| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Schweizer Eidgenossenschaft TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.12.2012, 17:35
| #1 |
| |  Schweizer Eidgenossenschaft Trojaner Guten Tag Liebes Team! Wenn ich den Laptop starte kommt ein weisser Bildschirm und ein Text von der schweizer Eidgenossenschaft, dass ich 100chfr per Paypal zahlen soll :/ . Habe jetzt mit OTL den Scan gemacht und poste im folgenden die otl.txt . Hoffe auf eine Antwort, liebe Grüsse BernfOTL Logfile: Code:
ATTFilter OTL logfile created on: 12/2/2012 6:46:10 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48.83 Gb Total Space | 32.48 Gb Free Space | 66.51% Space Free | Partition Type: NTFS
Drive D: | 184.05 Gb Total Space | 161.98 Gb Free Space | 88.01% Space Free | Partition Type: NTFS
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.47 Gb Total Space | 6.68 Gb Free Space | 89.39% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2012/04/24 13:58:08 | 000,919,824 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2012/04/24 12:55:46 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2012/04/24 12:32:50 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2011/06/28 07:00:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/29 12:37:53 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/03 10:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto] -- C:\Programme\Gemeinsame Dateien\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2008/04/18 08:54:02 | 000,354,840 | R--- | M] (Intel Corporation) [Auto] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMON.EXE -- (IAANTMON) Intel(R)
SRV - [2007/12/11 06:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/10/26 13:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/01/31 07:03:32 | 000,159,744 | ---- | M] (Sage Sesam Ltd) [Auto] -- C:\Programme\Sesam\Security\SPISLMGR.exe -- (SESAM Licence Manager)
SRV - [2005/01/31 07:03:18 | 000,208,896 | ---- | M] (Sage Sesam Ltd) [Auto] -- C:\Programme\Sesam\Servers\LicSrv.exe -- (SESAM Licence Server)
SRV - [2004/05/28 03:30:32 | 000,376,832 | ---- | M] (Sage Sesam Ltd) [Auto] -- C:\Programme\Sesam\Servers\UsrMgmS.exe -- (SESAM User Management Server)
SRV - [2004/03/03 13:26:58 | 000,069,632 | ---- | M] (Sage Sesam Ltd) [Auto] -- C:\Programme\Sesam\Security\SvcCtrl.exe -- (SESAM Service Agent)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/01/23 07:33:50 | 007,477,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32) ___ Intel(R)
DRV - [2011/06/28 07:00:07 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 07:00:07 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/12 11:57:59 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/06/17 08:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 08:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/06/14 03:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/19 15:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/04/26 21:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/04/26 21:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010/04/26 21:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2010/03/01 08:56:28 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2010/02/25 08:19:24 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/02/25 08:19:12 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/05/30 18:41:26 | 000,209,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2008/07/23 05:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008/04/28 00:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/10 11:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/03/31 11:04:30 | 000,023,040 | R--- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/03/31 11:04:30 | 000,017,664 | R--- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/28 05:14:02 | 000,024,064 | R--- | M] (Sonic Focus, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/02/29 10:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/06/20 22:40:02 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2003/06/18 11:10:06 | 000,013,056 | R--- | M] (C Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MyPenPro.sys -- (MyPenPro)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\wolfe_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\wolfe_ON_C\Software\Microsoft\Windows\CurrentV ersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpda te3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpda te3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\wolfe\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21 .123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\wolfe\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21 .123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/06/28 07:28:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
[2011/06/28 07:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\wolfe\Anwendungsdaten\mozilla\Extens ions
[2011/06/28 07:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/10/10 05:51:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/01/18 06:58:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/15 23:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 03:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 03:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/02/28 06:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\wolfe_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [accrdsub] C:\Programme\ActivIdentity\ActivClient\accrdsub.ex e (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Programme\ActivIdentity\ActivClient\acevents.ex e (ActivIdentity)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\wolfe_ON_C..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MyPen Pro.lnk = C:\Programme\C-CHANNEL\MyPen Pro\MyPenPro.exe (C Technologies AB (publ))
O4 - Startup: C:\Dokumente und Einstellungen\wolfe\Startmenü\Programme\Autostart\ Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\wolfe\Startmenü\Programme\Autostart\ Sage Sesam Service Monitor.lnk = C:\Programme\Sesam\Servers\LicMon.exe (Sage Sesam Ltd)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\C urrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows \CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\wolfe_ON_C\SOFTWARE\Microsoft\Windows\CurrentV ersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsu...?1295350956187 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\wolfe_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\wolfe_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\wolfe\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\wolfe\Anwendungsdaten\skype.dat ()
O20 - Winlogon\Notify\ackpbsc: DllName - C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll - C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Programme\ActivIdentity\ActivClient\acunlock.dl l - C:\Programme\ActivIdentity\ActivClient\acunlock.dl l (ActivIdentity)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/17 13:00:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{711dd861-2265-11e0-aa4c-d7ab9600e407}\Shell - "" = AutoRun
O33 - MountPoints2\{711dd861-2265-11e0-aa4c-d7ab9600e407}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{711dd861-2265-11e0-aa4c-d7ab9600e407}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{97122c1f-728a-11e0-aa95-002264571579}\Shell - "" = AutoRun
O33 - MountPoints2\{97122c1f-728a-11e0-aa95-002264571579}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{97122c1f-728a-11e0-aa95-002264571579}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 08:45:40 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Beitrag bearbeiten/löschen
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/02 18:07:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/24 08:33:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\wolfe\Desktop\spanien volleyball
[2012/11/14 06:56:34 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\LocalService\Favoriten
[2012/11/14 06:56:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2012/11/10 08:46:43 | 000,066,048 | ---- | C] (SEIKO EPSON CORP.) -- C:\Dokumente und Einstellungen\wolfe\easkwtpqpry.exe
[2012/11/10 08:46:42 | 000,055,808 | ---- | C] (SEIKO EPSON CORP.) -- C:\Dokumente und Einstellungen\wolfe\wbiluarhgrauqrajdycyio.exe
[2012/10/31 09:45:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe
[2011/01/17 17:44:41 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2011/01/17 17:44:37 | 000,180,224 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
========== Files - Modified Within 30 Days ==========
[2012/12/02 12:24:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/02 12:24:00 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\wolfe\Anwendungsdaten\skype.ini
[2012/12/02 12:22:18 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/02 11:06:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/02 10:44:02 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-220523388-1801674531-1003UA.job
[2012/12/02 10:32:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/29 19:46:20 | 000,002,342 | ---- | M] () -- C:\Dokumente und Einstellungen\wolfe\Anwendungsdaten\Microsoft\Inte rnet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/29 13:44:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-220523388-1801674531-1003Core.job
[2012/11/23 10:45:45 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\wolfe\Desktop\Skype.lnk
[2012/11/22 06:23:46 | 000,419,554 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/11/22 06:23:46 | 000,404,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/22 06:23:46 | 000,076,402 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/11/22 06:23:46 | 000,063,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/18 11:24:26 | 083,023,306 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad
[2012/11/09 09:32:08 | 000,053,760 | ---- | M] () -- C:\Dokumente und Einstellungen\wolfe\0.23424533847462592.exe
[2012/11/04 09:39:46 | 000,109,056 | ---- | M] () -- C:\Dokumente und Einstellungen\wolfe\dildptvfbm.exe
[2012/11/04 09:39:46 | 000,089,600 | ---- | M] () -- C:\Dokumente und Einstellungen\wolfe\rojwxdnhuhitlfbrxmht.exe
========== Files Created - No Company Name ==========
[2012/11/29 09:48:07 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\wolfe\Anwendungsdaten\skype.ini
[2012/11/09 09:32:07 | 000,053,760 | ---- | C] () -- C:\Dokumente und Einstellungen\wolfe\0.23424533847462592.exe
[2012/11/04 09:39:46 | 000,109,056 | ---- | C] () -- C:\Dokumente und Einstellungen\wolfe\dildptvfbm.exe
[2012/11/04 09:39:45 | 000,089,600 | ---- | C] () -- C:\Dokumente und Einstellungen\wolfe\rojwxdnhuhitlfbrxmht.exe
[2012/11/01 11:35:59 | 000,109,056 | ---- | C] () -- C:\Dokumente und Einstellungen\wolfe\dtresfflsceez.exe
[2012/11/01 11:35:58 | 000,087,040 | ---- | C] () -- C:\Dokumente und Einstellungen\wolfe\obsnwslxjacspgadmxxzjeiwq.exe
[2012/10/31 09:45:47 | 083,023,306 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad
[2012/10/18 10:48:59 | 000,000,230 | ---- | C] () -- C:\WINDOWS\CCPen200.ini
[2011/06/28 07:28:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/16 05:47:35 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/14 16:34:48 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/03/14 16:34:48 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/03/14 16:34:43 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\wolfe\Anwendungsdaten\$_hpcst$.hpc
[2011/01/22 10:47:00 | 000,000,184 | ---- | C] () -- C:\WINDOWS\bti.ini
[2011/01/22 10:46:36 | 000,043,760 | ---- | C] () -- C:\WINDOWS\System32\nwlocale.dll
[2011/01/18 13:49:14 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\wolfe\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/17 17:44:41 | 001,804,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2011/01/17 17:44:41 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2011/01/17 17:44:41 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2011/01/17 17:44:09 | 000,000,571 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2011/01/17 15:28:29 | 001,991,464 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/01/17 15:28:29 | 000,432,400 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/01/17 15:28:29 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2011/01/17 13:03:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/17 12:58:21 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/17 12:39:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/17 12:38:39 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,419,554 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/02/28 06:00:00 | 000,404,302 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,076,647 | ---- | C] () -- C:\Dokumente und Einstellungen\wolfe\Anwendungsdaten\skype.dat
[2006/02/28 06:00:00 | 000,076,402 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/02/28 06:00:00 | 000,063,522 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 12:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 12:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
Beitrag bearbeiten/löschen
[2012/08/13 12:06:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\wolfe\Anwendungsdaten\.jfwupdate
[2012/08/13 12:06:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\wolfe\Anwendungsdaten\.Kanton TG
[2011/03/12 11:58:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\wolfe\Anwendungsdaten\DAEMON Tools Lite
[2011/03/14 16:50:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\wolfe\Anwendungsdaten\Samsung
[2011/03/13 06:14:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011/03/14 16:35:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2011/01/17 13:00:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/17 12:49:23 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006/02/28 06:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2011/01/18 15:31:59 | 000,000,164 | ---- | M] () -- C:\chicony.log
[2011/01/17 13:00:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/18 15:25:39 | 000,000,161 | ---- | M] () -- C:\esuinst.log
[2011/01/18 15:23:05 | 000,000,198 | ---- | M] () -- C:\esu_xpsp2.log
[2011/01/18 15:29:56 | 000,064,962 | ---- | M] () -- C:\intel_chipset.log
[2011/01/18 15:30:55 | 000,256,984 | ---- | M] () -- C:\intel_msm.log
[2011/01/17 13:00:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/17 13:00:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/01/17 16:18:58 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2012/12/02 17:34:42 | 000,055,736 | ---- | M] () -- C:\OTL.Txt
[2012/12/02 12:22:08 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/01/18 15:25:39 | 000,000,227 | ---- | M] () -- C:\sedinst2.log
[2011/01/18 15:35:14 | 000,000,087 | ---- | M] () -- C:\setup.log
[2011/01/18 15:33:27 | 000,000,187 | ---- | M] () -- C:\syntpad.log
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2011/01/17 13:00:21 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 13:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr .dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
Invalid Environment Variable: %APPDATA%\Adobe\Update\*.*
Invalid Environment Variable: %ALLUSERSPROFILE%\Favorites\*.*
Invalid Environment Variable: %APPDATA%\Microsoft\*.*
< %PROGRAMFILES%\*.* >
Invalid Environment Variable: %APPDATA%\Update\*.*
< %systemroot%\*. /mp /s >
< CREATERESTOREPOINT >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 01:52:10 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2009/03/07 22:39:48 | 011,063,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2009/03/07 22:32:22 | 001,985,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/14 01:52:20 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 01:52:22 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/04/14 01:52:26 | 008,502,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2011/01/17 13:37:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/01/17 13:37:56 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/01/17 13:37:56 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 01:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 01:52:34 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 01:52:34 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -- C:\WINDOWS\system32\ws2help.dll
< MD5 for: EXPLORER.EXE >
[2006/02/28 06:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 01:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/14 01:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: WINLOGON.EXE >
[2006/02/28 06:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
Beitrag bearbeiten/löschen |
| Themen zu Schweizer Eidgenossenschaft Trojaner |
| .dll, antivir, avira, bho, bildschirm, desktop, einstellungen, error, explorer, firefox, focus, format, helper, homepage, logfile, monitor, plug-in, registry, scan, security, software, trojaner, wallpaper, windows, windows xp, winlogon, winlogon.exe |
Baum-Darstellung