| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computerkriminalität des Criminal Intelligence Service Einheit 5.2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.08.2012, 05:16
| #7 |
| |  Computerkriminalität des Criminal Intelligence Service Einheit 5.2 Alles klar! Hier ist er: OTL Logfile: Code:
ATTFilter OTL logfile created on: 8/28/2012 8:11:03 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
511.00 Mb Total Physical Memory | 320.00 Mb Available Physical Memory | 63.00% Memory free
459.00 Mb Paging File | 341.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 18.63 Gb Total Space | 1.62 Gb Free Space | 8.72% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - [2012/08/27 14:05:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/27 13:14:40 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/13 20:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/04/29 08:04:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 11:41:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/08 14:24:34 | 000,072,704 | ---- | M] (Autodata Limited) [Auto] -- C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2008/03/16 11:51:56 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/06/01 15:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/05/08 03:56:44 | 000,049,214 | ---- | M] (Dassault Systemes) [Auto] -- C:\Programme\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
========== Driver Services (SafeList) ==========
DRV - [2011/03/16 11:41:30 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 09:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/07/08 14:16:39 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/17 11:58:00 | 000,560,640 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2005/12/07 11:27:52 | 000,013,324 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\krait.sys -- (krait03)
DRV - [2005/11/10 06:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2004/10/25 08:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2003/07/11 09:22:08 | 000,014,912 | ---- | M] (IBM) [Kernel | System] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Karli_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://suche.aon.at
IE - HKU\Karli_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\Karli_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/08/27 12:56:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/08/27 13:17:28 | 000,000,000 | ---D | M]
[2009/07/06 03:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Karli\Anwendungsdaten\mozilla\Extensions
[2012/08/27 13:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Karli\Anwendungsdaten\mozilla\Firefox\Profiles\2dlmsty0.default\extensions
[2012/08/27 13:02:32 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Karli\Anwendungsdaten\mozilla\Firefox\Profiles\2dlmsty0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/07/08 14:21:45 | 000,002,395 | ---- | M] () -- C:\Dokumente und Einstellungen\Karli\Anwendungsdaten\Mozilla\Firefox\Profiles\2dlmsty0.default\searchplugins\daemon-search.xml
[2009/07/22 07:15:45 | 000,001,250 | ---- | M] () -- C:\Dokumente und Einstellungen\Karli\Anwendungsdaten\Mozilla\Firefox\Profiles\2dlmsty0.default\searchplugins\winamp-search.xml
[2012/08/27 12:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
[2012/07/13 20:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/07/13 20:45:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/13 20:45:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/07/13 20:45:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/13 20:45:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/13 20:45:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/13 20:45:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2001/08/18 06:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O3 - HKU\Karli_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Krait] C:\Programme\Razer\Krait\razerhid.exe ()
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Belkin Wireless USB Utility.lnk = C:\Programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Dokumente und Einstellungen\Karli\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/08/28 10:46:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/08/28 10:24:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Karli\Lokale Einstellungen\Anwendungsdaten\Sun
[2012/08/27 19:51:49 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/08/27 19:51:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/27 13:27:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/08/27 13:19:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012/08/27 13:17:28 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/08/27 13:17:27 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/08/27 13:16:18 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/08/27 13:16:17 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/08/27 13:16:17 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/08/27 12:56:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[2012/08/27 12:56:45 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2012/08/25 05:09:27 | 009,232,584 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/07/31 12:47:02 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2009/07/06 03:04:02 | 007,946,536 | ---- | C] (Mozilla) -- C:\Programme\Firefox Setup 3.5.exe
========== Files - Modified Within 30 Days ==========
[2012/08/28 11:45:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/28 11:09:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/28 10:40:41 | 000,002,365 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Acrobat Distiller 7.0.lnk
[2012/08/28 10:40:41 | 000,002,359 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Designer 7.0.lnk
[2012/08/28 10:40:41 | 000,002,359 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk
[2012/08/28 10:40:41 | 000,002,353 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Acrobat 7.0 Professional.lnk
[2012/08/28 10:40:41 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[2012/08/28 10:31:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/27 14:05:38 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/27 14:05:36 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/27 14:02:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/27 13:43:45 | 000,482,614 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/08/27 13:43:45 | 000,460,996 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/27 13:43:45 | 000,094,110 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/08/27 13:43:45 | 000,076,996 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/27 13:14:56 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/08/27 13:14:08 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/08/27 13:14:07 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/08/27 13:14:06 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/27 13:14:05 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/08/27 13:13:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/08/27 13:13:56 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/08/27 12:56:54 | 000,000,714 | ---- | M] () -- C:\Dokumente und Einstellungen\Karli\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/27 12:56:53 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2012/08/27 12:56:53 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012/08/25 05:09:28 | 009,232,584 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/08/25 04:29:00 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/24 14:30:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2012/08/27 14:14:17 | 000,002,359 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk
[2012/08/27 12:56:53 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2012/07/31 12:47:16 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/20 11:50:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/07/06 03:06:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/19 11:47:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/05 07:34:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\getfile.dat
[2009/01/06 11:59:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/06 11:59:38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\msyuv.dll
[2008/11/02 15:44:00 | 000,000,248 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/11/02 15:43:09 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2008/11/02 15:43:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2008/11/02 15:43:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2008/11/02 15:43:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2008/11/02 15:42:33 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2008/05/18 08:47:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/22 05:47:57 | 000,000,982 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/03/31 15:34:38 | 000,000,193 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2008/03/31 15:34:37 | 000,000,722 | ---- | C] () -- C:\Programme\HP DeskJet 610C Serie v11.2 Toolbox.lnk
[2008/03/31 15:34:08 | 000,000,193 | ---- | C] () -- C:\WINDOWS\hpc.ini
[2008/03/17 14:59:42 | 000,000,110 | ---- | C] () -- C:\WINDOWS\festo.ini
[2008/03/16 11:39:10 | 000,000,522 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/12 16:29:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/12 15:38:46 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/03/11 17:37:23 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Karli\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/11 17:25:24 | 008,282,187 | ---- | C] () -- C:\Programme\vlc-0.8.5-win32.exe
[2008/03/11 17:10:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/11 16:59:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/11 16:47:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/11 16:45:13 | 000,210,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/01 15:06:00 | 000,031,232 | R--- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2006/06/01 15:06:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2005/07/12 09:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/23 11:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2004/01/13 22:24:21 | 030,143,040 | ---- | C] () -- C:\Programme\avira_antivir_personal_de.exe
[2004/01/06 19:19:21 | 000,560,640 | R--- | C] () -- C:\WINDOWS\System32\drivers\hcw95bda.sys
[2004/01/06 19:19:21 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\iyuv_32.dll
[2004/01/06 19:19:21 | 000,015,616 | R--- | C] () -- C:\WINDOWS\System32\drivers\hcw95rc.sys
[2004/01/06 19:19:21 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\tsbyuv.dll
[2004/01/06 19:19:20 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\msh263.drv
[2003/03/14 07:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2002/08/28 22:54:14 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 06:00:00 | 000,482,614 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001/08/18 06:00:00 | 000,460,996 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 06:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/18 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 06:00:00 | 000,094,110 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001/08/18 06:00:00 | 000,076,996 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 06:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/18 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/03/03 05:39:29 | 000,036,352 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
========== LOP Check ==========
[2009/07/08 14:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Karli\Anwendungsdaten\DAEMON Tools Lite
[2008/03/21 11:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Karli\Anwendungsdaten\DassaultSystemes
[2012/08/25 12:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Karli\Anwendungsdaten\Iqbua
[2009/02/05 07:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Karli\Anwendungsdaten\mquadr.at
[2008/04/19 13:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Karli\Anwendungsdaten\Opera
[2012/08/27 19:51:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Karli\Anwendungsdaten\Osky
[2008/05/16 15:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Karli\Anwendungsdaten\S.A.D
[2011/10/22 10:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2010/09/25 04:42:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Awem
[2009/07/08 14:22:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2008/03/21 11:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DassaultSystemes
[2009/02/05 07:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\m2backup
[2009/02/05 07:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2011/01/24 12:16:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009/02/05 07:27:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{783529ED-FB56-4E47-9A20-F9C23D22C2D0}
[2009/02/05 07:29:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8AF9D3CF-B9B5-4F8E-B47F-D26DF984D190}
[2009/02/05 07:28:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14}
========== Purity Check ==========
< End of report >
Danke |
| Themen zu Computerkriminalität des Criminal Intelligence Service Einheit 5.2 |
| .dll, adobe, adobe flash player, antivir, avira, bho, bildschirm, desktop, einstellungen, error, explorer, firefox, flash player, format, logfile, object, plug-in, registry, scan, secure, security, software, usb, warnung, windows, windows xp |
Baum-Darstellung