| |
| |||||||
Log-Analyse und Auswertung: Win XP Bundestrojaner, abgesicherter Modus nicht möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.12.2013, 18:56
| #1 |
| |  Win XP Bundestrojaner, abgesicherter Modus nicht möglich Guten Tag zusammen, ich habe hier einen alten Rechner meiner Tante mit Windows XP stehen, auf dem der Bundestrojaner zugeschlagen hat. Ich hoffe ihr könnt mir weiterhelfen, der Rechner lässt sich weder normal hochfahren, noch im abgesicherten Modus. Im Vorraus: Mir ist bewusst, dass sowohl die Hardware als auch das Betriebssystem des Rechners veraltet sind und Windows XP ab 2014 nicht mehr supportet wird. Ich bezweifel allerdings, dass ich ein neueres Betriebssystem auf dem Rechner vernünftig zum laufen kriege und meine Tante hat nicht das nötige Kleingeld für neue Hardware. Daher muss dies wohl vorerst reichen, ich hoffe trotzdem auf Hilfe von eurer Seite aus. Ich habe zuerst einmal die Logfiles per OTLPE erstellen lassen und hier das Ergebnis: Ergebnis der OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 12/10/2013 6:36:57 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149.05 Gb Total Space | 120.66 Gb Free Space | 80.95% Space Free | Partition Type: NTFS
Drive D: | 276.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/12/07 18:57:09 | 000,208,896 | ---- | M] (Microsoft Corporation) [Auto] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\rbdcl7jz.jss -- (winmgmt)
SRV - [2013/11/25 13:10:14 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/11/25 13:09:45 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/10/25 20:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/06 13:32:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/06 12:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/06/23 07:57:44 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/06/25 09:30:00 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011/12/11 17:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/05/11 12:06:00 | 004,330,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/10/30 07:31:24 | 001,021,256 | ---- | M] (TuneUp Software) [Auto] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/10/30 07:27:34 | 000,030,024 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/05/14 10:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto] -- C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2006/12/19 11:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2005/05/24 11:22:16 | 002,027,520 | ---- | M] (Borland Software Corporation) [On_Demand] -- C:\Programme\Borland\InterBase\bin\ibserver.exe -- (IBS_gds_db)
SRV - [2005/05/24 11:22:14 | 000,036,864 | ---- | M] (Borland Software Corporation) [Auto] -- C:\Programme\Borland\InterBase\bin\ibguard.exe -- (IBG_gds_db)
SRV - [2004/10/21 20:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (pccsmcfd)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz132)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (A4S2600)
DRV - [2013/12/05 05:01:30 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/11/25 13:10:19 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/11/25 13:10:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/03/07 10:31:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/08/11 00:46:46 | 000,606,440 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/10/14 00:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/11/19 10:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/19 10:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/19 10:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/04/13 18:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 18:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/12/05 00:26:40 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/10/01 05:06:38 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/06/28 03:25:24 | 004,304,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/16 03:08:16 | 000,078,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2003/10/02 09:47:14 | 000,666,624 | R--- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PRISMUSB.sys -- (PRISM_USB)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Toni_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
IE - HKU\Toni_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.de/ [binary data]
IE - HKU\Toni_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Toni_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Toni_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\Toni_*****_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Toni_*****_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Toni_*****_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Toni_*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Toni_*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013/09/08 10:02:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013/10/11 11:46:58 | 000,000,000 | ---D | M]
[2013/12/06 10:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013/09/08 10:02:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/09/08 10:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013/12/06 10:28:23 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/06 10:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2013/12/06 10:28:19 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2013/12/06 10:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions
[2013/12/06 10:46:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/12/06 10:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\browser\extensions
[2013/12/06 10:47:06 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/06 10:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\distribution\extensions
[2013/12/06 10:46:55 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Programme\Mozilla Firefox\updated\distribution\extensions\toolbar@gmx.net
[2009/06/25 07:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2013/09/26 13:00:39 | 000,208,760 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\mozilla firefox\plugins\nppdf32.dll
O1 HOSTS File: ([2001/08/18 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Toni_*****_ON_C\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Toni_*****_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Toni_*****_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Toni_*****_ON_C..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\Toni_*****_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Toni_*****_ON_C..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIIKE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Toni *****\Startmenü\Programme\Autostart\zj7lcdbr.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\hawlett packard\hp.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Toni_*****_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\Toni_*****_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKU\Toni_*****_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\hawlett packard\hp.exe
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344613784578 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/15 12:27:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/21 04:00:00 | 000,000,033 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/12/09 11:37:59 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Toni *****\Recent
[2013/12/07 18:57:09 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rbdcl7jz.jss
[2013/11/18 13:05:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/12/09 12:26:46 | 000,000,627 | ---- | M] () -- C:\remove_bundestrojaner.vbs
[2013/12/09 12:26:46 | 000,000,627 | ---- | M] () -- C:\Dokumente und Einstellungen\Toni *****\Desktop\remove_bundestrojaner.vbs
[2013/12/09 11:37:54 | 095,025,368 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zj7lcdbr.fee
[2013/12/09 11:37:46 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zj7lcdbr.odd
[2013/12/09 11:37:45 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Automatische Problemsuche.job
[2013/12/09 11:37:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/09 11:37:31 | 3354,710,016 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/09 10:39:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{41142443-23D5-414F-B29A-8BD43C632627}.job
[2013/12/08 04:29:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/07 18:58:45 | 000,000,393 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zj7lcdbr.reg
[2013/12/07 18:57:14 | 000,000,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Toni *****\Startmenü\Programme\Autostart\zj7lcdbr.lnk
[2013/12/07 18:57:09 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rbdcl7jz.jss
[2013/12/07 18:45:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/06 10:28:29 | 000,000,714 | ---- | M] () -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/12/06 10:28:29 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2013/12/06 10:28:29 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2013/12/05 05:01:30 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/11/25 13:10:19 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/11/25 13:10:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/11/18 13:05:45 | 000,001,745 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk
[2013/11/18 13:05:45 | 000,001,739 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
[2013/11/18 13:05:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus
[2013/11/18 13:05:42 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/12/09 12:28:57 | 000,000,627 | ---- | C] () -- C:\remove_bundestrojaner.vbs
[2013/12/09 12:26:46 | 000,000,627 | ---- | C] () -- C:\Dokumente und Einstellungen\Toni *****\Desktop\remove_bundestrojaner.vbs
[2013/12/09 11:37:31 | 3354,710,016 | -HS- | C] () -- C:\hiberfil.sys
[2013/12/07 18:58:45 | 000,000,393 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zj7lcdbr.reg
[2013/12/07 18:57:14 | 000,000,800 | ---- | C] () -- C:\Dokumente und Einstellungen\Toni *****\Startmenü\Programme\Autostart\zj7lcdbr.lnk
[2013/12/07 18:57:13 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zj7lcdbr.odd
[2013/12/07 18:57:10 | 095,025,368 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zj7lcdbr.fee
[2013/12/06 10:28:29 | 000,000,714 | ---- | C] () -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/06/23 10:52:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/08/10 10:46:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2011/02/05 05:51:29 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2010/10/18 08:38:06 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\rt73.bin
[2010/10/06 04:36:34 | 001,273,872 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010/04/24 08:37:55 | 000,045,843 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/04/19 07:23:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SCANFX.INI
[2010/03/13 10:29:18 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/03/12 13:48:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/05 10:06:22 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Toni *****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/17 12:19:21 | 000,000,112 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2009/12/13 07:07:22 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/11/24 05:30:31 | 000,038,429 | ---- | C] () -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
[2009/11/24 05:29:44 | 000,012,947 | ---- | C] () -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Microsoft Access.CAL
[2009/11/24 05:27:03 | 000,038,433 | ---- | C] () -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Tabulatorgetrennte Werte (Windows).ADR
[2009/11/24 05:26:31 | 000,012,961 | ---- | C] () -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Kommagetrennte Werte (Windows).CAL
[2009/11/18 09:07:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/16 05:17:06 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\PIXTHK32.DLL
[2009/11/16 05:17:06 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2009/11/16 05:17:06 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2009/11/16 05:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mailmark.ini
[2009/11/16 05:16:31 | 000,000,052 | ---- | C] () -- C:\WINDOWS\watch.ini
[2009/11/16 05:16:27 | 000,001,901 | ---- | C] () -- C:\WINDOWS\ATM.INI
[2009/11/16 05:16:27 | 000,001,716 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2009/11/16 05:16:27 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2009/11/16 05:16:25 | 000,000,587 | ---- | C] () -- C:\WINDOWS\moffice.ini
[2009/11/15 16:49:06 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/11/15 15:08:38 | 000,000,535 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/15 14:57:09 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/11/15 14:55:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\atiiprxx.exe
[2009/11/15 14:55:52 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/11/15 14:55:52 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/11/15 14:55:52 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/11/15 14:55:52 | 000,158,080 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/11/15 14:55:52 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2009/11/15 14:55:46 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
[2009/11/15 13:56:42 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/11/15 13:40:16 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2009/11/15 13:12:12 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/15 13:12:12 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/11/15 13:07:20 | 000,004,986 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/11/15 13:07:17 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/11/15 12:41:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/11/15 12:39:22 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/11/15 12:29:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/15 12:25:38 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/15 12:20:21 | 000,004,362 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/15 12:19:34 | 000,252,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/04/07 21:16:43 | 000,010,927 | -H-- | C] () -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\logs.dat
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/25 07:32:18 | 000,030,793 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2003/02/20 08:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 07:00:00 | 000,453,426 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001/08/18 07:00:00 | 000,436,340 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/18 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 07:00:00 | 000,081,804 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001/08/18 07:00:00 | 000,068,792 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/18 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2013/03/07 10:42:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\BabylonToolbar
[2009/11/15 15:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2010/11/18 11:27:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\.#
[2012/03/04 13:33:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Babylon
[2013/03/11 17:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\CallingID
[2012/11/09 11:41:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Canon
[2013/06/23 09:35:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Epson
[2011/01/24 06:12:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\GetRightToGo
[2010/02/02 05:52:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Haufe
[2011/02/23 03:41:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Haufe Mediengruppe
[2010/02/02 04:04:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Lexware
[2010/11/04 08:56:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Nokia
[2010/10/31 06:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Nokia Ovi Suite
[2011/04/14 14:04:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Notepad++
[2012/03/04 13:53:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\OpenOffice.org
[2009/12/27 16:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\PC Suite
[2010/10/11 06:21:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\T-Online
[2009/12/13 06:36:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\TeamViewer
[2010/12/05 14:23:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Toaw
[2009/11/15 14:02:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\TuneUp Software
[2010/12/06 14:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Toni *****\Anwendungsdaten\Urxu
[2012/03/04 13:33:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2010/02/02 04:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2010/04/18 15:23:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2013/07/21 10:34:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010/02/02 04:01:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2010/05/08 08:30:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2013/04/16 03:47:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010/02/02 04:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2010/01/02 10:10:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010/10/31 06:36:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2010/10/31 10:06:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaMusic
[2010/01/02 09:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010/10/06 04:38:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2012/06/25 09:29:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2013/06/23 08:12:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2013/04/16 03:59:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009/11/15 14:01:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/12/09 11:37:45 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\Automatische Problemsuche.job
[2013/12/09 10:39:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{41142443-23D5-414F-B29A-8BD43C632627}.job
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/11/24 13:11:36 | 105,952,601 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\蕜쪋哜6
[2013/11/24 13:11:36 | 105,952,601 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\蕜쪋哜6
[2013/11/23 13:49:29 | 105,869,762 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\嘢츁哜6
[2013/11/23 13:49:29 | 105,869,762 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\嘢츁哜6
[2013/11/22 14:56:09 | 105,774,717 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\訢�哜6
[2013/11/22 08:56:38 | 105,774,717 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\訢�哜6
[2013/11/21 12:03:16 | 105,531,440 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\둱哜6
[2013/11/21 12:03:16 | 105,531,440 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\둱哜6
[2013/11/20 13:05:36 | 105,361,780 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\蓍࿄哜6
[2013/11/20 13:05:36 | 105,361,780 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\蓍࿄哜6
[2013/11/19 14:14:54 | 105,225,210 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᘫ�哜6
[2013/11/19 14:14:54 | 105,225,210 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᘫ�哜6
[2013/11/18 13:09:30 | 104,986,035 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\秫愯哜6
[2013/11/18 07:09:27 | 104,986,035 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\秫愯哜6
[2013/11/17 16:56:06 | 104,760,117 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\觥濚哜6
[2013/11/17 06:00:47 | 104,760,117 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\觥濚哜6
[2013/11/16 10:41:24 | 104,559,818 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\爾Ῥ哜6
[2013/11/16 04:41:07 | 104,559,818 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\爾Ῥ哜6
[2013/11/15 10:05:46 | 104,401,821 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᨦ哜6
[2013/11/15 04:05:42 | 104,401,821 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᨦ哜6
[2013/11/14 12:04:22 | 104,278,918 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ԛ醨哜6
[2013/11/14 12:04:22 | 104,278,918 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ԛ醨哜6
[2013/11/13 11:29:02 | 104,105,331 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\钾哜6
[2013/11/13 11:29:02 | 104,105,331 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\钾哜6
[2013/11/12 13:41:34 | 103,974,937 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\襌罍哜6
[2013/11/12 13:41:34 | 103,974,937 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\襌罍哜6
[2013/11/11 10:09:50 | 103,716,811 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\牚遁哜6
[2013/11/11 10:09:50 | 103,716,811 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\牚遁哜6
[2013/11/10 12:34:29 | 103,551,423 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\걮哜6
[2013/11/10 12:34:29 | 103,551,423 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\걮哜6
[2013/11/09 14:37:54 | 103,387,443 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\יִﱬ哜6
[2013/11/09 08:37:49 | 103,387,443 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\יִﱬ哜6
[2013/11/08 15:00:40 | 103,316,092 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\逿�哜6
[2013/11/08 09:00:38 | 103,316,092 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\逿�哜6
[2013/11/07 11:09:21 | 102,946,670 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䧗ꀼ哜6
[2013/11/07 11:09:21 | 102,946,670 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䧗ꀼ哜6
[2013/11/06 15:27:59 | 102,844,835 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\璽៱哜6
[2013/11/06 09:28:01 | 102,844,835 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\璽៱哜6
[2013/11/05 15:11:39 | 105,085,299 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\撱鑸哜6
[2013/11/05 15:11:39 | 105,085,299 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\撱鑸哜6
[2013/11/04 14:45:49 | 104,964,650 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㗭ﭑ哜6
[2013/11/04 08:45:51 | 104,964,650 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㗭ﭑ哜6
[2013/11/03 12:10:15 | 104,814,100 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\馌죹哜6
[2013/11/03 06:10:06 | 104,814,100 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\馌죹哜6
[2013/11/02 07:42:50 | 104,620,600 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㿅즜哜6
[2013/11/02 07:42:50 | 104,620,600 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㿅즜哜6
[2013/11/01 14:30:21 | 104,569,497 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\陴㩯哜6
[2013/11/01 14:30:21 | 104,569,497 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\陴㩯哜6
[2013/10/31 12:28:45 | 104,433,978 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\哜6
[2013/10/31 12:28:45 | 104,433,978 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\哜6
[2013/10/30 16:25:54 | 104,229,082 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\钃쇄哜6
[2013/10/30 16:25:54 | 104,229,082 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\钃쇄哜6
[2013/10/30 09:38:56 | 104,158,698 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\퐎㦶哜6
[2013/10/30 09:38:56 | 104,158,698 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\퐎㦶哜6
[2013/10/29 13:14:59 | 103,932,228 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\⓽哜6
[2013/10/29 13:14:59 | 103,932,228 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\⓽哜6
[2013/10/28 17:30:27 | 103,792,972 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ዸ殈哜6
[2013/10/28 11:30:55 | 103,792,972 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ዸ殈哜6
[2013/10/27 12:09:39 | 103,533,600 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\⥡磓哜6
[2013/10/27 12:09:39 | 103,533,600 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\⥡磓哜6
[2013/10/26 10:28:52 | 103,108,672 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\뎰䵰哜6
[2013/10/26 10:28:52 | 103,108,672 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\뎰䵰哜6
[2013/10/25 14:57:35 | 103,054,676 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\沆哜6
[2013/10/25 14:57:35 | 103,054,676 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\沆哜6
[2013/10/25 02:57:24 | 102,895,398 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\釁哜6
[2013/10/25 02:57:24 | 102,895,398 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\釁哜6
[2013/10/24 14:08:46 | 102,837,954 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\풔飥哜6
[2013/10/24 14:08:46 | 102,837,954 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\풔飥哜6
[2013/10/23 12:08:23 | 102,659,493 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\哜6
[2013/10/23 12:08:23 | 102,659,493 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\哜6
[2013/10/22 10:56:20 | 102,329,055 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䧴ῗ哜6
[2013/10/22 10:56:20 | 102,329,055 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䧴ῗ哜6
[2013/10/21 11:50:41 | 102,171,793 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鶪哜6
[2013/10/21 11:50:41 | 102,171,793 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鶪哜6
[2013/10/20 09:19:50 | 102,068,998 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\魟镘哜6
[2013/10/20 09:19:50 | 102,068,998 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\魟镘哜6
[2013/10/19 15:48:21 | 101,983,560 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\哜6
[2013/10/19 15:48:21 | 101,983,560 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\哜6
[2013/10/19 04:18:07 | 101,916,422 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�汴哜6
[2013/10/19 04:18:07 | 101,916,422 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�汴哜6
[2013/10/18 20:10:06 | 101,890,677 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\엑ྥ哜6
[2013/10/18 14:10:19 | 101,890,677 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\엑ྥ哜6
[2013/10/17 13:05:43 | 101,604,844 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\엛䎨哜6
[2013/10/17 13:05:43 | 101,604,844 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\엛䎨哜6
[2013/10/16 18:25:12 | 101,413,064 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\哜6
[2013/10/16 12:25:13 | 101,413,064 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\哜6
[2013/10/15 09:27:55 | 101,148,298 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\瀥쵃哜6
[2013/10/15 09:27:55 | 101,148,298 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\瀥쵃哜6
[2013/10/14 13:31:31 | 100,975,419 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\죹쮉哜6
[2013/10/14 13:31:31 | 100,975,419 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\죹쮉哜6
[2013/10/13 10:03:03 | 100,742,045 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\瘺哜6
[2013/10/13 05:00:47 | 100,742,045 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\瘺哜6
[2013/10/12 06:12:14 | 100,615,351 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\磐哜6
[2013/10/12 06:12:14 | 100,615,351 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\磐哜6
[2013/10/11 11:45:41 | 100,511,085 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\嶰排哜6
[2013/10/11 11:45:41 | 100,511,085 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\嶰排哜6
[2013/10/10 11:53:19 | 100,305,510 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\얒癴哜6
[2013/10/10 11:53:19 | 100,305,510 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\얒癴哜6
[2013/10/09 10:50:02 | 100,163,860 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꁭ哜6
[2013/10/09 10:50:02 | 100,163,860 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꁭ哜6
[2013/10/08 09:03:10 | 099,859,239 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\璉섆哜6
[2013/10/08 09:03:10 | 099,859,239 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\璉섆哜6
[2013/10/06 13:17:25 | 099,477,982 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䄢囜哜6
[2013/10/06 13:17:25 | 099,477,982 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䄢囜哜6
[2013/10/05 11:03:47 | 099,386,337 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\拟᧦哜6
[2013/10/05 05:03:37 | 099,386,337 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\拟᧦哜6
[2013/10/04 15:58:35 | 099,317,904 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\봼얶哜6
[2013/10/04 09:58:32 | 099,317,904 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\봼얶哜6
[2013/10/03 15:23:18 | 099,160,839 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\窣᪅哜6
[2013/10/03 09:23:20 | 099,160,839 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\窣᪅哜6
[2013/10/02 08:33:38 | 098,743,931 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\뉾ᩬ哜6
[2013/10/02 08:33:38 | 098,743,931 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\뉾ᩬ哜6
[2013/10/01 10:29:39 | 098,609,570 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\疜ᘙ哜6
[2013/10/01 10:29:39 | 098,609,570 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\疜ᘙ哜6
[2013/09/30 14:51:55 | 098,541,442 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\문皚哜6
[2013/09/30 08:51:52 | 098,541,442 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\문皚哜6
[2013/09/29 15:16:07 | 098,466,785 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᆴ顩哜6
[2013/09/29 09:16:05 | 098,466,785 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᆴ顩哜6
[2013/09/28 13:39:34 | 098,442,955 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꭢ䤋哜6
[2013/09/28 07:39:29 | 098,442,955 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꭢ䤋哜6
[2013/09/27 11:22:23 | 098,267,320 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㴕Ϋ哜6
[2013/09/27 11:22:23 | 098,267,320 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㴕Ϋ哜6
[2013/09/26 16:49:17 | 098,009,570 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\芆샣哜6
[2013/09/26 10:50:09 | 098,009,570 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\芆샣哜6
[2013/09/25 07:44:36 | 097,729,025 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ɐ哜6
[2013/09/25 07:44:36 | 097,729,025 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ɐ哜6
[2013/09/24 14:03:27 | 097,540,783 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\걠䍄哜6
[2013/09/24 08:03:29 | 097,540,783 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\걠䍄哜6
[2013/09/23 11:11:57 | 098,674,763 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\콈䣨哜6
[2013/09/23 11:11:57 | 098,674,763 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\콈䣨哜6
[2013/09/21 08:52:43 | 098,547,399 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\쭸풨哜6
[2013/09/21 02:52:45 | 098,547,399 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\쭸풨哜6
[2013/09/20 14:09:50 | 098,487,876 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䄯哜6
[2013/09/20 08:09:53 | 098,487,876 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䄯哜6
[2013/09/19 17:11:58 | 098,428,185 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䡉ﺛ哜6
[2013/09/19 11:12:00 | 098,428,185 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䡉ﺛ哜6
[2013/09/18 10:17:35 | 098,159,724 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\⎿衽哜6
[2013/09/18 10:17:35 | 098,159,724 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\⎿衽哜6
[2013/09/17 11:47:21 | 097,949,955 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\쯐ൠ哜6
[2013/09/17 11:47:21 | 097,949,955 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\쯐ൠ哜6
[2013/09/16 13:55:28 | 097,845,400 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\欅븠哜6
[2013/09/16 07:55:23 | 097,845,400 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\欅븠哜6
[2013/09/15 13:31:38 | 097,671,483 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\甆泔哜6
[2013/09/15 13:31:38 | 097,671,483 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\甆泔哜6
[2013/09/14 10:31:08 | 097,581,476 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\曵裼哜6
[2013/09/14 10:31:08 | 097,581,476 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\曵裼哜6
[2013/09/13 13:08:07 | 097,503,480 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\彺㐅哜6
[2013/09/13 13:08:07 | 097,503,480 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\彺㐅哜6
[2013/09/11 10:10:11 | 097,124,766 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\管⟨哜6
[2013/09/11 10:10:11 | 097,124,766 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\管⟨哜6
[2013/09/10 13:52:44 | 096,985,259 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\წͽ哜6
[2013/09/10 07:52:37 | 096,985,259 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\წͽ哜6
[2013/09/09 11:37:34 | 096,732,368 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\넧�哜6
[2013/09/09 11:37:34 | 096,732,368 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\넧�哜6
[2013/09/08 08:54:53 | 096,566,691 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\돟퍷哜6
[2013/09/08 08:54:53 | 096,566,691 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\돟퍷哜6
[2013/09/08 03:10:32 | 096,533,415 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\壥ጆ哜6
[2013/09/08 03:10:32 | 096,533,415 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\壥ጆ哜6
[2013/09/07 07:32:23 | 096,511,910 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㧰狀哜6
[2013/09/07 07:32:23 | 096,511,910 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㧰狀哜6
[2013/09/06 13:28:31 | 096,462,459 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\≆삸哜6
[2013/09/06 13:28:31 | 096,462,459 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\≆삸哜6
< End of report >
Und das Ergebnis der Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12/10/2013 6:36:57 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149.05 Gb Total Space | 120.66 Gb Free Space | 80.95% Space Free | Partition Type: NTFS
Drive D: | 276.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Avira\AntiVir Desktop\avcenter.exe" = C:\Programme\Avira\AntiVir Desktop\avcenter.exe:*:Enabled:AntiVir starten -- (Avira Operations GmbH & Co. KG)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE" = C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel -- (Microsoft Corporation)
"E:\Network\EpsonNetSetup\ENEasyApp.exe" = E:\Network\EpsonNetSetup\ENEasyApp.exe:*:Enabled:EpsonNet Setup
"C:\Programme\EPSON Software\Event Manager\EEventManager.exe" = C:\Programme\EPSON Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2714BAE0-3EFC-48DF-BE2A-5943DE447C7E}" = Kuwett
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = ISY USB Wireless Adapter
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AA4C799-BF98-4573-9C83-0C8E4EA46D14}" = Manual CanoScan LiDE 35
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F206B58-E2F7-4A70-ACAC-8E0ABFBC62F6}" = MySQL Connector/ODBC 5.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{901C0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A737E18A-5171-40D0-8034-7DD243420081}" = Software Updater
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B301D874-D775-4F09-A916-C70D42026AAD}" = Kuras
"{B398C579-6578-4A6A-AE55-310D7C1A80B6}" = phase6
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.2.7
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver (Omega 3.8.442)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CCleaner" = CCleaner
"EPSON Scanner" = EPSON Scan
"EPSON XP-302 303 305 306 Series" = Druckerdeinstallation für EPSON XP-302 303 305 306 Series
"EPSON XP-302 303 305 306 Series Bog" = Benutzerhandbuch - Grundlagen EPSON XP-302 303 305 306 Series
"EPSON XP-302 303 305 306 Series Netg" = Netzwerkhandbuch EPSON XP-302 303 305 306 Series
"EPSON XP-302 303 305 306 Series Useg" = Benutzerhandbuch EPSON XP-302 303 305 306 Series
"ie8" = Windows Internet Explorer 8
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = ISY USB Wireless Adapter
"InterBase 7.5 Desktop" = InterBase 7.5 Desktop
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox 25.0 (x86 de)" = Mozilla Firefox 25.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiRes (remove only)" = MultiRes (remove only)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Skat 2095 Special Edition V2.0_is1" = Skat 2095 Special Edition V2.0
"TuneUp Utilities" = TuneUp Utilities
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Workflow Foundation" = Windows Workflow Foundation
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
< End of report >
Vielen Dank im Vorraus und ich hoffe auf eine schnelle Antwort. MfG //EDIT: Ich habe vergessen zu erwähnen, dass ich noch eine alte Windows Live CD hatte und mit dieser mal versucht hatte ob man den Bundestrojaner mit altbekannten Methoden findet. (Untersuchung der Registry im Winlogon/Shell Eintrag etc.) Kein Erfolg. Außerdem hatte mir ein Kollege ein kleines VBS Script mitgegeben, dass ihm mal geholfen hatte, allerdings hat man nach einem kurzen Blick in den Code schon gesehen, dass dieses auch nur den oben erwähnten Eintrag der Registry prüft -> ergo sinnlos (Wird allerdings in den Logs aufgeführt, also nicht wundern!). Geändert von R3loaD (10.12.2013 um 19:17 Uhr) |
| Themen zu Win XP Bundestrojaner, abgesicherter Modus nicht möglich |
| adobe, adobe reader xi, antivir, avira, avira searchfree toolbar, backdoor.agent.pgen, bifrose.trace, browser, desktop, einstellungen, firefox, flash player, fontcache, launch, live cd, mozilla, nodrives, plug-in, pum.disabled.securitycenter, pum.hijack.startmenu, pup.optional.babylon.a, pup.optional.installcore.a, realtek, registry, rundll, schannel.dll, security, software, trojan.fakems, windows, windows xp |
Baum-Darstellung