Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows XP: GVU Trojaner, abgesicherter Modus geht nicht (https://www.trojaner-board.de/141059-windows-xp-gvu-trojaner-abgesicherter-modus-geht.html)

cassaca 05.09.2013 18:51
Windows XP: GVU Trojaner, abgesicherter Modus geht nicht
 
Hallo wertes Forum,

ich sitze hier neben einem WindowsXP-Rechner, der sich zwar noch starten lässt, allerdings nach kurzer Zeit einen GVU-Sperrbildschirm zeigt.

Ich habe mir OTLPE 3.1.48.0 heruntergeladen, gebrannt, den XP-Rechner gescannt und der Log aus der OTL.txt sieht folgendermaßen aus (eine Datei Extra.txt gab es nicht):


Code:
OTL logfile created on: 9/5/2013 8:37:30 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40.00 Gb Total Space | 6.72 Gb Free Space | 16.81% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 146.22 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive E: | 138.67 Gb Total Space | 138.41 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive F: | 140.61 Gb Total Space | 112.29 Gb Free Space | 79.86% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2013/08/29 02:08:53 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/20 08:29:42 | 000,060,352 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2013/03/06 11:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/01/14 15:16:40 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/08/30 13:03:54 | 000,189,128 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Programme\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)
SRV - [2011/08/30 13:03:46 | 000,189,128 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Programme\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2011/08/30 13:03:32 | 000,582,344 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Programme\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/08/30 13:03:10 | 000,221,896 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2011/07/20 00:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/05/25 08:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/30 11:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/05/01 21:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/10/11 02:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/06/27 13:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 07:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006/04/10 11:54:14 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2004/10/21 21:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (GT680x)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2013/07/10 09:38:51 | 000,145,856 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand] -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012/08/15 11:39:31 | 000,044,240 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2011/08/30 13:03:42 | 000,072,552 | ---- | M] (F-Secure Corporation) [Kernel | System] -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2011/08/30 13:03:32 | 000,083,304 | ---- | M] (F-Secure Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2010/11/12 11:15:07 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2010/08/22 16:24:33 | 000,083,344 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510obex.sys -- (k510obex)
DRV - [2010/08/22 16:24:32 | 000,094,064 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510mdm.sys -- (k510mdm)
DRV - [2010/08/22 16:24:32 | 000,085,408 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510mgmt.sys -- (k510mgmt) Sony Ericsson K510 USB WMC Device Management Drivers (WDM)
DRV - [2010/08/22 16:24:32 | 000,058,288 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510bus.sys -- (k510bus) Sony Ericsson K510 Driver driver (WDM)
DRV - [2010/08/22 16:24:32 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510mdfl.sys -- (k510mdfl)
DRV - [2009/03/02 19:20:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/09/24 05:52:52 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/02/28 22:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/28 22:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/28 22:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/28 22:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/28 22:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/28 09:50:36 | 000,517,632 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/05/10 05:28:00 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/14 04:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/06/18 17:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/14 01:56:00 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005/10/18 09:01:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005/02/23 08:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/04/17 07:43:50 | 000,076,800 | ---- | M] (TerraTec Electronic GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\BT848.SYS -- (BT848)
DRV - [2003/04/17 07:43:50 | 000,012,288 | ---- | M] (TerraTec Electronic GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\BTTUNER.SYS -- (BTTUNER)
DRV - [2003/04/17 07:43:50 | 000,011,264 | ---- | M] (TerraTec Electronic GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\BTXBAR.SYS -- (BTXBAR)
DRV - [2001/08/09 20:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Heinrich_Schmidt_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\Heinrich_Schmidt_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\Heinrich_Schmidt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Heinrich_Schmidt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/01 04:39:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013/07/31 03:05:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/01 04:39:03 | 000,000,000 | ---D | M]
 
[2009/01/20 11:03:10 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
 
O1 HOSTS File: ([2010/06/15 10:38:12 | 000,404,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 13983 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\Heinrich_Schmidt_ON_C\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\Heinrich_Schmidt_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [IQmG7lF7] C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TerraTec Scheduler] C:\Programme\Gemeinsame Dateien\TerraTec\Scheduler\TTTimer.exe (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [WinampAgent]  File not found
O4 - HKU\Heinrich_Schmidt_ON_C..\Run: [cleansweep.exe]  File not found
O4 - HKU\Heinrich_Schmidt_ON_C..\Run: [IQmG7lF7] C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Hama Wireless LAN Utility.lnk = C:\Programme\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\Heinrich_Schmidt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_30.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1364985392843 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/24 05:39:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/15 15:44:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2010/11/12 11:15:06 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/05 13:07:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/05 12:58:12 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/05 12:58:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/05 12:45:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/04 04:14:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/04 04:13:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/09/04 04:13:31 | 000,180,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\e15932d3-1ac3-4889-910e-977df90645d7
[2013/09/04 04:13:18 | 000,121,344 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe
[2013/09/04 03:52:01 | 000,001,110 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/03 06:37:56 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2013/09/02 03:00:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\{E9FC15DF-1F8F-4BE9-99A3-FBC52C00FB6E}_HEINRICH-43F1D3_Heinrich Schmidt.job
[2013/08/29 02:08:52 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/29 02:08:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/15 15:46:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/15 15:40:10 | 000,484,360 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/08/15 15:40:10 | 000,442,816 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/15 15:40:10 | 000,094,398 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/08/15 15:40:10 | 000,071,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/04 04:13:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/04 04:13:31 | 000,180,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\e15932d3-1ac3-4889-910e-977df90645d7
[2013/09/04 04:13:25 | 000,121,344 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe
[2013/04/13 05:42:49 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/13 05:42:49 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/13 05:42:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/02/07 23:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/06/20 16:48:59 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/05/06 07:30:47 | 000,000,696 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012/02/16 07:09:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/10 10:25:30 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/02/08 15:14:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\wsutil.exe
[2011/02/08 15:14:15 | 000,000,031 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2011/02/08 15:13:24 | 000,172,032 | ---- | C] () -- C:\WINDOWS\WsBtn.dll
[2010/06/03 06:34:23 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\dhxiuw.dat
[2010/02/01 04:38:33 | 000,023,671 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/01/18 12:31:24 | 000,019,556 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2009/12/10 18:48:39 | 000,078,170 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/09/15 12:49:05 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/09/15 12:49:05 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/09/15 12:49:05 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/09/15 12:49:05 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/09/15 12:49:05 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/09/15 12:49:05 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/09/15 12:49:05 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/09/15 12:49:05 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/09/15 12:49:05 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/09/15 12:49:05 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/09/15 12:49:05 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/09/15 12:49:05 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/09/15 12:49:05 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/09/15 12:49:05 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/09/15 12:49:05 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/09/15 12:49:05 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/09/15 12:49:05 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/09/15 12:49:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/09/15 12:49:05 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/17 10:51:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/01/16 11:16:36 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Ÿ9Ÿ9
[2009/01/16 07:39:22 | 000,179,210 | ---- | C] () -- C:\WINDOWS\hpoins29.dat
[2009/01/16 07:39:22 | 000,000,986 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat
[2008/12/26 12:34:38 | 000,000,090 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\default.pls
[2008/11/02 09:41:27 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/10/27 06:01:40 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini
[2008/10/27 05:26:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2008/09/27 16:30:52 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 09:40:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/27 09:27:10 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini
[2008/09/27 09:19:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Gtwatch.exe
[2008/09/27 08:46:40 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2008/09/27 08:46:40 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2008/09/27 08:46:39 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2008/09/27 08:46:39 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2008/09/27 08:46:39 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2008/09/27 08:46:39 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2008/09/27 08:46:39 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2008/09/27 08:46:39 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2008/09/27 08:46:39 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2008/09/27 08:46:39 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2008/09/27 08:35:43 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/24 06:30:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/24 06:29:04 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/24 05:51:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/09/24 05:40:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/24 05:37:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 16:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 16:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 16:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,484,360 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/04/14 08:00:00 | 000,442,816 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,094,398 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/04/14 08:00:00 | 000,071,828 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/01 05:22:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 05:22:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/06/01 05:22:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 05:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/06/01 05:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 05:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 05:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 05:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/06/01 05:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/01 05:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/07/01 20:04:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\EPLPSE02.DLL
[2001/09/03 20:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2000/09/28 20:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\EPLUUE02.DLL
[1999/01/26 17:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
 
========== LOP Check ==========
 
[2009/12/20 13:33:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\becker
[2012/05/06 07:31:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Buhl Data Service
[2011/12/11 15:50:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Desktopicon
[2012/05/24 03:26:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\F-Secure
[2009/01/20 11:15:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Haufe
[2008/09/27 11:25:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Leadertech
[2009/01/20 11:09:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Lexware
[2009/09/15 12:49:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Panasonic
[2012/05/23 06:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Pofois
[2010/08/22 16:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Teleca
[2008/09/27 10:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Windows Desktop Search
[2008/09/27 11:05:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Windows Search
[2012/06/20 16:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Ybak
[2012/05/31 09:15:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Zobyu
[2011/12/28 13:02:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2009/01/20 11:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2013/04/05 06:44:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2011/12/10 10:25:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2011/12/10 10:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg
[2009/01/20 11:02:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2009/01/20 11:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2010/05/19 13:42:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2010/05/19 13:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2010/06/16 08:20:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008/09/27 11:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2011/07/02 08:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/05/17 10:00:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\{65B82898-C980-4BA0-BF9D-E471B1124929}_HEINRICH-43F1D3_Heinrich Schmidt.job
[2013/07/15 10:00:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\{A52BE7FC-5A94-46DC-97B7-F7074335C5E8}_HEINRICH-43F1D3_Heinrich Schmidt.job
[2013/09/02 03:00:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\{E9FC15DF-1F8F-4BE9-99A3-FBC52C00FB6E}_HEINRICH-43F1D3_Heinrich Schmidt.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 159 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
< End of report >
Ich hoffe Ihr könnt mir helfen. Auf jeden Fall schon mal vielen Dank für eure Hilfe im Voraus.

Viele Grüße
Cassi

schrauber 05.09.2013 19:16
hi,

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
O4 - HKU\Heinrich_Schmidt_ON_C..\Run: [IQmG7lF7] C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe ()

:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


rechner normal starten :)

cassaca 05.09.2013 19:57
Hallo Schrauber,

vielen Dank für die schnelle Hilfe. Echt top.

Der Rechner läuft wieder, jetzt Dateien sichern und nach einem neuen OS umsehen... :crazy:

Hier noch der Auszug aus dem Log:

Code:
========== OTL ==========
Registry value HKEY_USERS\Heinrich_Schmidt_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\IQmG7lF7 deleted successfully.
C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temporary Internet Files folder emptied: 246350 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Heinrich Schmidt
->Temp folder emptied: 1250830709 bytes
->Temporary Internet Files folder emptied: 452383097 bytes
->Java cache emptied: 25558280 bytes
->Google Chrome cache emptied: 8040620 bytes
->Flash cache emptied: 23756 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33664 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1577169 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 17052217 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6595266 bytes
 
Total Files Cleaned = 1,681.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 09052013_225010
Ihr leistet hier echt tolle Arbeit!! :applaus:

Danke,

Cassi

schrauber 06.09.2013 08:23
also nicht weiter bereinigen? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131