Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
AKM-Trojaner, OTLPE

AKM-Trojaner, OTLPE


Log-Analyse und Auswertung: AKM-Trojaner, OTLPE

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.05.2012, 12:11   #1
wano111
 
AKM-Trojaner, OTLPE - Standard

AKM-Trojaner, OTLPE


Hallo!
Ich bitte um Hilfe
PC (mit WinXP SP3) ist offensichtlich mit AKM-Trojaner infiziert, habe ihn mit OLTPE gestartet und gescannt (Super-Anleitungen im Board, Danke!), sende das LOG und bitte um weitere Anweisungen.

Hallo nochmal!
Habe vorhin nicht genug gelesen und jetzt erst das zweite LOG zustande gebracht.
Anbei beide LOGs und bitte um Nachsicht

zuerst die OTL.txt:
Code:
ATTFilter
OTL logfile created on: 5/26/2012 4:58:21 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111.78 Gb Total Space | 24.86 Gb Free Space | 22.24% Space Free | Partition Type: NTFS
Drive D: | 121.10 Gb Total Space | 119.99 Gb Free Space | 99.08% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Programme\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Autodesk Licensing Service) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (WinVNC4) -- C:\Programme\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (McShield) -- C:\Programme\Network Associates\VirusScan\Mcshield.exe (Network Associates, Inc.)
SRV - (McTaskManager) -- C:\Programme\Network Associates\VirusScan\VsTskMgr.exe (Network Associates, Inc.)
SRV - (McAfeeFramework) -- C:\Programme\Network Associates\Common Framework\FrameworkService.exe (Network Associates, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (NaiAvFilter1) -- C:\WINDOWS\system32\drivers\naiavf5x.sys (Network Associates, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Gattringer.ERTLO_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = 
IE - HKU\Gattringer.ERTLO_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Gattringer.ERTLO_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Gattringer.ERTLO_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\Gattringer.TBERTL_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = 
IE - HKU\Gattringer.TBERTL_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Gattringer.TBERTL_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Gattringer.TBERTL_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\Gattringer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Gattringer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\Gerstl_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Gerstl_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\Hekate.ERTLO_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Hekate.TBERTL_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\Hekate.TBERTL_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Hekate_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Programme\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Programme\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2003/04/02 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\Gattringer.ERTLO_ON_C\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\Gattringer.ERTLO_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\Gattringer.TBERTL_ON_C\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\Gattringer.TBERTL_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\Gerstl_ON_C\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\Hekate.TBERTL_ON_C\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\Hekate.TBERTL_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Opware15] C:\Programme\ScanSoft\OmniPage15\Opware15.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Programme\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKU\Gattringer.ERTLO_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Gattringer.TBERTL_ON_C..\Run: [8F835A22] C:\WINDOWS\system32\63255FBA8F835A227E43.exe (We bello comè?)
O4 - HKU\Gerstl_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Gerstl_ON_C..\Run: [OpAgent] C:\Programme\ScanSoft\OmniPage15\OpAgent.exe (Nuance Communications, Inc.)
O4 - HKU\Hekate.TBERTL_ON_C..\Run: [8F835A22] C:\WINDOWS\system32\63255FBA8F835A227E43.exe (We bello comè?)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Gattringer.ERTLO_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Gattringer.TBERTL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Gattringer.TBERTL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Gattringer.TBERTL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Gattringer.TBERTL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Gattringer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Gerstl_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hekate.ERTLO_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hekate.TBERTL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hekate_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TBERTL.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\63255FBA8F835A227E43.exe) - C:\WINDOWS\system32\63255FBA8F835A227E43.exe (We bello comè?)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/23 09:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/22 02:01:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Anwendungsdaten\Lizxmpnqy
[2012/05/22 02:00:22 | 000,065,536 | -H-- | C] (We bello comè?) -- C:\WINDOWS\System32\63255FBA8F835A227E43.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Gattringer.TBERTL\*.tmp files -> C:\Dokumente und Einstellungen\Gattringer.TBERTL\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/26 09:25:29 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/26 09:25:12 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc088436989070.job
[2012/05/26 09:25:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/24 09:24:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc088436ead524.job
[2012/05/22 02:00:22 | 000,065,536 | -H-- | M] (We bello comè?) -- C:\WINDOWS\System32\63255FBA8F835A227E43.exe
[2012/05/22 01:58:12 | 000,002,593 | ---- | M] () -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Desktop\Microsoft Outlook 2010.lnk
[2012/05/20 08:54:10 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2012/05/15 01:03:35 | 001,644,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/14 10:29:28 | 000,487,626 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/05/14 10:29:28 | 000,444,510 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/14 10:29:28 | 000,095,624 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/05/14 10:29:28 | 000,072,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/14 10:26:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/11 15:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/05/11 15:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/05/11 15:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/05/11 15:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/05/11 04:49:57 | 000,023,479 | ---- | M] () -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Desktop\Wasnergasse 27.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Gattringer.TBERTL\*.tmp files -> C:\Dokumente und Einstellungen\Gattringer.TBERTL\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/22 02:01:35 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/05/22 02:01:35 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/22 02:01:35 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/22 02:01:35 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/22 02:01:35 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/22 02:01:35 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/11 04:49:56 | 000,023,479 | ---- | C] () -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Desktop\Wasnergasse 27.pdf
[2012/02/15 02:27:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/20 03:55:20 | 000,000,477 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2011/09/09 06:57:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/09 05:43:55 | 000,014,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/09 13:23:38 | 020,420,806 | ---- | C] () -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Lokale Einstellungen\Anwendungsdaten\FASTWiz.html
[2011/01/09 08:15:29 | 000,006,374 | ---- | C] () -- C:\Dokumente und Einstellungen\Gattringer.ERTLO\Lokale Einstellungen\Anwendungsdaten\FASTWiz.html
[2011/01/09 06:50:28 | 000,000,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Gattringer.ERTLO\Lokale Einstellungen\Anwendungsdaten\FASTApp.html
[2009/09/04 08:03:17 | 000,000,041 | ---- | C] () -- C:\WINDOWS\OENORM.INI
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/08/13 04:47:34 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Gattringer.ERTLO\RefEdit.exd
[2008/07/24 09:09:01 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat
[2008/07/24 09:08:56 | 000,000,149 | ---- | C] () -- C:\Dokumente und Einstellungen\Gattringer.ERTLO\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/06/09 09:36:38 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Gattringer.ERTLO\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/16 03:30:20 | 000,142,383 | ---- | C] () -- C:\WINDOWS\hpgins30.dat
[2008/04/16 03:30:20 | 000,000,149 | ---- | C] () -- C:\WINDOWS\hpgmdl30.dat
[2008/04/03 03:35:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/06 15:12:48 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL
[2008/02/24 04:42:10 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2008/02/24 04:42:09 | 001,284,280 | ---- | C] () -- C:\WINDOWS\System32\XMNT2001.EXE
[2008/02/24 04:21:59 | 000,000,387 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/02/24 03:53:06 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/23 16:08:14 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerstl\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/02/23 16:01:12 | 000,000,513 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/23 15:20:30 | 000,004,362 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/23 15:19:35 | 001,644,120 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/23 09:40:22 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/02/23 09:40:18 | 000,024,315 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/02/23 09:40:05 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/02/23 09:33:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/02/23 09:29:49 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/06 05:30:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/06 05:30:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/11/06 05:30:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/06 05:30:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/11/06 05:30:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/06 05:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/06 05:30:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/11/06 05:30:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/11/06 05:30:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/05 10:48:36 | 000,016,828 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/05 10:48:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/02/05 10:48:28 | 000,016,562 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/02/05 09:24:28 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2007/02/05 09:24:26 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/04/02 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/04/02 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/04/02 08:00:00 | 000,487,626 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/02 08:00:00 | 000,444,510 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/02 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/04/02 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/04/02 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/04/02 08:00:00 | 000,197,121 | ---- | C] () -- C:\WINDOWS\System32\mixerisrv.exe
[2003/04/02 08:00:00 | 000,095,624 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/02 08:00:00 | 000,072,386 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/02 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/04/02 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/04/02 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/04/02 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/04/02 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/04/02 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/21 09:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1601/02/13 04:28:18 | 000,000,283 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ldllLnNrstTTjjv
 
========== LOP Check ==========
 
[2008/03/06 10:34:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.ERTLO\Anwendungsdaten\ACD Systems
[2008/10/31 02:12:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.ERTLO\Anwendungsdaten\Autodesk
[2010/07/26 05:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.ERTLO\Anwendungsdaten\Canon Easy-WebPrint EX
[2008/04/16 03:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.ERTLO\Anwendungsdaten\ScanSoft
[2008/04/16 05:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.ERTLO\Anwendungsdaten\TuneUp Software
[2008/03/06 14:00:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.ERTLO\Anwendungsdaten\Windows Desktop Search
[2008/03/06 12:41:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.ERTLO\Anwendungsdaten\Zeon
[2011/01/11 03:58:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Anwendungsdaten\ACD Systems
[2011/01/09 13:12:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Anwendungsdaten\Autodesk
[2011/07/22 09:25:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Anwendungsdaten\Canon Easy-WebPrint EX
[2012/05/22 02:01:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Anwendungsdaten\Lizxmpnqy
[2011/01/09 13:12:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Anwendungsdaten\ScanSoft
[2012/03/22 10:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Anwendungsdaten\SQL Anywhere 12
[2011/12/20 05:11:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Anwendungsdaten\TuneUp Software
[2011/01/09 08:30:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer.TBERTL\Anwendungsdaten\Windows Desktop Search
[2008/03/06 01:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gattringer\Anwendungsdaten\Autodesk
[2008/02/24 11:04:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerstl\Anwendungsdaten\Autodesk
[2008/02/24 12:05:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerstl\Anwendungsdaten\ScanSoft
[2008/02/24 04:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerstl\Anwendungsdaten\TuneUp Software
[2008/02/24 11:21:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerstl\Anwendungsdaten\Zeon
[2008/06/10 03:03:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hekate.ERTLO\Anwendungsdaten\Windows Desktop Search
[2011/09/09 06:55:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hekate.TBERTL\Anwendungsdaten\Canon Easy-WebPrint EX
[2011/01/09 08:28:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hekate.TBERTL\Anwendungsdaten\Windows Desktop Search
[2011/01/09 08:20:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hekate\Anwendungsdaten\Windows Desktop Search
[2008/02/24 04:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2008/02/24 11:04:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2009/02/07 05:44:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010/06/17 04:51:20 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV
[2012/05/22 02:17:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter
[2012/05/22 02:17:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
[2012/05/22 02:17:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSolutionMenu
[2008/02/23 10:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Network Associates
[2008/04/16 04:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2008/10/06 05:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SQL Anywhere 10
[2012/05/22 02:17:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SQL Anywhere 12
[2008/02/24 04:38:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\SichDienstag.bat:SummaryInformation
< End of report >
und jetzt die Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 5/26/2012 4:58:21 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111.78 Gb Total Space | 24.86 Gb Free Space | 22.24% Space Free | Partition Type: NTFS
Drive D: | 121.10 Gb Total Space | 119.99 Gb Free Space | 99.08% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office14\GROOVE.EXE" = C:\Programme\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ELBA5\jre\bin\javaw.exe" = C:\Programme\ELBA5\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Programme\ELBA5\db\sybase\dbeng8.exe" = C:\Programme\ELBA5\db\sybase\dbeng8.exe:*:Enabled:Adaptive Server Anywhere Database Engine
"C:\Programme\RealVNC\VNC4\vncviewer.exe" = C:\Programme\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32 -- (RealVNC Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003C5074-EB37-4A75-AC4B-F5394E08B4DD}" = McAfee VirusScan Enterprise
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{492BBE30-E09E-4663-825D-A20DFC45CA1E}" = hpg2710QFolder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-6001-0407-0002-0060B0CE6BBA}" = AutoCAD 2008 - Deutsch
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{71E42058-1C26-4B3B-ACEE-9583AD5F20B8}" = ACDSee Pro
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B44FB39F-E686-47E9-AF4B-CA86331AAAA5}" = PowerQuest DeployCenter 5.0
"{B7908330-93A8-4DB1-B6EE-6B0446E26939}" = Voice Tracer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7A1F61-1463-439E-82B4-A68B83DEC042}" = ScanSoft OmniPage 15
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{E39C74DF-58FD-4E52-9888-2CC59DFB0B34}" = PowerQuest PartitionMagic Pro 7.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F370BB9F-704A-4886-807B-F6CA31AF8D38}" = hpg2710
"{F4158BB4-98FA-4ad5-A0FE-3913A0714A44}" = HP Scanjet G2710 9.0
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"ABK-DN Datenträger B2063 auspreisen" = ABK-DN Datenträger B2063 auspreisen
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AutoCAD 2008 - Deutsch" = AutoCAD 2008 - Deutsch
"Canon iP4600 series Benutzerregistrierung" = Canon iP4600 series Benutzerregistrierung
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ELBA5 (C:_Programme_ELBA5)" = ELBA5 (C:\Programme\ELBA5)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PDFCreator Toolbar" = PDFCreator Toolbar
"RealVNC_is1" = VNC Free Edition 4.1.2
"Totalcmd" = Total Commander (Remove or Repair)
"Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
 
< End of report >

 

Themen zu AKM-Trojaner, OTLPE
akm trojaner win xp, alternate, benutzerregistrierung, board, canon, disabletaskmgr, document, gen, gescannt, gestartet, infiziert, log, microsoft office word, oltpenet, otlpe, plug-in, sende, sp3, total commander, winxp


« TR/VB.AQT, TR/VB.aqt.58. CTFMon.exe in Recycled | Dateien unbrauchbar »


Ähnliche Themen: AKM-Trojaner, OTLPE


  1. OTLPE Scan gemacht, was nun? (AKM-Trojaner?)
    Log-Analyse und Auswertung - 08.02.2015 (15)
  2. BKA Trojaner OTLPE File
    Plagegeister aller Art und deren Bekämpfung - 10.05.2014 (8)
  3. Trojaner Bundespolizei und OTLPE
    Plagegeister aller Art und deren Bekämpfung - 31.08.2013 (11)
  4. BKA Trojaner: Otlpe fix.txt
    Log-Analyse und Auswertung - 09.04.2013 (8)
  5. Interpretation des Log-Files von OTLPE - GVU-Trojaner
    Log-Analyse und Auswertung - 31.01.2013 (11)
  6. Suisa Trojaner - OTLPE-Auswertung
    Log-Analyse und Auswertung - 01.10.2012 (24)
  7. OTLpe-fix für Trojaner, vermutlich Apple_Store.exe
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (5)
  8. GVU Trojaner, OTLPE von Cd
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (17)
  9. (2x) GVU Trojaner, OTLPE von Cd
    Mülltonne - 26.03.2012 (3)
  10. GEMA-Trojaner, Hilfe mit OTLPE
    Log-Analyse und Auswertung - 07.03.2012 (42)
  11. BKA Trojaner - letzte Möglichkeit OTLPE?
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (1)
  12. BKA Trojaner mit OTLPE entfernen/OTL.txt im Anhang
    Log-Analyse und Auswertung - 17.09.2011 (1)
  13. BKA-Trojaner - mit OTLPE von CD gebootet - was nun?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2011 (19)
  14. BKA Trojaner (jashla): Fix für OTLPE benötigt
    Log-Analyse und Auswertung - 22.08.2011 (14)
  15. BKA-Trojaner - Probleme mit OTLPE
    Plagegeister aller Art und deren Bekämpfung - 08.08.2011 (4)
  16. OTLPE log bei BKA-Trojaner
    Log-Analyse und Auswertung - 15.07.2011 (7)
  17. BKA-Trojaner OTLPE-Log-Auswertung
    Log-Analyse und Auswertung - 03.07.2011 (37)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema AKM-Trojaner, OTLPE - Hallo! Ich bitte um Hilfe PC (mit WinXP SP3) ist offensichtlich mit AKM-Trojaner infiziert, habe ihn mit OLTPE gestartet und gescannt (Super-Anleitungen im Board, Danke!), sende das LOG und bitte - AKM-Trojaner, OTLPE...
Archiv
Du betrachtest: AKM-Trojaner, OTLPE auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131