffa-0016d4154413}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4c7eb8ff-6a52-11dd-9ffa-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{4c7eb8ff-6a52-11dd-9ffa-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c7eb8ff-6a52-11dd-9ffa-0016d4154413}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52b9fc2e-3d07-11dd-9fe4-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{52b9fc2e-3d07-11dd-9fe4-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52b9fc2e-3d07-11dd-9fe4-0016d4154413}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{552c03f2-58d4-11dc-9f69-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{552c03f2-58d4-11dc-9f69-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{552c03f2-58d4-11dc-9f69-00038a000015}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{62ebc6ea-a356-11dc-9fb7-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{62ebc6ea-a356-11dc-9fb7-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{62ebc6ea-a356-11dc-9fb7-0016d4154413}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{6d051ab8-5cf2-11dd-9ff5-0016cf337a2d}\Shell - "" = AutoRun
O33 - MountPoints2\{6d051ab8-5cf2-11dd-9ff5-0016cf337a2d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6d051ab8-5cf2-11dd-9ff5-0016cf337a2d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8a2d7fb2-9e9e-11dc-9fb6-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{8a2d7fb2-9e9e-11dc-9fb6-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a2d7fb2-9e9e-11dc-9fb6-0016d4154413}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{8a2d7fb3-9e9e-11dc-9fb6-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{8a2d7fb3-9e9e-11dc-9fb6-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a2d7fb3-9e9e-11dc-9fb6-0016d4154413}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{a0fb1ed2-6121-11df-a07a-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{a0fb1ed2-6121-11df-a07a-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0fb1ed2-6121-11df-a07a-0016d4154413}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{b745a926-0879-11dd-9fd7-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{b745a926-0879-11dd-9fd7-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b745a926-0879-11dd-9fd7-0016d4154413}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{b745a927-0879-11dd-9fd7-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{b745a927-0879-11dd-9fd7-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b745a927-0879-11dd-9fd7-0016d4154413}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{b745a928-0879-11dd-9fd7-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{b745a928-0879-11dd-9fd7-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b745a928-0879-11dd-9fd7-0016d4154413}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d43dbc44-58cf-11dc-9f68-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{d43dbc44-58cf-11dc-9f68-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d43dbc44-58cf-11dc-9f68-0016d4154413}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{d43dbc45-58cf-11dc-9f68-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{d43dbc45-58cf-11dc-9f68-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d43dbc45-58cf-11dc-9f68-0016d4154413}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{d43dbc46-58cf-11dc-9f68-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{d43dbc46-58cf-11dc-9f68-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d43dbc46-58cf-11dc-9f68-0016d4154413}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{d43dbc47-58cf-11dc-9f68-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{d43dbc47-58cf-11dc-9f68-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d43dbc47-58cf-11dc-9f68-0016d4154413}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{fee14930-9dde-11dc-9fad-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{fee14930-9dde-11dc-9fad-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fee14930-9dde-11dc-9fad-0016d4154413}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{fee14931-9dde-11dc-9fad-0016d4154413}\Shell - "" = AutoRun
O33 - MountPoints2\{fee14931-9dde-11dc-9fad-0016d4154413}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fee14931-9dde-11dc-9fad-0016d4154413}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/24 17:32:06 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2013/06/05 23:42:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe
[2006/10/25 22:37:55 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2006/02/22 11:20:14 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2006/01/19 18:19:06 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[117 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\CB\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\CB\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/25 10:42:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/25 10:10:14 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 09:53:38 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzoofin.pad
[2013/07/25 09:50:38 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/25 09:50:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/25 09:50:12 | 937,603,072 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/24 20:44:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/24 15:30:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[117 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\CB\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\CB\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/24 15:29:49 | 937,603,072 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/05 23:44:56 | 000,003,088 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzoofin.js
[2013/06/05 23:42:59 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzoofin.pad
[2013/06/05 23:42:03 | 000,163,840 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nifoozd.dat
[2013/06/05 23:41:15 | 000,163,840 | ---- | C] () -- C:\Dokumente und Einstellungen\CB\1798252906.exe
[2012/02/15 04:36:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/04 20:21:04 | 000,000,312 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~uC85CFlWUrD2qq
[2011/12/04 20:21:04 | 000,000,216 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~uC85CFlWUrD2qqr
[2011/12/04 20:20:58 | 000,000,440 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\uC85CFlWUrD2qq
[2011/10/20 22:18:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\rb4705w.ini
[2010/11/08 21:56:47 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/10/31 23:34:43 | 000,039,916 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/19 21:15:07 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2009/07/19 21:15:07 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2008/12/19 20:28:07 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\CB\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/17 18:05:31 | 000,017,459 | ---- | C] () -- C:\WINDOWS\LxFrame.ini
[2008/12/09 23:29:15 | 000,184,115 | ---- | C] () -- C:\WINDOWS\Bussi Bär Uninstaller.exe
[2008/09/23 17:36:12 | 000,000,462 | ---- | C] () -- C:\WINDOWS\Carat.INI
[2008/04/12 14:11:03 | 000,000,160 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
[2007/11/23 11:27:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/11/16 00:50:14 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter20.dll
[2007/11/15 21:31:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2007/11/15 21:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2007/11/15 21:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2007/11/15 21:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2007/09/04 15:41:38 | 000,000,374 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP10.INI
[2007/07/31 17:32:16 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2007/03/17 17:07:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/02/27 11:30:26 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/27 10:00:48 | 000,000,071 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2007/01/01 15:39:10 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLec.DAT
[2006/10/25 22:32:48 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/10/25 22:21:49 | 000,000,135 | ---- | C] () -- C:\Dokumente und Einstellungen\CB\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/08/22 20:36:34 | 000,159,821 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.EXE
[2006/08/22 20:36:34 | 000,002,790 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2006/08/22 20:36:34 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.INI
[2006/08/22 20:36:33 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2006/06/29 16:37:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\Cam1210M.dll
[2006/05/24 16:06:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/24 16:05:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/24 15:45:42 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/23 13:39:10 | 000,203,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/23 12:37:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/05/23 12:36:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/05/23 12:36:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/05/23 12:36:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/05/23 12:36:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/05/23 12:31:36 | 000,505,412 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/05/23 12:31:36 | 000,483,534 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/23 12:31:36 | 000,096,980 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/05/23 12:31:36 | 000,081,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/23 12:06:46 | 000,004,359 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/23 12:05:12 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/24 16:48:58 | 000,127,619 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/04/20 20:03:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys
[2006/04/20 20:03:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2006/03/10 14:15:44 | 000,036,404 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/22 11:20:14 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2006/01/07 02:39:20 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2005/11/09 12:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll
[2005/11/09 12:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll
[2005/11/09 12:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll
[2005/07/15 16:48:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/05/04 14:00:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MMedia10VC7.dll
[2005/03/28 15:45:26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\alaunch.ini
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/06 14:07:32 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\dnt26VC7.dll
[2004/05/06 14:05:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc26VC7.dll
[2004/05/06 14:04:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dntvm26VC7.dll
[2004/03/25 12:38:50 | 000,000,032 | ---- | C] () -- C:\WINDOWS\RBuilder.ini
[2004/02/13 13:49:00 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2003/09/05 12:25:54 | 000,237,623 | ---- | C] () -- C:\WINDOWS\System32\dnt26.dll
[2003/09/05 12:25:52 | 000,073,785 | ---- | C] () -- C:\WINDOWS\System32\dntvm26.dll
[2003/09/05 12:03:30 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc26.dll
[2002/12/07 13:21:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\kdbbase.dll
[2002/12/07 10:53:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tools.dll
[2002/05/24 16:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2002/01/15 14:26:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\kcodec.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/12/12 13:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll
[2001/12/12 13:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 17:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 17:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1998/02/09 04:00:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\bw32000c.dll
[1998/02/09 04:00:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\bw320007.dll
[1998/02/09 03:00:00 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\owl53v.dll
[1995/05/22 04:50:00 | 000,097,072 | ---- | C] () -- C:\WINDOWS\System32\Bwcc0007.dll
[1995/05/22 04:50:00 | 000,096,928 | ---- | C] () -- C:\WINDOWS\System32\Bwcc000c.dll
 
========== LOP Check ==========
 
[2007/01/01 15:34:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\Nikon
[2007/09/04 16:14:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\Canon
[2007/11/23 11:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\TuneUp Software
[2007/11/28 21:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\Bytemobile
[2007/11/28 21:08:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\Vodafone
[2008/11/30 22:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\Fisher-Price
[2008/12/17 12:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\PC Suite
[2008/12/17 12:54:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\Nokia
[2008/12/17 18:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\Lexware
[2010/01/16 19:25:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\MSNInstaller
[2011/01/02 13:18:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\PriceGong
[2011/05/28 13:46:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CB\Anwendungsdaten\RavensburgerTipToi
[2007/11/28 21:04:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Bytemobile
[2006/05/24 15:47:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2007/01/01 15:39:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp
[2007/01/01 15:39:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15
[2007/02/27 09:46:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Testo
[2007/11/23 11:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2007/11/28 20:59:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2008/12/17 12:47:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2008/12/17 12:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2008/12/17 13:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2008/12/17 17:46:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2008/12/17 17:49:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2009/09/11 01:18:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/11/08 22:20:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Dendrit
[2011/01/06 23:38:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jKeKi09000
[2011/01/08 09:56:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011/03/15 09:27:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\launcher
[2011/03/15 09:27:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher
[2011/05/28 13:46:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2012/07/14 02:30:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2012/07/14 02:34:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
 
========== Purity Check ==========
 
 
< End of report >

schrauber 25.07.2013 11:49
Hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

joerg_online 25.07.2013 12:06
sorry das wusste ich nicht.... aber siehe oben!

THX

schrauber 25.07.2013 14:40
hi,

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
O4 - HKLM..\Run: [TFGprBkucoKY.exe]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\CB\Startmenü\Programme\Autostart\msconfig.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\msconfig.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
[2013/06/05 23:42:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe
[2013/07/25 09:53:38 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzoofin.pad
[2013/06/05 23:44:56 | 000,003,088 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzoofin.js
[2013/06/05 23:42:59 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dzoofin.pad
[2013/06/05 23:42:03 | 000,163,840 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nifoozd.dat
[2013/06/05 23:41:15 | 000,163,840 | ---- | C] () -- C:\Dokumente und Einstellungen\CB\1798252906.exe
[2011/12/04 20:21:04 | 000,000,312 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~uC85CFlWUrD2qq
[2011/12/04 20:21:04 | 000,000,216 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~uC85CFlWUrD2qqr
[2011/12/04 20:20:58 | 000,000,440 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\uC85CFlWUrD2qq
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:28 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131