Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows XP: GVU Trojaner, abgesicherter Modus geht nicht (https://www.trojaner-board.de/141059-windows-xp-gvu-trojaner-abgesicherter-modus-geht.html)

cassaca 05.09.2013 18:51
Windows XP: GVU Trojaner, abgesicherter Modus geht nicht
 
Hallo wertes Forum,

ich sitze hier neben einem WindowsXP-Rechner, der sich zwar noch starten lässt, allerdings nach kurzer Zeit einen GVU-Sperrbildschirm zeigt.

Ich habe mir OTLPE 3.1.48.0 heruntergeladen, gebrannt, den XP-Rechner gescannt und der Log aus der OTL.txt sieht folgendermaßen aus (eine Datei Extra.txt gab es nicht):


Code:
OTL logfile created on: 9/5/2013 8:37:30 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40.00 Gb Total Space | 6.72 Gb Free Space | 16.81% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 146.22 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive E: | 138.67 Gb Total Space | 138.41 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive F: | 140.61 Gb Total Space | 112.29 Gb Free Space | 79.86% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2013/08/29 02:08:53 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/20 08:29:42 | 000,060,352 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2013/03/06 11:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/01/14 15:16:40 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/08/30 13:03:54 | 000,189,128 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Programme\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)
SRV - [2011/08/30 13:03:46 | 000,189,128 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Programme\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2011/08/30 13:03:32 | 000,582,344 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Programme\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/08/30 13:03:10 | 000,221,896 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2011/07/20 00:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/05/25 08:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/30 11:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/05/01 21:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/10/11 02:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/06/27 13:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 07:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006/04/10 11:54:14 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2004/10/21 21:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (GT680x)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2013/07/10 09:38:51 | 000,145,856 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand] -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012/08/15 11:39:31 | 000,044,240 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2011/08/30 13:03:42 | 000,072,552 | ---- | M] (F-Secure Corporation) [Kernel | System] -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2011/08/30 13:03:32 | 000,083,304 | ---- | M] (F-Secure Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2010/11/12 11:15:07 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2010/08/22 16:24:33 | 000,083,344 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510obex.sys -- (k510obex)
DRV - [2010/08/22 16:24:32 | 000,094,064 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510mdm.sys -- (k510mdm)
DRV - [2010/08/22 16:24:32 | 000,085,408 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510mgmt.sys -- (k510mgmt) Sony Ericsson K510 USB WMC Device Management Drivers (WDM)
DRV - [2010/08/22 16:24:32 | 000,058,288 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510bus.sys -- (k510bus) Sony Ericsson K510 Driver driver (WDM)
DRV - [2010/08/22 16:24:32 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510mdfl.sys -- (k510mdfl)
DRV - [2009/03/02 19:20:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/09/24 05:52:52 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/02/28 22:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/28 22:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/28 22:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/28 22:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/28 22:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/28 09:50:36 | 000,517,632 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/05/10 05:28:00 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/14 04:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/06/18 17:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/14 01:56:00 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005/10/18 09:01:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005/02/23 08:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/04/17 07:43:50 | 000,076,800 | ---- | M] (TerraTec Electronic GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\BT848.SYS -- (BT848)
DRV - [2003/04/17 07:43:50 | 000,012,288 | ---- | M] (TerraTec Electronic GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\BTTUNER.SYS -- (BTTUNER)
DRV - [2003/04/17 07:43:50 | 000,011,264 | ---- | M] (TerraTec Electronic GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\BTXBAR.SYS -- (BTXBAR)
DRV - [2001/08/09 20:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Heinrich_Schmidt_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\Heinrich_Schmidt_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\Heinrich_Schmidt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Heinrich_Schmidt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/01 04:39:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013/07/31 03:05:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/01 04:39:03 | 000,000,000 | ---D | M]
 
[2009/01/20 11:03:10 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
 
O1 HOSTS File: ([2010/06/15 10:38:12 | 000,404,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 13983 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\Heinrich_Schmidt_ON_C\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\Heinrich_Schmidt_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [IQmG7lF7] C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TerraTec Scheduler] C:\Programme\Gemeinsame Dateien\TerraTec\Scheduler\TTTimer.exe (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [WinampAgent]  File not found
O4 - HKU\Heinrich_Schmidt_ON_C..\Run: [cleansweep.exe]  File not found
O4 - HKU\Heinrich_Schmidt_ON_C..\Run: [IQmG7lF7] C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Hama Wireless LAN Utility.lnk = C:\Programme\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\Heinrich_Schmidt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_30.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1364985392843 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/24 05:39:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/15 15:44:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2010/11/12 11:15:06 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/05 13:07:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/05 12:58:12 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/05 12:58:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/05 12:45:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/04 04:14:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/04 04:13:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/09/04 04:13:31 | 000,180,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\e15932d3-1ac3-4889-910e-977df90645d7
[2013/09/04 04:13:18 | 000,121,344 | ---- | M] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe
[2013/09/04 03:52:01 | 000,001,110 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/03 06:37:56 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2013/09/02 03:00:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\{E9FC15DF-1F8F-4BE9-99A3-FBC52C00FB6E}_HEINRICH-43F1D3_Heinrich Schmidt.job
[2013/08/29 02:08:52 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/29 02:08:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/15 15:46:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/15 15:40:10 | 000,484,360 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/08/15 15:40:10 | 000,442,816 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/15 15:40:10 | 000,094,398 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/08/15 15:40:10 | 000,071,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/04 04:13:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/04 04:13:31 | 000,180,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\e15932d3-1ac3-4889-910e-977df90645d7
[2013/09/04 04:13:25 | 000,121,344 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe
[2013/04/13 05:42:49 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/13 05:42:49 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/13 05:42:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/02/07 23:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/06/20 16:48:59 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/05/06 07:30:47 | 000,000,696 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012/02/16 07:09:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/10 10:25:30 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/02/08 15:14:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\wsutil.exe
[2011/02/08 15:14:15 | 000,000,031 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2011/02/08 15:13:24 | 000,172,032 | ---- | C] () -- C:\WINDOWS\WsBtn.dll
[2010/06/03 06:34:23 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\dhxiuw.dat
[2010/02/01 04:38:33 | 000,023,671 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/01/18 12:31:24 | 000,019,556 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2009/12/10 18:48:39 | 000,078,170 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/09/15 12:49:05 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/09/15 12:49:05 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/09/15 12:49:05 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/09/15 12:49:05 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/09/15 12:49:05 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/09/15 12:49:05 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/09/15 12:49:05 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/09/15 12:49:05 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/09/15 12:49:05 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/09/15 12:49:05 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/09/15 12:49:05 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/09/15 12:49:05 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/09/15 12:49:05 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/09/15 12:49:05 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/09/15 12:49:05 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/09/15 12:49:05 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/09/15 12:49:05 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/09/15 12:49:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/09/15 12:49:05 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/17 10:51:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/01/16 11:16:36 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Ÿ9Ÿ9
[2009/01/16 07:39:22 | 000,179,210 | ---- | C] () -- C:\WINDOWS\hpoins29.dat
[2009/01/16 07:39:22 | 000,000,986 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat
[2008/12/26 12:34:38 | 000,000,090 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\default.pls
[2008/11/02 09:41:27 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/10/27 06:01:40 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini
[2008/10/27 05:26:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2008/09/27 16:30:52 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 09:40:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/27 09:27:10 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini
[2008/09/27 09:19:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Gtwatch.exe
[2008/09/27 08:46:40 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2008/09/27 08:46:40 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2008/09/27 08:46:39 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2008/09/27 08:46:39 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2008/09/27 08:46:39 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2008/09/27 08:46:39 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2008/09/27 08:46:39 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2008/09/27 08:46:39 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2008/09/27 08:46:39 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2008/09/27 08:46:39 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2008/09/27 08:35:43 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/24 06:30:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/24 06:29:04 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/24 05:51:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/09/24 05:40:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/24 05:37:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 16:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 16:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 16:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,484,360 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/04/14 08:00:00 | 000,442,816 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,094,398 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/04/14 08:00:00 | 000,071,828 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/01 05:22:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 05:22:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/06/01 05:22:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 05:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/06/01 05:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 05:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 05:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 05:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/06/01 05:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/01 05:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/07/01 20:04:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\EPLPSE02.DLL
[2001/09/03 20:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2000/09/28 20:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\EPLUUE02.DLL
[1999/01/26 17:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
 
========== LOP Check ==========
 
[2009/12/20 13:33:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\becker
[2012/05/06 07:31:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Buhl Data Service
[2011/12/11 15:50:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Desktopicon
[2012/05/24 03:26:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\F-Secure
[2009/01/20 11:15:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Haufe
[2008/09/27 11:25:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Leadertech
[2009/01/20 11:09:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Lexware
[2009/09/15 12:49:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Panasonic
[2012/05/23 06:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Pofois
[2010/08/22 16:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Teleca
[2008/09/27 10:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Windows Desktop Search
[2008/09/27 11:05:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Windows Search
[2012/06/20 16:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Ybak
[2012/05/31 09:15:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinrich Schmidt\Anwendungsdaten\Zobyu
[2011/12/28 13:02:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2009/01/20 11:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2013/04/05 06:44:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2011/12/10 10:25:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2011/12/10 10:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg
[2009/01/20 11:02:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2009/01/20 11:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2010/05/19 13:42:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2010/05/19 13:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2010/06/16 08:20:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008/09/27 11:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2011/07/02 08:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/05/17 10:00:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\{65B82898-C980-4BA0-BF9D-E471B1124929}_HEINRICH-43F1D3_Heinrich Schmidt.job
[2013/07/15 10:00:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\{A52BE7FC-5A94-46DC-97B7-F7074335C5E8}_HEINRICH-43F1D3_Heinrich Schmidt.job
[2013/09/02 03:00:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\{E9FC15DF-1F8F-4BE9-99A3-FBC52C00FB6E}_HEINRICH-43F1D3_Heinrich Schmidt.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 159 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
< End of report >
Ich hoffe Ihr könnt mir helfen. Auf jeden Fall schon mal vielen Dank für eure Hilfe im Voraus.

Viele Grüße
Cassi

schrauber 05.09.2013 19:16
hi,

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
O4 - HKU\Heinrich_Schmidt_ON_C..\Run: [IQmG7lF7] C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe ()

:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


rechner normal starten :)

cassaca 05.09.2013 19:57
Hallo Schrauber,

vielen Dank für die schnelle Hilfe. Echt top.

Der Rechner läuft wieder, jetzt Dateien sichern und nach einem neuen OS umsehen... :crazy:

Hier noch der Auszug aus dem Log:

Code:
========== OTL ==========
Registry value HKEY_USERS\Heinrich_Schmidt_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\IQmG7lF7 deleted successfully.
C:\Dokumente und Einstellungen\Heinrich Schmidt\Lokale Einstellungen\Anwendungsdaten\fvJcrgR.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temporary Internet Files folder emptied: 246350 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Heinrich Schmidt
->Temp folder emptied: 1250830709 bytes
->Temporary Internet Files folder emptied: 452383097 bytes
->Java cache emptied: 25558280 bytes
->Google Chrome cache emptied: 8040620 bytes
->Flash cache emptied: 23756 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33664 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1577169 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 17052217 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6595266 bytes
 
Total Files Cleaned = 1,681.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 09052013_225010
Ihr leistet hier echt tolle Arbeit!! :applaus:

Danke,

Cassi

schrauber 06.09.2013 08:23
also nicht weiter bereinigen? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:26 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19