Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner auf einem Windows XP Rechner (https://www.trojaner-board.de/139214-gvu-trojaner-windows-xp-rechner.html)

serenity2013 02.08.2013 13:27
GVU Trojaner auf einem Windows XP Rechner
 
Hallo, auf einem Rechner befindet sich ein GVU Trojaner. Wenn der PC normal startet (Windows XP Pro) wird sofort der Bildschirm abgesperrt. Ein Start im abgesicherten Modus ist nicht möglich. Bluescreen. Der Rechner wird sofort neugestartet.

Ich habe den Rechner schon mit mehreren Boot CDs durchgescannt, die konnten aber leider das Problem nicht beheben.

Wie kann man den Trojaner mit der Software OTL entfernen? Wie muss man das OTL Script erstellen?

Danke schon mal im voraus für die Hilfe.

markusg 02.08.2013 13:30
Hi
na dazu musst du euns die otl logs posten bitte.

serenity2013 02.08.2013 13:52
Hey, vielen Dank fuer die schnelle Antwort.

OTL LOG
Code:
OTL logfile created on: 8/2/2013 6:46:00 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148.93 Gb Total Space | 133.30 Gb Free Space | 89.50% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/06/12 02:28:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/06/27 04:33:38 | 000,140,544 | ---- | M] (Panda Security) [Auto] -- C:\Programme\Panda Security\WaAgent\Scheduler\PavSched.exe -- (PavAt3Scheduler)
SRV - [2011/06/10 06:22:06 | 000,314,696 | ---- | M] (Panda Security) [Auto] -- C:\Programme\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe -- (PavWASLpMng)
SRV - [2011/05/31 06:11:50 | 000,206,664 | ---- | M] (Panda Security) [Auto] -- C:\Programme\Panda Security\WaAgent\WasWD\WasWD.exe -- (WASWD)
SRV - [2011/05/31 06:09:52 | 000,322,376 | ---- | M] (Panda Security) [Auto] -- C:\Programme\Panda Security\WaAgent\WasAgent\WasAgent.exe -- (WASAgent)
SRV - [2011/05/17 10:05:34 | 000,342,344 | ---- | M] (Panda Security) [Auto] -- C:\Programme\Panda Security\WAC\PsCtrlS.exe -- (Panda Software Controller)
SRV - [2010/08/16 08:32:48 | 000,027,968 | ---- | M] (Panda Software International) [Auto] -- C:\Programme\Panda Security\WAC\psksvc.exe -- (PskSvc)
SRV - [2010/07/14 13:42:28 | 000,313,152 | ---- | M] (Panda Security, S.L.) [Auto] -- C:\Programme\Panda Security\WAC\pavsrvx86.exe -- (PavSrv)
SRV - [2010/06/25 06:36:28 | 000,107,328 | ---- | M] (Panda Security S.L.) [Auto] -- C:\Programme\Panda Security\WAC\PSIMSVC.EXE -- (PSImSvc)
SRV - [2009/05/27 08:38:28 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008/12/01 06:01:02 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008/08/28 08:05:34 | 000,966,656 | ---- | M] (Wave Systems Corp.) [Auto] -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/08/27 07:46:44 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand] -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/08/05 09:17:26 | 001,249,280 | ---- | M] () [Auto] -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/07/17 09:04:16 | 002,054,680 | ---- | M] (Intel Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2008/07/17 09:04:12 | 000,174,616 | ---- | M] (Intel Corporation) [Auto] -- C:\Programme\Intel\AMT\lms.exe -- (LMS) Intel(R)
SRV - [2007/07/11 05:33:28 | 000,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/04/19 01:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto] -- C:\Programme\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2011/05/05 08:07:12 | 000,062,152 | ---- | M] (Panda Security, S.L.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\amm8651.sys -- (AmFSM)
DRV - [2009/10/21 04:43:38 | 000,199,688 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\neti1640.sys -- (NETIMFLT01060040)
DRV - [2008/08/31 22:42:18 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/08/31 22:31:08 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
DRV - [2008/08/31 22:24:24 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/08/28 12:43:14 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/06/04 10:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2008/05/23 12:54:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/07/23 11:05:18 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 11:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 11:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 11:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 11:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 11:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 11:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 11:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 10:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 10:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/16 17:29:43 | 000,020,504 | R--- | M] (Hewlett Packard) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/07/16 17:29:33 | 000,017,432 | R--- | M] (Hewlett Packard) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007/04/19 01:28:12 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=2081202
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=2081202
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=2081202
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=2081202
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=2081202
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de/hws/sb/dell-row-rel/de/side.html?channel=de
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=2081202
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\user0008_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home
IE - HKU\user0008_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data]
IE - HKU\user0008_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de/hws/sb/dell-row-rel/de/side.html?channel=de
IE - HKU\user0008_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\user0008_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.gmx.net/?kid=A1000031 [binary data]
IE - HKU\user0008_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tab2
IE - HKU\user0008_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\user0008_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\user0008_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5022 [2011/08/23 12:00:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/06/07 04:44:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013/02/23 07:58:49 | 000,000,000 | ---D | M]
 
[2012/07/25 07:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/07/25 07:34:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011/08/30 19:15:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/08/30 16:35:55 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/30 16:29:49 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/08/30 16:35:55 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/30 16:35:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/08/30 16:35:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/08/30 16:35:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (no name) - {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Programme\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Programme\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Panda Software Controller Client] C:\Programme\Panda Security\WAC\PSCtrlC.exe (Panda Security)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [picon] C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [SecureUpgrade] C:\Programme\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SignCubes] C:\Programme\OPENLiMiT\siqSEMr.exe (OPENLiMiT SignCubes GmbH)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [WavXMgr] C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\Administrator_ON_C..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\Administrator_ON_C..\Run: [swg]  File not found
O4 - HKU\user0008_ON_C..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\user0008_ON_C..\Run: [Tabtree]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\user0008_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\user0008_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\user0008_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\user0008_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Programme\Panda Security\WAC\pavlsp.dll (Panda Software International)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game10.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\user0008_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 11:00:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 60 Days ==========
 
[2013/08/02 13:59:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/02 05:14:03 | 000,000,000 | ---D | C] -- C:\bd_logs
[2013/08/01 09:34:18 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/06/12 02:28:13 | 008,610,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/06/04 03:22:49 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qedit.dll
[2013/01/07 02:42:45 | 017,644,864 | ---- | C] (RIB Software AG                                            ) -- C:\Dokumente und Einstellungen\user0008\avasign_update.exe
[2010/03/08 11:31:48 | 027,265,856 | ---- | C] (RIB Software AG                                            ) -- C:\Dokumente und Einstellungen\user0008\avasign400.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 60 Days ==========
 
[2013/08/02 10:38:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/02 10:38:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/02 08:15:01 | 000,464,262 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/08/02 08:15:01 | 000,445,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/02 08:15:01 | 000,086,644 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/08/02 08:15:01 | 000,073,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/02 03:27:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/30 12:14:35 | 000,163,063 | ---- | M] () -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\2433f433
[2013/07/30 12:14:35 | 000,163,036 | ---- | M] () -- C:\Dokumente und Einstellungen\user0008\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/07/30 12:14:35 | 000,163,028 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
[2013/07/30 10:21:13 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\user0008\Lokale Einstellungen\Anwendungsdaten\WavXMapDrive.bat
[2013/07/12 01:13:36 | 000,220,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/10 02:57:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/25 10:19:43 | 000,002,249 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk
[2013/06/20 03:39:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/12 02:28:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/12 02:28:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/06/12 02:28:13 | 008,610,696 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/06/07 17:55:44 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/06/07 17:48:33 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/06/07 17:48:33 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/06/07 17:48:33 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/06/07 17:48:32 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/06/07 17:48:32 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/06/07 17:48:32 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/06/07 17:48:32 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/06/07 17:48:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/06/07 17:48:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/06/07 17:48:32 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/06/07 17:48:31 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/06/07 17:48:31 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/06/07 17:48:31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/06/07 17:48:31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/06/07 17:48:31 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/06/07 17:48:31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/06/07 17:48:31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/06/07 17:48:31 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/06/07 17:48:31 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/06/07 17:48:31 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/06/07 17:48:31 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/06/07 17:48:30 | 011,112,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/06/07 17:48:30 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/06/07 17:48:30 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/06/07 17:48:30 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/06/07 17:48:27 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/06/07 17:48:27 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/06/07 17:48:27 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/06/07 14:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/06/07 14:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/06/05 05:08:28 | 001,876,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2013/06/05 05:08:28 | 001,876,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2013/06/04 03:22:49 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qedit.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/30 12:14:35 | 000,163,063 | ---- | C] () -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\2433f433
[2013/07/30 12:14:35 | 000,163,036 | ---- | C] () -- C:\Dokumente und Einstellungen\user0008\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/07/30 12:14:35 | 000,163,028 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
[2012/02/16 01:51:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/27 11:28:20 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\qh1xl48jetgsjipp.dat
[2011/10/16 21:02:04 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/07 04:02:29 | 000,000,133 | ---- | C] () -- C:\WINDOWS\AdminIE.ini
[2009/12/04 08:48:10 | 000,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/12/04 08:43:26 | 000,000,512 | ---- | C] () -- C:\WINDOWS\System32\siqP11.dll.sig
[2008/12/17 06:02:01 | 000,018,691 | ---- | C] () -- C:\Dokumente und Einstellungen\user0008\C. Röschmann's Malerw. GmbH_UmstRoes_elster.pfx
[2008/12/17 05:59:32 | 000,018,691 | ---- | C] () -- C:\Dokumente und Einstellungen\user0008\Andreas user0008_UmstHayd_elster.pfx
[2008/12/08 11:38:23 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2008/12/08 11:36:20 | 000,163,983 | ---- | C] () -- C:\WINDOWS\hppins08.dat.temp
[2008/12/08 11:36:20 | 000,001,116 | ---- | C] () -- C:\WINDOWS\hppmdl08.dat.temp
[2008/12/08 11:34:40 | 000,000,685 | R--- | C] () -- C:\WINDOWS\System32\hppapr08.dat
[2008/12/08 11:33:17 | 000,169,968 | ---- | C] () -- C:\WINDOWS\hppins08.dat
[2008/12/08 11:33:17 | 000,169,927 | ---- | C] () -- C:\WINDOWS\System32\hppins08.dat
[2008/12/08 11:33:17 | 000,001,116 | ---- | C] () -- C:\WINDOWS\hppmdl08.dat
[2008/12/08 08:16:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/08 08:07:19 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/08 07:30:51 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\user0008\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/08 07:26:20 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\user0008\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/12/08 07:26:20 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\user0008\Lokale Einstellungen\Anwendungsdaten\WavXMapDrive.bat
[2008/12/02 14:01:16 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2008/12/02 14:01:16 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008/12/02 14:01:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4977.dll
[2008/12/02 14:01:08 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/12/02 14:01:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/12/02 14:00:33 | 000,001,502 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/12/02 06:33:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/02 06:33:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WavXMapDrive.bat
[2008/12/02 06:28:53 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/02 06:21:32 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/08/26 06:30:40 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2008/08/26 06:30:40 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2008/08/26 06:30:38 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2008/08/26 06:30:38 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2008/08/26 06:30:38 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2008/08/26 06:30:36 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2008/08/26 06:30:36 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2008/08/26 06:30:34 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2008/08/26 06:30:34 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2008/08/26 06:30:32 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2008/08/26 06:30:32 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2008/08/26 06:30:32 | 000,479,232 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2008/08/26 06:30:30 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2008/08/26 06:30:30 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2008/08/26 06:30:30 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2008/08/26 06:30:26 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll
[2008/08/26 06:30:26 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll
[2008/08/26 06:30:24 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll
[2008/08/26 06:30:24 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll
[2008/08/26 06:30:22 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll
[2008/08/26 06:30:22 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll
[2008/08/26 06:30:20 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll
[2008/08/26 06:30:18 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll
[2008/08/26 06:30:18 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll
[2008/08/26 06:30:02 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2008/08/22 13:48:42 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2008/08/22 13:06:28 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2008/08/22 12:28:12 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2008/08/21 12:18:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2008/08/21 12:18:30 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2008/08/21 12:18:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2008/08/21 12:17:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2008/08/21 12:17:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2008/08/21 12:17:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2008/08/21 12:17:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2008/08/21 12:17:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2008/08/21 12:17:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2008/08/21 12:17:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2008/08/21 12:17:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2008/08/21 12:17:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2008/08/21 12:17:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2008/08/21 12:16:58 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2008/08/21 12:16:56 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2008/08/21 12:16:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2008/08/21 12:16:54 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2008/08/21 12:16:52 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2008/08/21 12:16:52 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2008/08/21 12:16:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2008/08/21 12:16:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2008/08/21 12:16:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2008/08/21 12:16:46 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2008/08/21 12:16:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2008/04/25 11:06:53 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/04/25 11:02:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 10:57:56 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 10:57:02 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 05:46:09 | 000,464,262 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/04/25 05:46:09 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008/04/25 05:46:09 | 000,086,644 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/04/25 05:46:09 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008/04/25 05:45:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 05:45:56 | 000,445,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 05:45:56 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 05:45:56 | 000,073,004 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 05:45:56 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 05:45:55 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 05:45:55 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 05:45:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 05:45:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 05:45:50 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 05:45:46 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 05:45:43 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/24 21:52:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/24 21:51:36 | 000,220,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/25 05:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/04/19 01:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/04/19 01:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2006/06/30 08:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 08:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 04:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 09:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 09:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 23:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
 
========== LOP Check ==========
 
[2009/06/08 03:40:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\TeamViewer
[2008/12/02 06:24:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Wave Systems Corp
[2008/12/02 06:24:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Wave Systems Corp
[2011/09/06 02:58:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\Crtreg
[2011/08/07 05:13:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\Foxit Software
[2012/05/08 00:45:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\Hewog
[2012/10/24 06:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\Roonow
[2012/08/27 08:18:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\TeamViewer
[2012/07/01 12:52:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\Ttpp
[2012/10/17 04:55:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\Umav
[2008/12/02 06:24:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\Wave Systems Corp
[2012/05/07 11:29:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\Xeat
[2009/06/08 03:44:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TeamViewer
[2010/01/04 09:31:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2008/12/02 06:24:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NTRU Cryptosystems
[2010/10/17 07:59:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sentinel
[2008/12/02 06:27:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wave Systems Corp
[2008/12/08 11:38:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zvprt50
[2009/02/21 07:50:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
 
========== Purity Check ==========
 
 
< End of report >
Extras Log

Code:
OTL Extras logfile created on: 8/2/2013 6:46:01 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148.93 Gb Total Space | 133.30 Gb Free Space | 89.50% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
Using ControlSet: ControlSet003
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Panda Security\WaAgent\WasAgent\WasAgent.exe" = C:\Programme\Panda Security\WaAgent\WasAgent\WasAgent.exe -- (Panda Security)
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\HP\hp laserjet m1522\Fax Config utility1.exe" = C:\Programme\HP\hp laserjet m1522\Fax Config utility1.exe:*:Enabled:HP Networked Printer Installer -- ()
"C:\Programme\HP\hp laserjet m1522\hppfaxnc1.exe" = C:\Programme\HP\hp laserjet m1522\hppfaxnc1.exe:*:Enabled:HP Networked Printer Installer -- (Hewlett-Packard Co.)
"C:\Dokumente und Einstellungen\user0008\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Dokumente und Einstellungen\user0008\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\Programme\Panda Security\WaAgent\WasAgent\WasAgent.exe" = C:\Programme\Panda Security\WaAgent\WasAgent\WasAgent.exe -- (Panda Security)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1F15B51B-0622-486A-A751-6D4EDD56842A}" = hppusgM1522
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30B48963-F106-45C1-A34D-BCDEEC3BE0EC}" = hppSendFax
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38847ACF-C102-455C-9E58-57626D495DB1}" = hppFaxUtility
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{41B52574-B88C-4874-A63F-4BBFEC15ADC3}" = hpzTLBXFX
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{48A0C03C-771D-4F38-B1E8-854005D6ED95}" = Dell Control Point
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{515B6FE8-7428-48D5-A39B-3E64A0BCCABE}" = hppscanM1522
"{515EE4A3-6C80-4D56-824B-DF234DC50F74}" = SignCubes comdlg32.msm Update
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63A18790-64E9-41E0-AAA6-3FA21328047A}" = SignCubes mscomct2.msm Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A3B66AC-97DC-4A9F-8F68-4D49C522CB22}" = hppScanTo
"{6DD734FE-F0D6-4B15-BD77-A4EADBA04DEA}" = hppLJM1522
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78E43A83-DD74-499F-AF9E-47F9E15EBFE1}" = SignCubes comct232.msm Update
"{8361A088-1A86-425B-968E-034555992392}" = NTRU TCG Software Stack
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8B172811-899F-4508-82D4-D9304F1D0810}_is1" = BIT-View
"{8B1F8092-9D84-459B-88EA-0BE882AC915E}" = UPEK TouchChip Fingerprint Reader
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{98286BC7-AD4C-424A-9BB9-F87A26D88CAF}" = SignCubes comct323.msm Update
"{9914C700-5390-4B4A-844B-7786F05D9A7D}" = Wave Infrastructure Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A117C809-A34F-4D18-BFD1-917B20FC9F31}" = Panda Endpoint Protection
"{A27E7EAE-6E50-40B6-A03B-3F4792E240EC}" = SignCubes comctl32.msm Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8DD74DC-14C4-4BA0-8DF7-D84524D0B0D2}" = ST Microelectronics TPM Driver Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B00690AD-B4F5-4730-9110-5C495B89E647}" = Scan
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BF41B595-62E3-407A-BE1F-267A2AF6CB4C}" = hppTLBXFXM1522
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8A37F1F-E13B-48ae-93F8-4669264969F9}" = HP LaserJet M1522 MFP Series 4.0
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE48AA2A-508F-45FD-BEEF-CD14447228AB}" = Panda Endpoint Agent
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"{E352D262-66C1-4669-9522-8B57AA5AE201}" = hppManualsM1522
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EDC1C4E7-C425-4E45-B8E0-D9ABB4F0D907}" = hppFaxDrvM1522
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"35858E766EFC35B58A45C301DD358D503119A8FA" = Windows Driver Package - STMicroelectronics (stmtpm) System  (05/24/2007 1.00.04.15)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-Treiberpaket - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ava-sign 4.1.9.1688_is1" = ava-sign 4.1.9.1688
"ava-sign 4.2.10.1919_is1" = ava-sign 4.2.10.1919                                        -
"ava-sign 4.2.4.1810_is1" = ava-sign 4.2.4.1810
"ava-sign 4.2.7.1832_is1" = ava-sign 4.2.7.1832
"ava-sign 4.4.2.2023_is1" = ava-sign 4.4.2.2023                                        -
"Bieter Programme_is1" = Bieter Programme
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"MESOL" = Intel® Active-Management-Technologie
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.1 (x86 de)" = Mozilla Firefox 6.0.1 (x86 de)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Offerte_L" = Offerte_L
"PCOP Agent" = Panda Endpoint Agent
"PCOP Endpoint" = Panda Endpoint Protection
"SearchAssist" = SearchAssist
"SignCubes" = OPENLiMiT(R) SignCubes 2.1.6.3 ReaderDeuSR1a
"TeamViewer 4 Host" = TeamViewer 4 Host
"ventasoft Demo-Filme_is1" = Lernvideos für Bieter
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
< End of report >

markusg 02.08.2013 14:48
Wir müssen da leider n bissel anders rann:
Erstellen einer UBCD4Win-CD und Scan mit FRST (Windows XP)

Die folgenden Schritte sind sehr komplex, daher druckst du dir die Anleitung besser aus. Außerdem brauchst du:
  • Einen funktionierenden Computer
    mit DVD/CD-Brenner
  • Einen CD-Rohling.
  • Einen USB-Stick.
Falls du bei den folgenden Schritten eine Fehlermeldung bekommst, gib mir bitte Bescheid und gib an, an welcher Stelle das genau passiert ist.

A) Lade dir bitte die Ultimate Boot CD für Windows
  • Speichere es auf deinen Desktop und doppelklicke
    die UBCD4Win.EXE.
  • Folge den Anweisungen auf dem Bildschirm.
  • Wichtig:
    • Installiere es nicht in einen Ordner mit Leerzeichen!
    • Dein
      Virusscanner könnte anschlagen, wenn die Dateien entpackt werden. Dies sind aber Fehlalarme.
B) Lege deine Windows XP CD mit SP1/SP2/SP3 (Servicepacks) in dein CD-Laufwerk
  • Doppelklicke die UBCD4WinBuilder.exe im Ordner c:\ubcd4win,
    falls du nicht gleich vom Setup dorthin gesprungen bist.
  • Unter Windows Vista / 7 / 8 musst du den Builder mit Rechtsklick > Als Administrator starten.

  • Klicke Ich stimme zu, bei der nächsten Frage: Nein
  • Im folgenden Menü mache folgende Einstellungen:
    • Quelle: Klicke "..."
      und wähle das Laufwerk aus.
    • Zusätzliches: Lass das hier leer.
    • Zielordner: Hier steht "BartPE", lass das so.
    • Bootmedium: "ISO-Image
      erstellen" sollte angewählt sein - belasse dies so.
    Hinweis: Falls deine XP-CD das Service Pack 1 enthält (nur dann), mache bitte folgendes:
    • Klicke auf Plugins.
    • Deaktiviere
      !Critical: DComLaunch Service
    • Aktiviere !Critical: LargeIDE Fix
    • Klicke: Schliessen
    Hinweis: Falls du eine Installations-CD von Dell hast, dann folge bitte diesem Link für weitere Hinweise.
C) Klicke jetzt auf den Start-Button
  • Klicke zum Erstellen des Verzeichnisses auf Ja.
  • Klicke auf "Ich stimme zu", warte
    einige Minuten während das Image erstellt wird und dann auf schliessen > Beenden.
D) Brenne das ISO-Image auf den CD-Rohling: Anleitung

E) Lade Farbar's Recovery Scan Tool auf den sauberen Rechner und speichere es auf den USB-Stick.

F) Schließe den USB-Stick an den infizierten Rechner an, lege die UBCD4Win-CD ein und starte ihn.
  • Sorge dafür, dass der Computer von CD startet.
    (Anleitung)
  • Es erscheint ein Fenster in dem du die Ultimate Boot CD für Windows
    auswählst und Enter drücken sollst. Dies kann eine Weile dauern, sei einfach geduldig.
  • Wenn der Desktop erscheint, wird eine Nachricht erscheinen:
    Do you want to start Network support? Antworte mit Ja, wenn du sofort online gehen willst, um dein Logfile zu posten.
  • Es erscheint ein
    blauer Desktop mit grüner Schrift und einigen Icons auf der linken Seite.
G) Klicke auf das Computersymbol oben links, finde Farbar's Recovery Scan Tool (FRST.exe) auf deinem USB-Stick.
  • Starte FRST mit einem Doppelklick.

  • Bestätige die Abfrage.
  • Klicke auf Scan
  • Ein Logfile namens FRST.txt wird erstellt. Poste es hier in deinem
    Thema, möglichst in CODE-Tags (#-Symbol im Editor).

serenity2013 05.08.2013 09:17
Vielen Dank fuer die Antwort.

Hier der Inhalt der Datei


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-08-2013 01
Ran by SYSTEM on 05-08-2013 15:13:13
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Programme\Analog Devices\Core\smax4pnp.exe [1044480 2008-08-31] (Analog Devices, Inc.)
HKLM\...\Run: [picon] - C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe [773144 2008-07-17] (Intel Corporation)
HKLM\...\Run: [ChangeTPMAuth] - C:\Programme\Wave Systems Corp\Common\ChangeTPMAuth.exe [184320 2008-08-21] (Wave Systems Corp.)
HKLM\...\Run: [WavXMgr] - C:\Programme\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [145408 2008-08-22] (Wave Systems Corp.)
HKLM\...\Run: [SecureUpgrade] - C:\Programme\Wave Systems Corp\SecureUpgrade.exe [656696 2008-08-28] (Wave Systems Corp.)
HKLM\...\Run: [EmbassySecurityCheck] - C:\Programme\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [91448 2008-08-28] (Wave Systems Corp.)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [ToolBoxFX] - C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2008-01-10] (HP)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [HP Software Update] - C:\Programme\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [SignCubes] - C:\PROGRA~1\OPENLI~1\siqSEMr.exe [200770 2007-12-03] (OPENLiMiT SignCubes GmbH)
HKLM\...\Run: [Panda Software Controller Client] - C:\Programme\Panda Security\WAC\PSCtrlC.exe [140096 2010-09-21] (Panda Security)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth

========================== Services (Whitelisted) =================

S2 ASFAgent; C:\Programme\Intel\ASF Agent\ASFAgent.exe [133968 2007-04-19] (Intel Corporation)
S3 getPlus(R) Helper; C:\Programme\NOS\bin\getPlus_HelperSvc.exe [33752 2008-12-01] (NOS Microsystems Ltd.)
S3 hpqcxs08; C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-01-29] (Hewlett-Packard Co.)
S2 hpqddsvc; C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.)
S2 LMS; C:\Programme\Intel\AMT\LMS.exe [174616 2008-07-17] (Intel Corporation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S2 Panda Software Controller; C:\Programme\Panda Security\WAC\PsCtrlS.exe [342344 2011-05-17] (Panda Security)
S2 PavAt3Scheduler; C:\Programme\Panda Security\WaAgent\Scheduler\PavSched.exe [140544 2011-06-27] (Panda Security)
S2 PavSrv; C:\Programme\Panda Security\WAC\pavsrvx86.exe [313152 2010-07-14] (Panda Security, S.L.)
S2 PavWASLpMng; C:\Programme\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [314696 2011-06-10] (Panda Security)
S2 PSImSvc; C:\Programme\Panda Security\WAC\PSIMSVC.EXE [107328 2010-06-25] (Panda Security S.L.)
S2 PskSvc; C:\Programme\Panda Security\WAC\psksvc.exe [27968 2010-08-16] (Panda Software International)
S3 SecureStorageService; C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [638976 2008-08-27] (Wave Systems Corp.)
S3 stllssvr; C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.)
S2 tcsd_win32.exe; C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1249280 2008-08-05] ()
S2 TdmService; C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [966656 2008-08-28] (Wave Systems Corp.)
S2 TeamViewer4; C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe [185640 2009-05-27] (TeamViewer GmbH)
S2 UNS; C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.exe [2054680 2008-07-17] (Intel Corporation)
S2 WASAgent; C:\Programme\Panda Security\WaAgent\WasAgent\WasAgent.exe [322376 2011-05-31] (Panda Security)
S2 WASWD; C:\Programme\Panda Security\WaAgent\WasWD\WasWD.exe [206664 2011-05-31] (Panda Security)
S2 JavaQuickStarterService; "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S2 AmFSM; C:\Windows\System32\DRIVERS\amm8651.sys [62152 2011-05-05] (Panda Security, S.L.)
S3 AsfAlrt; C:\WINDOWS\system32\Drivers\AsfAlrt.sys [42832 2007-04-19] (Intel Corporation)
S2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
S2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
S2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
S2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
S2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
S2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
S2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
S2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k5132.sys [144480 2008-08-31] (Intel Corporation)
S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
S3 HPFXFAX; C:\Windows\System32\drivers\hpfxfax.sys [20504 2007-07-16] (Hewlett Packard)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30816 2008-05-23] (Intel Corporation )
S3 NETIMFLT01060040; C:\Windows\System32\DRIVERS\neti1640.sys [199688 2009-10-21] (Panda Security, S.L.)
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
S0 SFAUDIO; C:\Windows\System32\drivers\sfaudio.sys [24064 2008-08-31] (Sonic Focus, Inc)
S2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [208824 2008-08-28] (Wave Systems Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-02 15:26 - 2013-08-02 18:47 - 00029746 _____ C:\Extras.Txt
2013-08-02 13:59 - 2013-08-02 13:59 - 00000000 ____D C:\_OTL
2013-08-02 13:04 - 2013-08-02 13:04 - 00000057 _____ C:\Windows\System32\config\.directory
2013-08-02 12:40 - 2013-08-02 18:47 - 00081068 _____ C:\OTL.Txt
2013-08-01 09:34 - 2013-08-01 09:34 - 00000000 __SHD C:\found.000
2013-07-10 02:57 - 2013-07-10 02:57 - 00008864 _____ C:\Windows\KB2834886.log
2013-07-10 02:57 - 2013-07-10 02:57 - 00008602 _____ C:\Windows\KB2803821.log
2013-07-10 02:57 - 2013-07-10 02:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2850851$
2013-07-10 02:57 - 2013-07-10 02:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2845187$
2013-07-10 02:57 - 2013-07-10 02:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2834886$
2013-07-10 02:57 - 2013-07-10 02:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2803821_WM9$
2013-07-10 02:54 - 2013-07-10 02:54 - 00011183 _____ C:\Windows\KB2846071-IE8.log
2013-07-10 01:55 - 2013-07-10 02:57 - 00013980 _____ C:\Windows\KB2850851.log
2013-07-10 01:55 - 2013-07-10 02:57 - 00012721 _____ C:\Windows\KB2845187.log
16

==================== One Month Modified Files and Folders =======

2013-08-02 18:47 - 2013-08-02 15:26 - 00029746 _____ C:\Extras.Txt
2013-08-02 18:47 - 2013-08-02 12:40 - 00081068 _____ C:\OTL.Txt
2013-08-02 13:59 - 2013-08-02 13:59 - 00000000 ____D C:\_OTL
2013-08-02 13:56 - 2008-04-25 05:46 - 00002206 _____ C:\Windows\System32\wpa.dbl
2013-08-02 13:56 - 2008-04-24 21:55 - 00000159 _____ C:\Windows\wiadebug.log
2013-08-02 13:56 - 2008-04-24 21:55 - 00000050 _____ C:\Windows\wiaservc.log
2013-08-02 13:10 - 2011-10-28 09:14 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-08-02 13:04 - 2013-08-02 13:04 - 00000057 _____ C:\Windows\System32\config\.directory
2013-08-02 08:15 - 2008-04-24 21:52 - 00005076 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-02 08:14 - 2008-04-25 11:03 - 00032572 _____ C:\Windows\SchedLgU.Txt
2013-08-02 08:14 - 2008-04-25 10:59 - 01519399 _____ C:\Windows\WindowsUpdate.log
2013-08-02 05:03 - 2010-06-11 09:56 - 00000580 _____ C:\Windows\setupact.log
2013-08-02 05:03 - 2010-06-07 03:33 - 00090219 _____ C:\Windows\setupapi.log
2013-08-01 09:34 - 2013-08-01 09:34 - 00000000 __SHD C:\found.000
2013-07-27 09:58 - 2010-10-17 04:52 - 00004486 _____ C:\Windows\wmsetup.log
2013-07-12 01:19 - 2008-04-25 11:05 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 01:13 - 2008-04-24 21:51 - 00220840 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 02:57 - 2013-07-10 02:57 - 00008864 _____ C:\Windows\KB2834886.log
2013-07-10 02:57 - 2013-07-10 02:57 - 00008602 _____ C:\Windows\KB2803821.log
2013-07-10 02:57 - 2013-07-10 02:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2850851$
2013-07-10 02:57 - 2013-07-10 02:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2845187$
2013-07-10 02:57 - 2013-07-10 02:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2834886$
2013-07-10 02:57 - 2013-07-10 02:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2803821_WM9$
2013-07-10 02:57 - 2013-07-10 01:55 - 00013980 _____ C:\Windows\KB2850851.log
2013-07-10 02:57 - 2013-07-10 01:55 - 00012721 _____ C:\Windows\KB2845187.log
2013-07-10 02:57 - 2010-06-11 09:56 - 01189309 _____ C:\Windows\iis6.log
2013-07-10 02:57 - 2010-06-11 09:56 - 01096304 _____ C:\Windows\FaxSetup.log
2013-07-10 02:57 - 2010-06-11 09:56 - 00526168 _____ C:\Windows\ocgen.log
2013-07-10 02:57 - 2010-06-11 09:56 - 00502138 _____ C:\Windows\tsoc.log
2013-07-10 02:57 - 2010-06-11 09:56 - 00365792 _____ C:\Windows\comsetup.log
2013-07-10 02:57 - 2010-06-11 09:56 - 00335910 _____ C:\Windows\msmqinst.log
2013-07-10 02:57 - 2010-06-11 09:56 - 00221390 _____ C:\Windows\ntdtcsetup.log
2013-07-10 02:57 - 2010-06-11 09:56 - 00192774 _____ C:\Windows\netfxocm.log
2013-07-10 02:57 - 2010-06-11 09:56 - 00075650 _____ C:\Windows\MedCtrOC.log
2013-07-10 02:57 - 2010-06-11 09:56 - 00060876 _____ C:\Windows\ocmsn.log
2013-07-10 02:57 - 2010-06-11 09:56 - 00055358 _____ C:\Windows\tabletoc.log
2013-07-10 02:57 - 2010-06-11 09:56 - 00055002 _____ C:\Windows\msgsocm.log
2013-07-10 02:57 - 2010-06-11 09:56 - 00001374 _____ C:\Windows\imsins.log
2013-07-10 02:57 - 2010-06-11 09:56 - 00001374 _____ C:\Windows\imsins.BAK
2013-07-10 02:54 - 2013-07-10 02:54 - 00011183 _____ C:\Windows\KB2846071-IE8.log
2013-07-10 02:54 - 2010-06-11 09:57 - 00078784 _____ C:\Windows\updspapi.log
2013-07-10 02:54 - 2010-01-04 09:32 - 00000000 ____D C:\Windows\ie8updates
2013-07-10 02:54 - 2009-01-08 08:05 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-10 02:52 - 2008-04-25 11:11 - 00000000 ____D C:\Windows\System32\XPSViewer

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-04-25 05:45] - [2008-04-14 08:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e

C:\Windows\System32\winlogon.exe
[2008-04-25 05:46] - [2008-04-14 08:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a

C:\Windows\System32\svchost.exe
[2008-04-25 05:46] - [2008-04-14 08:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366

C:\Windows\System32\services.exe
[2008-04-25 05:45] - [2009-02-09 07:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc

C:\Windows\System32\User32.dll
[2008-04-25 05:46] - [2008-04-14 08:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd

C:\Windows\System32\userinit.exe
[2008-04-25 05:46] - [2008-04-14 08:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106

C:\Windows\System32\Drivers\volsnap.sys
[2008-04-25 05:46] - [2008-04-14 08:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-08-02 03:26 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP248

RP: -> 2013-08-01 03:00 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP247

RP: -> 2013-07-30 04:53 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP246

RP: -> 2013-07-29 02:17 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP245

RP: -> 2013-07-22 06:34 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP244

RP: -> 2013-07-18 01:14 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP243

RP: -> 2013-07-16 01:12 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP242

RP: -> 2013-07-10 02:52 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP241

RP: -> 2013-07-10 02:00 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP240

RP: -> 2013-07-08 16:44 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP239

RP: -> 2013-07-07 15:40 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP238

RP: -> 2013-07-06 14:48 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP237

RP: -> 2013-07-05 10:16 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP236

RP: -> 2013-07-04 09:48 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP235

RP: -> 2013-07-03 02:55 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP234

RP: -> 2013-07-02 01:55 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP233

RP: -> 2013-07-01 01:51 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP232

RP: -> 2013-06-28 01:08 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP231

RP: -> 2013-06-26 02:18 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP230

RP: -> 2013-06-25 01:04 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP229

RP: -> 2013-06-24 00:52 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP228

RP: -> 2013-06-21 08:08 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP227

RP: -> 2013-06-20 03:33 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP226

RP: -> 2013-06-19 03:07 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP225

RP: -> 2013-06-17 15:05 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP224

RP: -> 2013-06-16 14:05 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP223

RP: -> 2013-06-15 13:05 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP222

RP: -> 2013-06-14 12:53 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP221

RP: -> 2013-06-13 10:44 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP220

RP: -> 2013-06-13 01:06 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP219

RP: -> 2013-06-12 01:01 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP218

RP: -> 2013-06-11 01:00 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP217

RP: -> 2013-06-09 14:13 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP216

RP: -> 2013-06-07 04:19 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP215

RP: -> 2013-06-06 01:02 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP214

RP: -> 2013-06-04 09:04 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP213

RP: -> 2013-06-03 08:21 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP212

RP: -> 2013-05-30 10:55 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP211

RP: -> 2013-05-29 09:49 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP210

RP: -> 2013-05-28 09:10 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP209

RP: -> 2013-05-27 08:28 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP208

RP: -> 2013-05-24 01:21 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP207

RP: -> 2013-05-22 02:30 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP206

RP: -> 2013-05-20 14:04 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP205

RP: -> 2013-05-17 13:57 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP204

RP: -> 2013-05-16 08:23 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP203

RP: -> 2013-05-15 08:00 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP202

RP: -> 2013-05-14 01:00 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP201

RP: -> 2013-05-12 14:14 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP200

RP: -> 2013-05-11 03:09 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP199

RP: -> 2013-05-10 02:04 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP198

RP: -> 2013-05-07 01:42 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP197

RP: -> 2013-05-06 00:54 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP196

RP: -> 2013-05-04 06:13 - 024576 _restore{DBEF6E60-C5C5-47E2-8E78-49320D8CFCDD}\RP195


==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 3291.54 MB
Available physical RAM: 3031.38 MB
Total Pagefile: 3114.9 MB
Available Pagefile: 3051.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1986.33 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (OS) (Fixed) (Total:148.93 GB) (Free:133.25 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (VMs) (Fixed) (Total:465.76 GB) (Free:276.39 GB) NTFS
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 3D09BDDC)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 98DEB064)
Partition 1: (Not Active) - (Size=86 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

markusg 05.08.2013 14:06
Hi,
kannst du denn wieder normal starten, sehe keine Starteinträge der Malware

serenity2013 05.08.2013 14:57
Hi markusg,

habe ich schon gemacht. Der Rechner startet und es wird dann sofort der Bildschirm gesperrt. (GVU Trojaner).

Was könnte man noch machen?

markusg 05.08.2013 16:09
wenn du f8 drückst, und letzte bekannte funktionierene Konfiguration startest, geht es dann?
kannst du den pc evtl., falls dies nicht geht, starten, wenn du das Internet trennst? also wlan aus bzw lankabel raus?

serenity2013 05.08.2013 16:36
Hey, dank für die Antwort.

Habe ich schon getestet. Bei " letzte bekannte funktionierene Konfiguration" passiert nichts. Nach dem Start wird sofort der GVU Trojaner gestartet.

Abgesicherter Modus wird mit einem Bluescreen beendet. Rechner startet sofort neu.

Netzwerk Verbindung ist getrennt.

markusg 05.08.2013 18:42
Hi,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
[2013/07/30 12:14:35 | 000,163,063 | ---- | C] () -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\2433f433
[2013/07/30 12:14:35 | 000,163,036 | ---- | C] () -- C:\Dokumente und Einstellungen\user0008\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/07/30 12:14:35 | 000,163,028 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
[2011/10/27 11:28:20 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\qh1xl48jetgsjipp.dat
:Files
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
starte in den normalen modus.
falls du keinen Desktop hast, strg+alt+entf,
taskmananger öffnen, Prozesse, neuer Task,
explorer.exe
enter
teile mir mit, ob das nötig war
falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

serenity2013 06.08.2013 10:05
Hey, jetzt hat es funktioniert. Der Rechner startet wieder und man kann auf den Desktop zugreifen.

Der Deskop wurde nach dem Neustart geladen.

Code:
========== OTL ==========
File C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\2433f433 not found.
File C:\Dokumente und Einstellungen\user0008\Lokale Einstellungen\Anwendungsdaten\2433f433 not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433 moved successfully.
File C:\Dokumente und Einstellungen\user0008\Anwendungsdaten\qh1xl48jetgsjipp.dat not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 205994 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: user0008
->Temp folder emptied: 160872163 bytes
->Temporary Internet Files folder emptied: 529664431 bytes
->Java cache emptied: 2071133 bytes
->FireFox cache emptied: 95936228 bytes
->Flash cache emptied: 5762 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33186 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 48853374 bytes
 
Total Flash Files Cleaned = 799.00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: user0008
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3063 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 188243040 bytes
 
Total Files Cleaned = 180.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 08062013_164257
Vielen Dank noch mal für die Hilfe. Hat sehr gut funktioniert.

markusg 06.08.2013 13:34
Hi danke fürs hochladen.
Es sind 2 Logs zu erstellen, poste die möglichst gleichzeitig.
1.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

2.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:14 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129