| |  BKA-Trojaner OTLPE-Log-Auswertung
 Hallo liebe Problemlöser,
es wird Euch womöglich schon langweilen, aber auch ich plage mich mit dem BKA-Trojaner herum. Mit der Kaspersky Rescue Disk 10 gelang es mir, wieder auf den Laptop zugreifen zu können, auch einen Scan mit OTLPE konnte ich durchführen.
Hier das Log: Zitat:
OTL logfile created on: 6/15/2011 6:21:13 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.50 Gb Total Space | 18.14 Gb Free Space | 12.82% Space Free | Partition Type: NTFS
Drive D: | 7.55 Gb Total Space | 2.29 Gb Free Space | 30.29% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- -- (stllssvr)
SRV - [2010/01/14 19:08:13 | 000,070,928 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/07/21 08:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/08/21 12:42:37 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/23 21:11:44 | 000,106,593 | ---- | M] () [Auto] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 21:11:42 | 000,262,243 | ---- | M] () [Auto] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
========== Driver Services (SafeList) ==========
DRV - File not found [Unknown (0) | On_Demand] -- -- (TfKbMon)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2010/10/09 19:54:44 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/14 19:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 19:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/14 19:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/25 06:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 04:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 04:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/03/17 05:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/07/08 22:57:00 | 007,140,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/04/11 22:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/03/07 00:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 10:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 19:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 13:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 12:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/30 13:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 12:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\christina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\christina_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\christina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\christina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 07:31:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/01 13:27:43 | 000,000,000 | ---D | M]
[2009/12/02 19:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christina\AppData\Roaming\Mozilla\Extensions
[2011/06/12 12:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christina\AppData\Roaming\Mozilla\Firefox\Profiles\5mfq0jqj.default\extensions
[2011/05/23 16:38:56 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\christina\AppData\Roaming\Mozilla\Firefox\Profiles\5mfq0jqj.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2010/07/29 17:54:10 | 000,000,873 | ---- | M] () -- C:\Users\christina\AppData\Roaming\Mozilla\Firefox\Profiles\5mfq0jqj.default\searchplugins\conduit.xml
[2011/03/24 11:42:13 | 000,001,742 | ---- | M] () -- C:\Users\christina\AppData\Roaming\Mozilla\Firefox\Profiles\5mfq0jqj.default\searchplugins\googlede-pws.xml
[2010/01/25 02:37:39 | 000,001,042 | ---- | M] () -- C:\Users\christina\AppData\Roaming\Mozilla\Firefox\Profiles\5mfq0jqj.default\searchplugins\wikipedia-eng.xml
[2010/01/25 02:38:12 | 000,001,720 | ---- | M] () -- C:\Users\christina\AppData\Roaming\Mozilla\Firefox\Profiles\5mfq0jqj.default\searchplugins\youtube-videosuche.xml
[2011/03/23 13:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\CHRISTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5MFQ0JQJ.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
() (No name found) -- C:\USERS\CHRISTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5MFQ0JQJ.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2009/10/20 17:17:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/01 07:31:15 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/03/19 04:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
[2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/02/19 13:13:30 | 000,000,143 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\foxsearch.src
[2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\christina_ON_C\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\christina_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010/09/19 06:25:47 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\christina_ON_C Winlogon: Shell - (C:\Users\CHRIST~1\AppData\Local\Temp\0.15145164916126486.dll) - File not found
O24 - Desktop WallPaper: C:\MixedData\---\FRIENDS\mails\pics\stalin_12x10.jpg
O24 - Desktop BackupWallPaper: C:\MixedData\---\FRIENDS\mails\pics\stalin_12x10.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3c5cd0cf-b8af-11de-9fd5-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{3c5cd0cf-b8af-11de-9fd5-00038a000015}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8534fef1-b45e-11dc-9887-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8534fef1-b45e-11dc-9887-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O33 - MountPoints2\{9e024890-bad3-11de-92b6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9e024890-bad3-11de-92b6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/13 07:38:04 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011/06/07 14:26:13 | 000,000,000 | ---D | C] -- C:\Users\christina\Desktop\Favorite - Christoph Alex (2011)
[2011/05/26 15:17:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2011/05/23 17:14:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/23 16:45:49 | 000,000,000 | ---D | C] -- C:\Users\christina\Documents\GomPlayer
[2011/05/23 16:41:25 | 000,000,000 | ---D | C] -- C:\Users\christina\AppData\Roaming\GRETECH
[2011/05/23 16:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2011/05/22 14:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2 C:\Users\christina\AppData\Local\*.tmp files -> C:\Users\christina\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/15 11:02:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/15 11:00:43 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{461A203A-79D1-40D9-9052-B5D88055E755}.job
[2011/06/15 11:00:27 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/06/15 10:59:28 | 000,054,873 | ---- | M] () -- C:\Users\christina\AppData\Roaming\nvModes.001
[2011/06/15 10:59:24 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 10:59:23 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 10:59:22 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/14 18:23:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/14 16:58:40 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/06/14 16:58:40 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/14 16:58:40 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/06/14 16:58:40 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/12 14:50:40 | 000,242,176 | ---- | M] () -- C:\Users\christina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 13:42:20 | 000,054,873 | ---- | M] () -- C:\Users\christina\AppData\Roaming\nvModes.dat
[2011/06/05 08:09:12 | 043,203,763 | ---- | M] () -- C:\Users\christina\Desktop\Dialektik im 20. Jahrhundert - 1 - Lenin, Lukacs, Horkheimer.mp3
[2011/05/27 09:22:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/23 16:40:01 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2011/05/23 16:39:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2 C:\Users\christina\AppData\Local\*.tmp files -> C:\Users\christina\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/05 08:03:59 | 043,203,763 | ---- | C] () -- C:\Users\christina\Desktop\Dialektik im 20. Jahrhundert - 1 - Lenin, Lukacs, Horkheimer.mp3
[2011/05/23 16:40:01 | 000,000,862 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2010/10/08 06:59:17 | 000,007,592 | ---- | C] () -- C:\Users\christina\AppData\Local\d3d9caps.dat
[2010/04/24 18:11:42 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/01/30 08:02:04 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/04/15 16:28:39 | 000,000,310 | ---- | C] () -- C:\Windows\doom3.ini
[2008/04/14 15:34:20 | 000,054,873 | ---- | C] () -- C:\Users\christina\AppData\Roaming\nvModes.001
[2008/04/14 15:33:50 | 000,054,873 | ---- | C] () -- C:\Users\christina\AppData\Roaming\nvModes.dat
[2008/01/14 12:26:57 | 000,242,176 | ---- | C] () -- C:\Users\christina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/26 13:59:28 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/08/21 13:33:05 | 000,111,045 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/21 12:21:17 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2006/11/02 11:33:31 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,324,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:49:24 | 000,163,840 | ---- | C] () -- C:\Windows\System32\scrobj.dll
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/03/09 20:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
========== LOP Check ==========
[2011/02/16 17:08:45 | 000,000,000 | ---D | M] -- C:\Users\christina\AppData\Roaming\Auslogics
[2010/10/09 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\christina\AppData\Roaming\DAEMON Tools Lite
[2010/07/29 17:50:11 | 000,000,000 | ---D | M] -- C:\Users\christina\AppData\Roaming\DVDVideoSoft
[2010/07/10 10:51:38 | 000,000,000 | ---D | M] -- C:\Users\christina\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/18 09:35:13 | 000,000,000 | ---D | M] -- C:\Users\christina\AppData\Roaming\Feedreader by netzwelt
[2011/04/01 13:28:43 | 000,000,000 | ---D | M] -- C:\Users\christina\AppData\Roaming\Gutscheinmieze
[2010/08/23 20:49:09 | 000,000,000 | ---D | M] -- C:\Users\christina\AppData\Roaming\Iggels
[2010/10/09 20:05:41 | 000,000,000 | ---D | M] -- C:\Users\christina\AppData\Roaming\LucasArts
[2010/04/08 13:29:32 | 000,000,000 | ---D | M] -- C:\Users\christina\AppData\Roaming\OpenOffice.org
[2011/05/31 10:24:37 | 000,000,000 | ---D | M] -- C:\Users\christina\AppData\Roaming\Opera
[2010/10/09 19:42:48 | 000,000,000 | ---D | M] -- C:\Users\christina\AppData\Roaming\ScummVM
[2009/10/14 05:16:50 | 000,000,000 | ---D | M] -- C:\Users\christina\AppData\Roaming\Vodafone
[2007/12/26 13:34:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2010/10/09 19:53:58 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2007/12/26 13:34:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2007/12/26 13:34:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2007/12/26 13:34:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2010/07/17 07:17:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Last.fm
[2010/04/07 09:20:06 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2007/12/26 13:34:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/10/16 14:01:37 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/10/14 06:56:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone
[2007/12/26 13:34:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/06/15 11:02:30 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/15 11:00:43 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{461A203A-79D1-40D9-9052-B5D88055E755}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1CA73D29
< End of report >
| Wie geht's jetzt weiter?
Danke für Eure Hilfe!
|
15.06.2011, 17:07
Baum-Darstellung