| thorhmself | 26.06.2011 20:10 |
Logfileauswertung nach Befall durch BKA Trojaner.
Hallo liebes Forum,
meine Mitbewohnerin wurde Opfer des BKA Trojaners.
Mit der Kaspersky Rettungs-CD habe ich den PC wenigstens zum Laufen gebracht. Wie hier empfohlen habe ich dann erstmal mit Malwarebyte das System komplett gescannt und anschließend OTL einen Custom Scan ausführen lassen.
Ich poste hier mal die Logfiles.
Malwarebyte (alte Logfiles gibt es leider nicht, sie hatte aber vor 6 Wochen schonmal einen Virus auf dem PC, den ihr Bruder entfernen sollte): Zitat:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6954
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26.06.2011 20:14:46
mbam-log-2011-06-26 (20-14-38).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 235690
Laufzeit: 42 Minute(n), 11 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
Extras:
[QUOTE][OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 6/26/2011 9:28:38 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
894.00 Mb Total Physical Memory | 692.00 Mb Available Physical Memory | 77.00% Memory free
806.00 Mb Paging File | 716.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 86.05 Gb Total Space | 31.17 Gb Free Space | 36.22% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
Using ControlSet: ControlSet003
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\CDS\Nero\Installation\SetupX.exe" = D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup
"C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17283B95-21A8-4996-97DA-547A48DB266F}" = DisplayManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292}" = hp deskjet 3600
"{949D34E5-F53F-4830-9A50-1E2C39109043}_is1" = PNotes 7.0.107
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A54CFB6D-EA5C-4B8A-AD6C-60AD78CA1031}" = Nero 7 Essentials
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B18B7901-4025-4BFF-9DA2-BCC45F594DE2}" = Atheros WLAN Client
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E12DA139-1E5B-46DB-BAEA-683DC9F27CBC}" = ATI Catalyst Control Center
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Tine_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
< End of report >
--- --- ---
Wäre super, wenn ihr mir helfen könntet, wie es weiter geht weiß ich nämlich absolut nicht.
Vielen Dank schonmal im voraus.
Liebe Grüße,
Jonas
Oh mir ist gerade aufgefallen, dass ich in meinem ersten Post aus Versehen 2mal die "Extra" Log gepostet habe und die OTL Log vergessen habe.
Hier deswegen die richtige OTL Log:
Ach ja und noch eine Frage. Wie kann ich Dateien auf dem infizierten Rechner sichern, ohne meinen USB Stick/externe Festplattte usw. in Gefahr zu bringen auch infiziert zu werden? Reicht es aus, wenn ich den PC von der OTL CD aus starte?
OTL Logfile: Code:
OTL logfile created on: 6/26/2011 9:28:38 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
894.00 Mb Total Physical Memory | 692.00 Mb Available Physical Memory | 77.00% Memory free
806.00 Mb Paging File | 716.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 86.05 Gb Total Space | 31.17 Gb Free Space | 36.22% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
Using ControlSet: ControlSet003
========== Win32 Services (SafeList) ==========
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\InCDrec.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (DNSeFilter) -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS (Samsung Electronics,.LTD)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (SSB2413) -- C:\WINDOWS\system32\drivers\SSB2413.sys (Atheros Communications, Inc.)
DRV - (BsStor) -- C:\WINDOWS\System32\drivers\BsStor.sys (Cyberlink Co.,Ltd.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tine_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/05/06 10:49:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/05/03 05:34:42 | 000,000,000 | ---D | M]
[2011/05/25 13:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions
[2011/05/25 16:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\csnb2i07.default\extensions
[2011/05/25 16:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\csnb2i07.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/25 16:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\csnb2i07.default\extensions\staged-xpis
[2011/06/18 04:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/06/14 04:43:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/01 04:18:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/01 04:18:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/01 04:18:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/02 11:58:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2011/03/10 13:24:33 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/03/10 13:24:33 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/03/10 13:24:33 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/03/10 13:24:33 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/03/10 13:24:33 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\Tine_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DisplayManager.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\DisplayManager\DMLoader.exe (SAMSUNG)
O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Tine_ON_C..\Run: [LightScribe Control Panel] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = File not found
O4 - Startup: C:\Dokumente und Einstellungen\Tine\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Tine_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.180 195.50.140.114
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/23 15:01:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 60 Days ==========
[2011/06/26 13:50:09 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011/06/18 17:40:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache
[2011/06/16 13:19:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/15 08:57:09 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/05/29 05:05:33 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/05/29 05:05:09 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/05/29 05:03:20 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/05/29 05:03:20 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/05/29 05:02:22 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/05/29 04:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/29 04:39:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/05/29 04:39:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011/05/29 04:39:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/05/29 04:31:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/05/29 04:24:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/05/28 06:22:37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\IETldCache
[2011/05/26 17:02:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
[2011/05/26 16:57:49 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Tine\PrivacIE
[2011/05/26 16:55:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tine\Startmenü\Programme\Accessories
[2011/05/26 16:55:12 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Tine\IETldCache
[2011/05/26 16:40:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/05/26 16:36:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/26 16:33:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/05/26 16:33:36 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/05/26 16:33:33 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/05/26 16:33:32 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/05/26 16:33:30 | 011,081,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/05/26 16:05:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/05/26 16:05:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-de
[2011/05/26 16:01:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/05/26 16:01:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/05/26 16:00:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/05/25 17:11:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/25 16:52:41 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
[2011/05/25 12:45:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2011/05/25 12:45:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2011/05/25 12:38:14 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011/05/25 12:38:14 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo
[2011/05/25 12:38:14 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
[2011/05/25 12:38:14 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör
[2011/05/25 12:38:14 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü
[2011/05/25 12:38:14 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart
[2011/05/25 12:38:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies
[2011/05/25 12:38:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen
[2011/05/25 12:38:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2011/05/25 12:38:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
[2011/05/25 12:38:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
[2011/05/25 12:38:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
[2011/05/25 12:38:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2011/05/25 12:38:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten
[2011/05/25 12:38:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop
[2011/05/22 04:29:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Malwarebytes
[2011/05/22 04:28:51 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/22 04:28:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011/05/22 04:28:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011/05/22 04:28:37 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/22 04:28:36 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011/05/21 18:13:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/21 18:00:56 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/05/10 11:00:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype Extras
[2011/05/10 10:59:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2011/05/10 10:59:57 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 60 Days ==========
[2011/06/26 14:16:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/26 13:26:17 | 000,000,774 | ---- | M] () -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/26 13:26:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011/06/26 10:56:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/18 17:44:21 | 000,459,446 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/06/18 17:44:21 | 000,441,708 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/18 17:44:21 | 000,071,452 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/18 17:44:20 | 000,084,722 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/06/16 13:13:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/06 14:43:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/30 18:12:59 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 05:32:01 | 000,216,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/29 04:54:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/29 04:39:57 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zubehör
[2011/05/29 04:31:12 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011/05/29 03:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 03:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 15:15:49 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2011/05/25 12:43:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/25 12:43:25 | 000,003,584 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 10:59:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2011/05/03 15:48:36 | 000,002,305 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 7.0.lnk
[2011/05/02 11:31:52 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/04/29 23:01:14 | 000,758,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/04/29 12:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/26 13:26:17 | 000,000,774 | ---- | C] () -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/29 04:55:39 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Startmenü\Programme\Windows Media Player.lnk
[2011/05/25 12:43:25 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/25 12:38:15 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk
[2011/05/25 12:38:15 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Windows Media Player.lnk
[2011/01/09 10:59:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/09 10:59:22 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Tine\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/05 01:27:53 | 000,010,615 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2010/11/06 09:24:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/02 08:34:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/24 14:13:35 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/23 16:25:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/23 15:56:59 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2010/10/23 15:56:59 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2010/10/23 15:47:56 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\Tine_KBD.ini
[2010/10/23 15:47:56 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2010/10/23 15:47:54 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2010/10/23 15:47:54 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2010/10/23 15:47:54 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2010/10/23 15:47:54 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2010/10/23 15:47:54 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2010/10/23 15:47:54 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2010/10/23 15:47:54 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2010/10/23 15:47:54 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2010/10/23 15:47:54 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2010/10/23 15:47:54 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2010/10/23 15:47:54 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2010/10/23 15:47:54 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2010/10/23 15:47:54 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2010/10/23 15:47:54 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2010/10/23 15:47:54 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2010/10/23 15:47:54 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2010/10/23 15:47:54 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2010/10/23 15:47:54 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2010/10/23 15:40:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/23 15:40:05 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/10/23 15:38:52 | 000,216,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/23 15:38:34 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\MagicQ.exe
[2010/10/23 15:38:34 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\WLANUpdate.exe
[2010/10/23 15:38:34 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\mdslmmax.exe
[2010/10/23 15:38:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\RemoveWLAN.exe
[2010/10/23 15:38:34 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ACUClose.exe
[2010/10/23 15:37:41 | 000,000,860 | R--- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2010/10/23 15:37:39 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/10/23 15:37:39 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/10/23 15:35:04 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Tine\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/10/23 15:31:42 | 000,121,995 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/23 15:03:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/23 14:58:13 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/23 08:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 08:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,459,446 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/04 08:00:00 | 000,441,708 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,084,722 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/04 08:00:00 | 000,071,452 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/31 01:32:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/31 01:30:56 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
[2010/12/06 17:52:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Dropbox
[2010/11/01 04:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\OpenOffice.org
========== Purity Check ==========
< End of report >
--- --- --- |
