Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Bundestrojaner inkl OTL Scan (White Screen) Fix

Bundestrojaner inkl OTL Scan (White Screen) Fix


Plagegeister aller Art und deren Bekämpfung: Bundestrojaner inkl OTL Scan (White Screen) Fix

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.03.2012, 14:19   #1
Jurii
 
Bundestrojaner inkl OTL Scan (White Screen) Fix - Standard

Bundestrojaner inkl OTL Scan (White Screen) Fix


Grüßt euch,

hab hier den Laptop von einem Bekannten und der hat sich anscheinend einen tollen Trojaner eingefangen.

Hab jetzt per Boot CD einen OTL Scan gemacht. Wie müsste jetzt der Fix aussehen, damit ich das Teil wieder zum laufen bekomme?

Code:
ATTFilter
OTL logfile created on: 3/21/2012 5:13:30 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 75.70 Mb Free Space | 75.70% Space Free | Partition Type: NTFS
Drive D: | 281.66 Gb Total Space | 214.65 Gb Free Space | 76.21% Space Free | Partition Type: NTFS
Drive E: | 16.23 Gb Total Space | 2.66 Gb Free Space | 16.38% Space Free | Partition Type: NTFS
Drive F: | 99.34 Mb Total Space | 92.75 Mb Free Space | 93.37% Space Free | Partition Type: FAT32
Drive X: | 3.74 Gb Total Space | 3.11 Gb Free Space | 83.24% Space Free | Partition Type: FAT
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (LMIGuardianSvc)
SRV - [2012/01/04 08:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand] -- D:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/16 10:48:46 | 001,526,080 | ---- | M] (TuneUp Software) [Auto] -- D:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/09/16 10:44:28 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- D:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/29 06:07:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/12 05:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/27 07:14:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/21 18:49:00 | 000,176,128 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/09/21 06:49:10 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto] -- D:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8338f09664089265\stacsv.exe -- (STacSV)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/02 07:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- D:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8338f09664089265\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/29 11:54:44 | 000,102,400 | ---- | M] (PacketVideo) [Auto] -- D:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- (TwonkyMedia)
SRV - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) [Auto] -- D:\Windows\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2008/02/27 20:53:22 | 000,098,984 | ---- | M] () [Auto] -- D:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV - [2003/04/18 14:06:26 | 000,008,192 | ---- | M] () [Auto] -- D:\Windows\System32\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (VGPU)
DRV - File not found [Kernel | On_Demand] --  -- (tsusbhub)
DRV - File not found [Kernel | On_Demand] --  -- (Synth3dVsc)
DRV - File not found [File_System | On_Demand] --  -- (StarOpen)
DRV - File not found [Kernel | Auto] --  -- (LMIInfo)
DRV - File not found [Kernel | On_Demand] --  -- (cpuz130)
DRV - [2011/06/29 06:07:10 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 06:07:10 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 07:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- D:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/09/29 18:22:57 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- D:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/07/12 08:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/07/12 08:48:56 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/06/15 10:53:28 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot] -- D:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2010/06/15 10:53:12 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/04/29 00:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2010/04/01 17:25:43 | 000,281,760 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/04/01 17:25:42 | 000,025,888 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/04/01 09:23:00 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/03 09:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/27 06:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- D:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/12/21 07:14:26 | 000,061,952 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\bthav.sys -- (csr_a2dp)
DRV - [2009/11/13 05:50:02 | 000,231,472 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/10/05 03:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/30 04:33:58 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/09/29 04:23:32 | 000,025,600 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/09/21 18:49:00 | 004,995,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/09/21 18:49:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/09/21 06:49:10 | 000,418,304 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/08/13 02:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/11 03:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/29 01:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/03 00:39:58 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - D:\Program Files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - D:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Keitel_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Keitel_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Keitel_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Keitel_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 F1 83 6E 4D A1 CB 01  [binary data]
IE - HKU\Keitel_ON_D\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - D:\Program Files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKU\Keitel_ON_D\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - D:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)
IE - HKU\Keitel_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: D:\Program Files\Win7codecs\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Program Files\Win7codecs\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Keitel\AppData\Roaming\5053 [2011/12/07 09:55:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_8.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_8.0 [2012/02/04 11:39:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/06 12:02:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/04 11:39:55 | 000,000,000 | ---D | M]
 
[2011/12/06 12:02:34 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2011/11/21 00:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 21:17:49 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/20 21:09:48 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 21:17:49 | 000,001,153 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/20 21:17:49 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/20 21:17:49 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/20 21:17:49 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/12/19 09:08:54 | 000,001,137 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.178.222 NPI799115
O1 - Hosts: 127.0.0.1	gosredirector.ea.com
O1 - Hosts: 127.0.0.1	blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1	gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	demangler.ea.com
O1 - Hosts: 127.0.0.1	vmp.tools.gos.ea.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - D:\Program Files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - D:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - D:\Program Files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - D:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Keitel_ON_D\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\Keitel_ON_D\..\Toolbar\WebBrowser: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - D:\Program Files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\Keitel_ON_D\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - D:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AmIcoSinglun] D:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EzPrint] D:\Program Files\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] D:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPCam_Menu] D:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HPUsageTracking] D:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [lxdxmon.exe] D:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [NokiaMServer] D:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] D:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NSU_agent] D:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] D:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ZPseiK15zRSy1wG] D:\Users\Keitel\AppData\Roaming\hw56suzj11.exe (lyqU)
O4 - HKU\Administrator_ON_D..\Run: [RoboForm] D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\Keitel_ON_D..\Run: []  File not found
O4 - HKU\Keitel_ON_D..\Run: [4W1W8B7A1IVJUZ4WRROJW]  File not found
O4 - HKU\Keitel_ON_D..\Run: [Facebook Update] D:\Users\Keitel\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Keitel_ON_D..\Run: [IncrediMail] D:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\Keitel_ON_D..\Run: [RoboForm] D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\Keitel_ON_D..\Run: [ZPseiK15zRSy1wG] D:\Users\Keitel\AppData\Roaming\hw56suzj11.exe (lyqU)
O4 - HKU\LocalService_ON_D..\Run: [4W1W8B7A1IVJUZ4WRROJW]  File not found
O4 - HKU\Keitel_ON_D..\RunOnce: [FlashPlayerUpdate] D:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Keitel_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Keitel_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Keitel_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Keitel_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (C:\Users\Keitel\AppData\Roaming\hw56suzj11.exe) - D:\Users\Keitel\AppData\Roaming\hw56suzj11.exe (lyqU)
O20 - HKLM Winlogon: UserInit - (C:\Users\Keitel\AppData\Roaming\hw56suzj11.exe) - D:\Users\Keitel\AppData\Roaming\hw56suzj11.exe (lyqU)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Keitel_ON_D Winlogon: Shell - (C:\Users\Keitel\AppData\Roaming\hw56suzj11.exe) - D:\Users\Keitel\AppData\Roaming\hw56suzj11.exe (lyqU)
O20 - HKU\Keitel_ON_D Winlogon: UserInit - (C:\Users\Keitel\AppData\Roaming\hw56suzj11.exe) - D:\Users\Keitel\AppData\Roaming\hw56suzj11.exe (lyqU)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 08:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/19 10:27:05 | 000,294,912 | ---- | C] (lyqU) -- D:\Users\Keitel\AppData\Roaming\hw56suzj11.exe
[2012/03/16 22:00:35 | 003,968,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntkrnlpa.exe
[2012/03/16 22:00:34 | 003,913,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
[2012/03/16 21:45:42 | 002,343,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys
[2012/03/16 21:45:35 | 001,077,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/16 21:45:02 | 000,129,536 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll
[2012/03/16 21:45:02 | 000,058,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll
[2012/03/16 21:45:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe
[2012/03/16 21:44:59 | 000,919,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorets.dll
[2012/03/16 21:44:59 | 000,826,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll
[2012/02/25 21:17:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/02/20 20:39:47 | 000,000,000 | ---D | C] -- D:\ProgramData\McAfee
[2012/02/20 20:39:45 | 000,000,000 | ---D | C] -- D:\ProgramData\McAfee Security Scan
[2012/02/20 20:39:41 | 000,000,000 | ---D | C] -- D:\Program Files\McAfee Security Scan
[2011/06/30 09:31:16 | 000,438,272 | ---- | C] ( ) -- D:\Windows\System32\LXDXhcp.dll
[2011/06/30 09:31:15 | 000,843,776 | ---- | C] ( ) -- D:\Windows\System32\lxdxusb1.dll
[2011/06/30 09:31:15 | 000,364,544 | ---- | C] ( ) -- D:\Windows\System32\lxdxinpa.dll
[2011/06/30 09:31:15 | 000,339,968 | ---- | C] ( ) -- D:\Windows\System32\lxdxiesc.dll
[2011/06/30 09:31:14 | 001,105,920 | ---- | C] ( ) -- D:\Windows\System32\lxdxserv.dll
[2011/06/30 09:31:14 | 000,647,168 | ---- | C] ( ) -- D:\Windows\System32\lxdxpmui.dll
[2011/06/30 09:31:14 | 000,569,344 | ---- | C] ( ) -- D:\Windows\System32\lxdxlmpm.dll
[2011/06/30 09:31:14 | 000,053,248 | ---- | C] ( ) -- D:\Windows\System32\lxdxprox.dll
[2011/06/30 09:31:13 | 000,663,552 | ---- | C] ( ) -- D:\Windows\System32\lxdxhbn3.dll
[2011/06/30 09:31:13 | 000,320,168 | ---- | C] ( ) -- D:\Windows\System32\lxdxih.exe
[2011/06/30 09:31:12 | 000,851,968 | ---- | C] ( ) -- D:\Windows\System32\lxdxcomc.dll
[2011/06/30 09:31:12 | 000,594,600 | ---- | C] ( ) -- D:\Windows\System32\lxdxcoms.exe
[2011/06/30 09:31:12 | 000,376,832 | ---- | C] ( ) -- D:\Windows\System32\lxdxcomm.dll
[2011/06/30 09:31:12 | 000,365,224 | ---- | C] ( ) -- D:\Windows\System32\lxdxcfg.exe
[2 D:\ProgramData\*.tmp files -> D:\ProgramData\*.tmp -> ]
[1 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
[1 D:\Users\Keitel\Documents\*.tmp files -> D:\Users\Keitel\Documents\*.tmp -> ]
[1 D:\Users\Keitel\AppData\Roaming\*.tmp files -> D:\Users\Keitel\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/21 11:04:19 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/21 11:04:09 | 2211,483,648 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/21 05:51:56 | 000,665,764 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/03/21 05:51:56 | 000,627,040 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/21 05:51:56 | 000,134,200 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/03/21 05:51:56 | 000,110,424 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/19 10:27:02 | 000,294,912 | ---- | M] (lyqU) -- D:\Users\Keitel\AppData\Roaming\hw56suzj11.exe
[2012/03/19 08:12:36 | 000,000,932 | ---- | M] () -- D:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226938814-2068991607-1573737975-1007UA.job
[2012/03/19 06:02:26 | 000,014,016 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 06:02:26 | 000,014,016 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 06:01:58 | 000,000,910 | ---- | M] () -- D:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226938814-2068991607-1573737975-1007Core.job
[2012/03/17 09:44:10 | 000,476,488 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/16 22:15:09 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
[2012/02/25 21:17:59 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/02/25 21:17:58 | 000,001,812 | ---- | M] () -- D:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/02/25 21:17:58 | 000,001,810 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/02/25 21:17:58 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/02/23 04:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\MpSigStub.exe
[2 D:\ProgramData\*.tmp files -> D:\ProgramData\*.tmp -> ]
[1 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
[1 D:\Users\Keitel\Documents\*.tmp files -> D:\Users\Keitel\Documents\*.tmp -> ]
[1 D:\Users\Keitel\AppData\Roaming\*.tmp files -> D:\Users\Keitel\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/02/20 20:39:43 | 000,001,810 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/02/20 20:39:42 | 000,001,812 | ---- | C] () -- D:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/12/01 16:08:29 | 000,000,036 | ---- | C] () -- D:\Users\Keitel\AppData\Roaming\blckdom.res
[2011/07/15 12:58:55 | 000,782,336 | ---- | C] () -- D:\Windows\System32\lxdxdrs.dll
[2011/07/15 12:58:55 | 000,081,920 | ---- | C] () -- D:\Windows\System32\lxdxcaps.dll
[2011/06/30 09:33:15 | 000,360,448 | ---- | C] () -- D:\Windows\System32\lxdxcoin.dll
[2011/06/30 09:32:53 | 000,040,960 | ---- | C] () -- D:\Windows\System32\lxdxvs.dll
[2011/06/30 09:31:59 | 000,069,632 | ---- | C] () -- D:\Windows\System32\lxdxcnv4.dll
[2011/06/30 09:31:33 | 000,000,044 | ---- | C] () -- D:\Windows\System32\lxdxrwrd.ini
[2011/06/30 09:31:16 | 000,348,160 | ---- | C] () -- D:\Windows\System32\LXDXinst.dll
[2011/06/30 09:31:13 | 000,208,896 | ---- | C] () -- D:\Windows\System32\lxdxgrd.dll
[2011/06/09 01:55:26 | 000,080,896 | ---- | C] () -- D:\Windows\System32\RDVGHelper.exe
[2011/06/09 01:54:54 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2011/06/09 01:53:42 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2011/01/18 14:26:08 | 000,025,600 | ---- | C] () -- D:\Users\Keitel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/09 14:35:21 | 000,077,824 | ---- | C] () -- D:\Windows\KMService.exe
[2010/11/09 14:35:21 | 000,008,192 | ---- | C] () -- D:\Windows\System32\srvany.exe
[2010/07/27 13:37:24 | 000,000,008 | RHS- | C] () -- D:\ProgramData\ntuser.pol
[2010/04/01 17:25:43 | 000,281,760 | ---- | C] () -- D:\Windows\System32\drivers\atksgt.sys
[2010/04/01 17:25:42 | 000,025,888 | ---- | C] () -- D:\Windows\System32\drivers\lirsgt.sys
[2010/03/29 16:27:23 | 000,000,608 | -HS- | C] () -- D:\Windows\System32\winzvprt5.sys
[2010/03/29 16:27:23 | 000,000,222 | ---- | C] () -- D:\Windows\System32\hppfaxprinter5.ini
[2010/03/29 16:25:46 | 000,000,194 | ---- | C] () -- D:\Windows\System32\AddPort.ini
[2010/03/29 16:25:26 | 000,000,743 | ---- | C] () -- D:\Windows\hpntwksetup.ini
[2010/03/29 16:23:48 | 000,199,124 | ---- | C] () -- D:\Windows\hppins11.dat
[2010/03/29 16:23:48 | 000,005,707 | ---- | C] () -- D:\Windows\hppmdl11.dat
[2010/03/29 16:22:48 | 000,000,665 | ---- | C] () -- D:\Windows\System32\hppapr11.dat
[2010/03/29 15:40:18 | 000,073,728 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll
[2010/03/29 15:37:40 | 000,006,656 | ---- | C] () -- D:\Windows\System32\bcmwlrc.dll
[2010/03/29 02:28:15 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2010/02/20 22:48:22 | 000,085,504 | ---- | C] () -- D:\Windows\System32\ff_vfw.dll
[2009/09/21 18:49:00 | 000,000,481 | ---- | C] () -- D:\Windows\System32\atipblag.dat
[2009/08/16 04:08:36 | 000,178,176 | ---- | C] () -- D:\Windows\System32\unrar.dll
[2009/07/14 04:47:43 | 000,665,764 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,134,200 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,476,488 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,627,040 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,110,424 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/18 13:29:04 | 000,197,654 | ---- | C] () -- D:\Windows\System32\atiicdxx.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2009/05/29 09:52:26 | 000,204,800 | ---- | C] () -- D:\Windows\System32\xvidvfw.dll
[2009/05/29 09:47:06 | 000,881,664 | ---- | C] () -- D:\Windows\System32\xvidcore.dll
[2007/02/05 14:05:26 | 000,000,038 | ---- | C] () -- D:\Windows\AviSplitter.INI
[2001/07/06 22:00:00 | 000,003,254 | ---- | C] () -- D:\Windows\System32\HPTCPMON.INI
 
========== LOP Check ==========
 
[2011/01/06 11:50:50 | 000,000,000 | ---D | M] -- D:\ProgramData\Age of Empires 3
[2010/03/29 15:38:30 | 000,000,000 | ---D | M] -- D:\ProgramData\AmUStor
[2010/03/29 04:01:28 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/07/06 16:42:00 | 000,000,000 | ---D | M] -- D:\ProgramData\Canneverbe Limited
[2010/04/01 09:22:18 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/03/29 04:01:28 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/06/30 21:16:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Ezprint
[2010/03/29 04:01:28 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2010/03/29 16:08:36 | 000,000,000 | ---D | M] -- D:\ProgramData\IM
[2010/03/29 16:07:38 | 000,000,000 | ---D | M] -- D:\ProgramData\IncrediMail
[2011/12/08 18:29:43 | 000,000,000 | ---D | M] -- D:\ProgramData\Installations
[2011/12/18 08:02:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Lx_cats
[2012/02/04 11:39:49 | 000,000,000 | ---D | M] -- D:\ProgramData\Nokia
[2011/10/04 16:29:33 | 000,000,000 | ---D | M] -- D:\ProgramData\NokiaInstallerCache
[2010/12/26 19:15:58 | 000,000,000 | ---D | M] -- D:\ProgramData\NokiaMusic
[2011/07/04 00:30:36 | 000,000,000 | ---D | M] -- D:\ProgramData\PC Suite
[2011/01/26 10:08:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Photo Notifier and Animation Creator
[2010/07/01 13:36:32 | 000,000,000 | ---D | M] -- D:\ProgramData\PhotoMail
[2010/03/29 16:14:25 | 000,000,000 | ---D | M] -- D:\ProgramData\RoboForm
[2010/04/01 17:50:02 | 000,000,000 | ---D | M] -- D:\ProgramData\Solidshield
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/03/29 04:01:28 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2010/03/29 15:44:00 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2010/11/28 11:46:53 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUp Software
[2010/03/29 04:01:28 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2010/03/29 16:05:04 | 000,000,000 | ---D | M] -- D:\ProgramData\Win7codecs
[2010/11/28 11:44:15 | 000,000,000 | -HSD | M] -- D:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/05/03 15:04:12 | 000,000,000 | ---D | M] -- D:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/19 06:01:58 | 000,000,910 | ---- | M] () -- D:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226938814-2068991607-1573737975-1007Core.job
[2012/03/19 08:12:36 | 000,000,932 | ---- | M] () -- D:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226938814-2068991607-1573737975-1007UA.job
[2011/06/04 12:46:58 | 000,032,630 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Schonmal vielen Dank für die Hilfe und das super Forum

Liebe Grüße
Jurii

Alt 21.03.2012, 17:52   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner inkl OTL Scan (White Screen) Fix - Standard

Bundestrojaner inkl OTL Scan (White Screen) Fix


Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________
Alt 21.03.2012, 18:16   #3
Jurii
 
Bundestrojaner inkl OTL Scan (White Screen) Fix - Standard

Bundestrojaner inkl OTL Scan (White Screen) Fix


Servus Arne,

habs im abgesichertem Modus probiert. Leider erscheint dann auch direkt der schöne White Screen mit dem Titel : Bitte warten Sie während die Verbindung hergestellt wird.

MfG
Jurii
__________________
Alt 21.03.2012, 18:24   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner inkl OTL Scan (White Screen) Fix - Standard

Bundestrojaner inkl OTL Scan (White Screen) Fix


Zitat:
O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 demangler.ea.com
O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com
Ähem, welchen Sinn & Zweck verfolgst du durch das Sperren dieser Hosts von EA?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.03.2012, 18:26   #5
Jurii
 
Bundestrojaner inkl OTL Scan (White Screen) Fix - Standard

Bundestrojaner inkl OTL Scan (White Screen) Fix


Servus Arne,

wie ich schon geschrieben hatte, ist es der Rechner eines Kollegen. Was er damit macht kann ich dir nicht sagen. Er hat eben seit ein paar Tagen diese Problem und da ich recht fit in Sachen Pc bin sollte ich mich dessen annehmen.

Gibt es hier eine Lösung oder sollte man gleich Windows wieder neu aufspielen?

MfG
Jurii


Alt 21.03.2012, 18:33   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner inkl OTL Scan (White Screen) Fix - Standard

Bundestrojaner inkl OTL Scan (White Screen) Fix


Ok, ich dachte du wüsstest was dein Kumpel damit anstellen wollte
Solche Einträge sind idR irgendwelche "Hilfen" für Cracks, damit man Raubkopien überhaupt erst spielen kann. Auch oft beliebt sind solche Einträge um diverse Server von Adobe zu sperren, die Aktivierung zu umgehen.

Da wir illegale Handlungen bzw. die Nutzung von Cracks/Keygens nicht unterstützen würde ich hier eine Neuinstallation dieses Rechners ansetzen.
__________________
--> Bundestrojaner inkl OTL Scan (White Screen) Fix

Alt 21.03.2012, 18:36   #7
Jurii
 
Bundestrojaner inkl OTL Scan (White Screen) Fix - Standard

Bundestrojaner inkl OTL Scan (White Screen) Fix


Servus Arne,

ok natürlich nicht die Antwort die ich gerne gehört hätte aber das gebe ich ihm so weiter.

Trotzdem vielen Dank für deine Bemühungen!

MfG
Jurii

Antwort

Themen zu Bundestrojaner inkl OTL Scan (White Screen) Fix
administrator, adobe, antivir, avira, bho, bonjour, browser, conduit, defender, desktop, disabletaskmgr, document, error, explorer, firefox, format, google, helper, home, langs, logfile, plug-in, registry, scan, security, security scan, senden, server, software, staropen, sttray.exe, super, trojaner, version=1.0, white, white screen


« Windows-Security meldet gesperrten PC (100 Euro zahlen) | BKA Trojaner unter Windows 7 64 »


Ähnliche Themen: Bundestrojaner inkl OTL Scan (White Screen) Fix


  1. White Screen Virus
    Plagegeister aller Art und deren Bekämpfung - 03.06.2015 (5)
  2. White screen
    Plagegeister aller Art und deren Bekämpfung - 31.05.2015 (3)
  3. Lenovo White Screen
    Log-Analyse und Auswertung - 18.07.2014 (7)
  4. White Screen --> Log File
    Log-Analyse und Auswertung - 03.05.2014 (5)
  5. Windows: White Screen nach hochfahren des Computers
    Plagegeister aller Art und deren Bekämpfung - 24.03.2014 (22)
  6. White Screen Virus eingefangen (Windows 7)
    Plagegeister aller Art und deren Bekämpfung - 15.11.2013 (4)
  7. White-Screen Trojaner - Was nun?
    Log-Analyse und Auswertung - 09.07.2013 (11)
  8. White Screen beim Starten von Windows 7
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (68)
  9. White Screen beim Starten von Windows 7
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (11)
  10. Trojaner, Win 7, 64 Bit, White Screen, stürzt im abgesicherten immer Modus ab - Ausweg ?
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (13)
  11. white screen abgesicherter modus
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (16)
  12. White Screen im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (6)
  13. White Screen nach Computerstart Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 21.10.2012 (24)
  14. White Screen trotz abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (1)
  15. Windows blockiert ( white-screen )
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (5)
  16. White Screen - Verbindung wird hergestellt
    Log-Analyse und Auswertung - 16.04.2012 (25)
  17. White-Screen
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundestrojaner inkl OTL Scan (White Screen) Fix - Grüßt euch, hab hier den Laptop von einem Bekannten und der hat sich anscheinend einen tollen Trojaner eingefangen. Hab jetzt per Boot CD einen OTL Scan gemacht. Wie müsste jetzt - Bundestrojaner inkl OTL Scan (White Screen) Fix...
Archiv
Du betrachtest: Bundestrojaner inkl OTL Scan (White Screen) Fix auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129