Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner (https://www.trojaner-board.de/131634-gvu-trojaner.html)

christoph999 28.02.2013 04:35
GVU Trojaner
 
Hi,

am Rechner der Freundin GUV Trojaner eingefangen. Ich werde vermutlich der Schuldige sein daher bitte ich um Mitleid und schnelle Hilfe xD. Trojaner blockt auch Abgesicherten Modus, da er nach dem Start des AM sofort wieder runter fährt. Habe mit OTLPENet.exe von CD aus starten wollen. (Hinweis aus http://www.trojaner-board.de/129849-...r-starten.html). Aber da kommt beim WinXP Starten ein Blue Screen und jetzt komm ich an keine otl.log, die ich euch schon gerne präsentiert hätte.

Danke mal im vorraus.

cosinus 28.02.2013 09:32
Hallo,

Zitat:
Aber da kommt beim WinXP Starten ein Blue Screen
Geh mal ins BIOS deines Computers und stell den Plattencontroller von AHCI auf IDE bzw. Compatible um. Genauere Anleitungen kann man nicht posten, da fast jedes BIOS anders aussieht. Schau notfalls ins Handbuch.

Um das installierte Windows wieder booten zu können musst du natürlich auf AHCI wieder umstellen.

christoph999 28.02.2013 11:39
Code:
OTL logfile created on: 2/28/2013 11:28:34 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 9.96 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive D: | 204.03 Gb Total Space | 164.54 Gb Free Space | 80.64% Space Free | Partition Type: NTFS
Drive E: | 3.90 Gb Total Space | 3.45 Gb Free Space | 88.58% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV:64bit: - (lxct_device) -- C:\Windows\System32\lxctcoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (lxct_device) -- C:\Windows\SysWow64\lxctcoms.exe ( )
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\System32\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\System32\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys ()
DRV:64bit: - (athr) -- C:\Windows\System32\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) -- C:\Windows\System32\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (CVirtA) -- C:\Windows\System32\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV:64bit: - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV:64bit: - (Ntfs) -- C:\Windows\System32\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\system32\DRIVERS\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\System32\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\System32\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (DNE) -- C:\Windows\System32\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Krissi_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\Krissi_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Krissi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Krissi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Krissi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Search Safer"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_6_602_171.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013/02/13 12:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/21 04:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/08/05 14:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krissi\AppData\Roaming\Mozilla\Extensions
[2013/02/17 18:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\extensions
[2011/12/19 05:39:51 | 000,000,933 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\11-suche.xml
[2011/12/19 05:39:51 | 000,002,419 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\englische-ergebnisse.xml
[2011/12/19 05:39:51 | 000,010,525 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\gmx-suche.xml
[2011/12/19 05:39:51 | 000,002,457 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\lastminute.xml
[2012/01/06 18:16:10 | 000,002,203 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\MyStart Search.xml
[2012/09/22 11:01:35 | 000,000,642 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\search-safer.xml
[2012/08/04 16:27:27 | 000,002,062 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\softonic.xml
[2011/12/19 05:39:51 | 000,005,508 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\fgq4qmvl.default\searchplugins\webde-suche.xml
[2013/01/28 05:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2013/02/13 12:37:01 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES (X86)\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
[2013/02/21 04:02:11 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/16 19:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/10/12 09:39:47 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/01/16 19:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/16 19:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013/01/16 19:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/01/16 19:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/01/16 19:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (IEAddonBHO Class) - {47B614AF-B4CC-485B-B331-BE26F02ED4CC} - C:\Program Files (x86)\Internet Explorer\IEAddon.dll (APC)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Krissi_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\x64\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\Krissi_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Krissi_ON_C..\Run: [RESTART_STICKY_NOTES]  File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Krissi_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Krissi_ON_C Winlogon: Shell - (C:\Users\Krissi\AppData\Roaming\skype.dat) - C:\Users\Krissi\AppData\Roaming\skype.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{64255835-f41e-11e0-86f4-20cf30569eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{64255835-f41e-11e0-86f4-20cf30569eb6}\Shell\AutoRun\command - "" = I:\Launch.exe
O33 - MountPoints2\{8b345790-c44d-11e0-8f28-20cf30569eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{8b345790-c44d-11e0-8f28-20cf30569eb6}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/26 15:06:18 | 000,000,000 | ---D | C] -- C:\Users\Krissi\Desktop\Gimp Beispiele
[2013/02/26 14:19:27 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Local\fontconfig
[2013/02/26 14:19:25 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Local\gegl-0.2
[2013/02/26 14:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/02/26 14:16:57 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Local\Programs
[2013/02/26 14:11:23 | 000,000,000 | ---D | C] -- C:\Users\Krissi\Documents\gegl-0.0
[2013/02/24 11:24:46 | 000,000,000 | ---D | C] -- C:\Users\Krissi\Desktop\Märzseminar
[2013/02/24 10:29:14 | 000,000,000 | ---D | C] -- C:\Users\Krissi\Desktop\Offene Kinder- und Jugendarbeit
[2013/02/14 11:27:33 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Roaming\Apple Computer
[2013/02/14 11:27:33 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Local\Apple Computer
[2013/02/14 11:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/14 11:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/14 11:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/14 11:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/02/14 11:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/02/14 11:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/14 11:26:08 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Local\Apple
[2013/02/14 11:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/02/14 11:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/02/14 11:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/02/14 11:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/02/14 11:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/02/14 11:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/02/14 06:43:25 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
[2013/02/13 12:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/02/13 12:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/01/29 12:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2013/01/29 12:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2013/01/29 12:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
[2011/10/03 09:49:55 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctserv.dll
[2011/10/03 09:49:55 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctusb1.dll
[2011/10/03 09:49:55 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcthbn3.dll
[2011/10/03 09:49:55 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctcomc.dll
[2011/10/03 09:49:55 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctpmui.dll
[2011/10/03 09:49:55 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctlmpm.dll
[2011/10/03 09:49:55 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctcoms.exe
[2011/10/03 09:49:55 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctcomm.dll
[2011/10/03 09:49:55 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctinpa.dll
[2011/10/03 09:49:55 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctiesc.dll
[2011/10/03 09:49:55 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctih.exe
[2011/10/03 09:49:55 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctcfg.exe
[2011/10/03 09:49:55 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctppls.exe
[2011/10/03 09:49:55 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctprox.dll
[2011/10/03 09:49:55 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctpplc.dll
[2007/08/13 11:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Krissi\AppData\Local\CDRip.dll
[2007/01/18 15:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Krissi\AppData\Local\No23 Recorder.exe
[2006/12/11 13:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Krissi\AppData\Local\basscd.dll
[2006/12/11 13:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Krissi\AppData\Local\bass.dll
[2 C:\Users\Krissi\Desktop\*.tmp files -> C:\Users\Krissi\Desktop\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/28 04:22:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/28 04:22:05 | 000,000,004 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\skype.ini
[2013/02/28 04:20:08 | 3018,039,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/27 20:22:48 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 20:22:48 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 20:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/27 14:32:49 | 000,007,682 | ---- | M] () -- C:\Users\Krissi\AppData\Local\recently-used.xbel
[2013/02/27 14:00:41 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/27 14:00:41 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/27 12:26:21 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/02/27 12:26:21 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/27 12:26:21 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/02/27 12:26:21 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/26 14:19:08 | 000,000,894 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013/02/14 11:33:38 | 000,001,472 | ---- | M] () -- C:\Users\Krissi\AppData\Local\RecConfig.xml
[2013/02/14 11:27:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/14 11:26:07 | 000,002,519 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/02/13 12:37:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/01/29 12:53:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2 C:\Users\Krissi\Desktop\*.tmp files -> C:\Users\Krissi\Desktop\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/27 20:15:46 | 000,000,004 | ---- | C] () -- C:\Users\Krissi\AppData\Roaming\skype.ini
[2013/02/27 14:32:49 | 000,007,682 | ---- | C] () -- C:\Users\Krissi\AppData\Local\recently-used.xbel
[2013/02/26 14:19:08 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013/02/14 11:33:38 | 000,001,472 | ---- | C] () -- C:\Users\Krissi\AppData\Local\RecConfig.xml
[2013/02/14 11:26:07 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/11 11:31:02 | 000,000,890 | ---- | C] () -- C:\Users\Krissi\AppData\Roaming\psppirerc
[2012/07/25 08:13:23 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/07/25 08:13:23 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/07/12 14:06:52 | 000,000,017 | ---- | C] () -- C:\Users\Krissi\AppData\Local\resmon.resmoncfg
[2012/05/08 07:20:19 | 000,000,521 | ---- | C] () -- C:\Windows\eReg.dat
[2012/02/19 14:22:40 | 000,007,168 | ---- | C] () -- C:\Users\Krissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/04 11:38:14 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2012/01/04 11:38:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/10/03 09:49:56 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCTinst.dll
[2011/08/13 05:17:10 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/06 07:24:45 | 000,087,040 | -HS- | C] () -- C:\Users\Krissi\AppData\Roaming\skype.dat
[2011/03/09 14:20:38 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/08 09:00:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/08 08:46:15 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/02/09 02:07:38 | 000,020,480 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2010/02/09 02:07:38 | 000,000,269 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/10/25 22:38:22 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/07/29 00:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/08/13 11:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Krissi\AppData\Local\lame_enc.dll
[2006/10/25 19:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Krissi\AppData\Local\vorbisenc.dll
[2006/10/25 19:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Krissi\AppData\Local\vorbisfile.dll
[2006/10/25 19:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Krissi\AppData\Local\vorbis.dll
[2006/10/25 19:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Krissi\AppData\Local\ogg.dll
[2006/05/18 22:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2005/08/23 16:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Krissi\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2011/10/03 09:54:54 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\5400 Series
[2012/12/24 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Augentraining 2
[2012/10/12 09:39:38 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Babylon
[2011/08/11 15:48:26 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\DAEMON Tools Lite
[2012/05/31 10:16:46 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Downloaded Installations
[2012/12/24 18:02:37 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Dr. Tool Mathe
[2012/11/27 08:29:22 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Dropbox
[2013/02/13 12:36:47 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\DVDVideoSoft
[2011/08/07 09:00:44 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/25 09:37:22 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Epson
[2012/05/31 10:20:03 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\FileOpen
[2012/11/27 08:30:18 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\FreeScreenToVideo
[2012/10/21 05:13:37 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Funlinker
[2012/12/24 18:12:17 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Gehirnsport Extra
[2012/11/27 08:30:39 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\GrassGames
[2012/05/22 08:02:45 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\gtk-2.0
[2012/12/13 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\IE Addon
[2012/12/28 04:41:02 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Nitro PDF
[2013/02/13 12:36:48 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\OpenCandy
[2012/03/08 06:16:48 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\PixelPlanet
[2012/10/27 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\Settlement. Colossus
[2012/01/13 08:49:27 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\SoftGrid Client
[2011/08/13 05:17:51 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\TP
[2012/09/26 16:22:06 | 000,000,000 | ---D | M] -- C:\Users\Krissi\AppData\Roaming\TuneUp Software
[2013/02/14 11:27:27 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2011/10/03 09:50:13 | 000,000,000 | ---D | M] -- C:\ProgramData\5400 Series
[2012/10/27 12:43:12 | 000,000,000 | ---D | M] -- C:\ProgramData\AlawarWrapper
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/06/15 17:49:22 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2012/10/12 09:39:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2012/07/12 14:30:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Big Fish Games
[2012/09/26 16:21:17 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2011/08/11 15:46:56 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/05/25 09:23:06 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2012/04/14 05:51:45 | 000,000,000 | ---D | M] -- C:\ProgramData\FarmFrenzy_Rome
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/05/31 10:20:03 | 000,000,000 | ---D | M] -- C:\ProgramData\FileOpen
[2011/08/05 08:03:06 | 000,000,000 | ---D | M] -- C:\ProgramData\GoBoingo
[2012/08/04 15:48:59 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallBrainService
[2012/08/04 16:27:40 | 000,000,000 | ---D | M] -- C:\ProgramData\install_clap
[2012/04/14 05:51:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2012/05/31 10:19:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF
[2011/08/05 08:26:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Partner
[2012/03/08 06:14:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PixelPlanet
[2013/01/29 12:54:04 | 000,000,000 | ---D | M] -- C:\ProgramData\PMS
[2012/07/25 08:16:25 | 000,000,000 | ---D | M] -- C:\ProgramData\SafeNet Sentinel
[2013/01/08 12:37:55 | 000,000,000 | ---D | M] -- C:\ProgramData\SevenOne
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/10/23 17:39:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2012/01/12 10:38:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/09/26 16:22:08 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2012/05/25 09:27:10 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2011/08/14 14:42:38 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2012/09/26 16:21:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/02/21 03:58:29 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Code:
OTL Extras logfile created on: 2/28/2013 11:28:34 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 9.96 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive D: | 204.03 Gb Total Space | 164.54 Gb Free Space | 80.64% Space Free | Partition Type: NTFS
Drive E: | 3.90 Gb Total Space | 3.45 Gb Free Space | 88.58% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{2304AF3E-F694-38CA-B0F9-E80D5CA390F4}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A69B08B1-51B4-46CD-82D2-81232BD51F4A}" = Nitro Reader 2
"{B6D5A1D7-6E4B-7FE0-790E-864A77AFD773}" = ccc-utility64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON SX235 Series" = Druckerdeinstallation für EPSON SX235 Series
"GIMP-2_is1" = GIMP 2.8.4
"Lexmark 5400 Series" = Lexmark 5400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{2304AF3E-F694-38CA-B0F9-E80D5CA390F4}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A69B08B1-51B4-46CD-82D2-81232BD51F4A}" = Nitro Reader 2
"{B6D5A1D7-6E4B-7FE0-790E-864A77AFD773}" = ccc-utility64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON SX235 Series" = Druckerdeinstallation für EPSON SX235 Series
"GIMP-2_is1" = GIMP 2.8.4
"Lexmark 5400 Series" = Lexmark 5400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
< End of report >

cosinus 28.02.2013 11:47
Sagmal aus welcher Quelle stammt eigentlich das bei dir installierte MS Office 2010?

christoph999 28.02.2013 11:49
Eigentlich Original CD, aber könnte auch mit nem keylogger später freigeschaltet worden sein.

cosinus 28.02.2013 11:57
Du meinst wohl mit nem crack - und das glaube ich auch

Zitat:
[2012/01/04 11:38:14 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2012/01/04 11:38:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

christoph999 28.02.2013 12:05
Der ist schon ewig drauf. Aber mein Vater hatte für 3 Original Keys gekauft. Ich hab einen, mein Vater hat einen und noch irgendwer. Dann hab ich mit der CD auf meiner Freundin den Rechner installiert, weil ich den als Zweitrechner nutze und da brauch ich doch nicht noch ne Lizenz, wenn fast nur ich den nutze und ne gültige Lizenz habe.

cosinus 28.02.2013 12:13
kmservice/srvany ist aber mit gecracktem Office verknüpft....

christoph999 28.02.2013 12:15
Stimmt, jedoch war es nur meine Absicht das Ding zum Laufen zu bekommen auf meinem Zweitrechner. Für nen Zweitrechner brauch man doch keine neue Lizenz oder? Wenn ja fliegt das mit runter und ich kauf noch eine.

cosinus 28.02.2013 12:35
Zitat:
Für nen Zweitrechner brauch man doch keine neue Lizenz oder?
Du brauchst für JEDE Installation eine Lizenz!
Ich glaube das weißt du selbst sonst hättest du wohl auch nicht mit irgendwelchen dämlichen Cracks herumhantiert.

Jedenfalls gibt es jetzt nur noch Hilfe bei Datensicherung und Neuinstallation von Windows.

christoph999 28.02.2013 12:37
Naja gut nützt ja nix dann muss ich neu aufsetzen. Hab mal in die Anleitung geschaut. Woher weiß ich ob mein USB Stick bootfähig ist? Und wie soll ich die Daten sichern wenn ich den Rechner nicht mal gestartet bekomme?

cosinus 28.02.2013 12:39
Zitat:
Woher weiß ich ob mein USB Stick bootfähig ist?
Indem du es ausprobierst? :wtf:
Warum bootest du nicht einfach von einer Linux-Live-CD um die Daten zu sichern?

christoph999 28.02.2013 12:46
Ich hatte zwei Partizipationen erstellt. ist es ratsam die mit Daten auch platt zu machen bzw. kann ich auch neu installierne und die Daten Partizipation erhalten?

Habt ihr ne Anleitung zum Erstellen einer Linux Live CD?

cosinus 28.02.2013 13:29
Zitat:
Ich hatte zwei Partizipationen erstellt. ist es ratsam die mit Daten auch platt zu machen bzw. kann ich auch neu installierne und die Daten Partizipation erhalten?
Anmerkung: es heißt Partition und nicht Partizipation :)

Du solltest alles komplett plattmachen. Vorher alle Daten sichern, dann ist das Auflösen und neu erstellen der Partitionen auf deiner internen Platte auch kein Problem

Zitat:
Habt ihr ne Anleitung zum Erstellen einer Linux Live CD?
Google kaputt? :lach:
Sry nit böse gemeint, schau mal hier => Ubuntu-CD
Ist ein Beispiel zu Ubuntu aber das ist ja irrelevant, prinzipiell ist das Brennen eines ISO-Images immer gleich, egal ob das ubuntu.iso oder christoph999.iso heißt ;)

christoph999 28.02.2013 14:31
XD Partizipationen, dieses gefährliche Halbwissen...

Habe jetzt über Ret... irgendwas X-PE gestartet, da er die Linux Puppy (oder so) und Parted Magic nicht erkannt hat, gestartet. Daten soweit gesichert. Du hast ja die log gesehen. ist es nötig Online Banking usw. zu sperren?


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:37 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131