Mal wieder der BKa ,GVU Trojaner
Da hat er wieder zugeschlagen und ich bekomme ihn nicht so einfach weg wie beim letzen mal.Da gin wenigsten noch der Abgesicherte modus. :rolleyes:
Habe mal einen OTL Log gemacht ; hoffe es kann mir jemand da wieter helfen: Code:
OTL logfile created on: 2/20/2014 12:38:43 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
255.00 Mb Total Physical Memory | 75.00 Mb Available Physical Memory | 29.00% Memory free
215.00 Mb Paging File | 98.00 Mb Available in Paging File | 45.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 76.32 Gb Total Space | 61.10 Gb Free Space | 80.05% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- -- (de_serv)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2014/02/05 04:17:53 | 000,140,288 | ---- | M] () [Auto] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\rfwjlz80a.cpp -- (winmgmt)
SRV - [2012/12/11 15:11:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/19 10:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/06/14 09:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/06 15:16:54 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 15:16:54 | 000,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/09/11 03:40:26 | 000,214,056 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007/08/28 07:16:15 | 000,063,016 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2006/12/27 12:13:24 | 000,068,096 | ---- | M] () [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (Winacusb)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (NETFWDSL)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/07/30 08:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 08:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 08:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 08:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/15 11:36:00 | 000,347,776 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2008/04/24 01:08:31 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 18:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/09/17 05:24:55 | 000,048,448 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2007/09/09 12:59:44 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/09/07 06:05:12 | 000,062,016 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2007/08/09 07:04:05 | 000,040,768 | ---- | M] (Avira GmbH) [File_System | System] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)
DRV - [2007/02/27 09:25:04 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2007/01/25 19:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007/01/25 19:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006/02/05 13:46:35 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2005/02/11 04:24:24 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2005/02/11 04:22:48 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005/02/11 04:21:10 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005/02/11 04:21:02 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005/02/11 04:19:20 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber f黵 Realtek RTL8139(A/B/C)
DRV - [2002/07/23 22:30:00 | 000,032,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/06/20 21:39:04 | 000,472,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/03/11 12:57:00 | 000,043,776 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Enhanced Audio Controller (WDM)
DRV - [2002/01/08 03:16:06 | 000,006,656 | ---- | M] (Ravisent Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS -- (CINEMSUP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Renata_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie8_startpage
IE - HKU\Renata_ON_C\Software\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://google.icq.com
IE - HKU\Renata_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Renata_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Renata_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Renata_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\Renata_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Renata_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
IE - HKU\Renata_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Renata_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\Renata_ON_C\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
O3 - HKU\Renata_ON_C\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - Startup: C:\Dokumente und Einstellungen\Renata\Startmen黒Programme\Autostart\a08zljwfr.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Renata_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Renata_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/05 13:14:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{31d095cc-c689-11e0-b5fc-00e018b7cf6e}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{31d095cc-c689-11e0-b5fc-00e018b7cf6e}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{31d095ce-c689-11e0-b5fc-00e018b7cf6e}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{31d095ce-c689-11e0-b5fc-00e018b7cf6e}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{31d095cf-c689-11e0-b5fc-00e018b7cf6e}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{31d095cf-c689-11e0-b5fc-00e018b7cf6e}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{537b25de-840a-11de-b41c-00e018b7cf6e}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{537b25de-840a-11de-b41c-00e018b7cf6e}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{537b25df-840a-11de-b41c-00e018b7cf6e}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{537b25df-840a-11de-b41c-00e018b7cf6e}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{6f8e5971-aa15-11e0-b5e3-00e018b7cf6e}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{6f8e5971-aa15-11e0-b5e3-00e018b7cf6e}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{f951bb84-768a-11e0-b5b1-00e018b7cf6e}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{f951bb84-768a-11e0-b5b1-00e018b7cf6e}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2014/02/20 06:15:24 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Renata\Recent
[2014/02/17 07:25:39 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2014/02/17 07:25:33 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2007/09/09 12:59:44 | 000,024,192 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Renata\usbsermptxp.sys
[2007/09/09 12:59:44 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Renata\usbsermpt.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/02/20 06:29:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/20 06:28:18 | 095,027,928 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\a08zljwfr.fee
[2014/02/20 05:49:36 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/05 04:18:08 | 000,000,802 | ---- | M] () -- C:\Dokumente und Einstellungen\Renata\Startmen黒Programme\Autostart\a08zljwfr.lnk
[2014/02/05 04:17:53 | 000,140,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rfwjlz80a.cpp
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/02/05 04:18:07 | 000,000,802 | ---- | C] () -- C:\Dokumente und Einstellungen\Renata\Startmen黒Programme\Autostart\a08zljwfr.lnk
[2014/02/05 04:17:57 | 095,027,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\a08zljwfr.fee
[2014/02/05 04:17:53 | 000,140,288 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rfwjlz80a.cpp
[2010/10/31 15:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI
[2010/06/26 08:10:31 | 000,639,000 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009/10/28 13:56:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Renata\
[2009/10/26 13:04:19 | 000,010,567 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2009/10/26 13:00:48 | 000,203,443 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2009/10/26 13:00:48 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2009/08/04 08:11:05 | 000,070,478 | ---- | C] () -- C:\Dokumente und Einstellungen\Renata\Anwendungsdaten\NMM-MetaData.db
[2009/01/29 08:59:18 | 000,097,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2008/12/28 09:01:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/02/17 05:53:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/02/05 03:51:00 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/09/09 12:59:44 | 000,007,194 | ---- | C] () -- C:\Dokumente und Einstellungen\Renata\USBMOT2000.INF
[2007/09/09 12:59:44 | 000,005,877 | ---- | C] () -- C:\Dokumente und Einstellungen\Renata\USB_CMCS_2000.INF
[2007/09/09 12:59:44 | 000,005,798 | ---- | C] () -- C:\Dokumente und Einstellungen\Renata\USBMOT2000XP.INF
[2007/01/30 05:28:22 | 000,000,155 | ---- | C] () -- C:\WINDOWS\DEINSTAL.INI
[2006/12/25 12:52:32 | 000,073,216 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2006/12/08 11:09:51 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/08/18 14:01:25 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006/05/30 01:59:30 | 000,000,275 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2006/02/06 08:07:13 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/06 06:52:33 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/06 06:40:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2006/02/06 06:06:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/02/05 13:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\VegaShEx.dll
[2006/02/05 13:47:56 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006/02/05 13:47:56 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/02/05 13:45:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/02/05 13:42:39 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/02/05 13:42:39 | 000,002,776 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/02/05 13:38:53 | 000,013,373 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2006/02/05 13:38:53 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2006/02/05 13:38:43 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2006/02/05 13:30:49 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Renata\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/05 13:27:07 | 000,000,443 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/02/05 13:20:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/02/05 13:11:52 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/05 13:01:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/05 12:58:23 | 000,130,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/07 05:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2002/08/29 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 07:00:00 | 000,457,052 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002/08/29 07:00:00 | 000,440,818 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 07:00:00 | 000,083,680 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002/08/29 07:00:00 | 000,070,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/06/20 21:21:06 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1999/01/26 17:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2006/02/12 04:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Renata\Anwendungsdaten\CDZilla
[2009/08/08 05:23:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Renata\Anwendungsdaten\Datalayer
[2008/02/04 13:34:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Renata\Anwendungsdaten\FRITZ!
[2006/09/03 08:00:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Renata\Anwendungsdaten\ICQLite
[2009/08/08 05:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Renata\Anwendungsdaten\Nokia
[2009/08/08 06:08:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Renata\Anwendungsdaten\Nokia Multimedia Player
[2006/02/05 13:47:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Renata\Anwendungsdaten\Ordner HP Share-to-Web
[2009/08/04 08:12:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Renata\Anwendungsdaten\PC Suite
[2012/11/07 15:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1 Mail & Media GmbH
[2007/09/10 08:33:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2009/08/04 07:50:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2009/08/14 14:41:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2009/08/08 05:06:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaMusic
[2009/08/08 05:21:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012/11/07 15:10:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012/11/07 15:22:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 107 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C980DA7D
< End of report >
|
So funktioniert es:
Textbox.