| chiisana | 09.09.2011 07:31 |
BKA Virus nerviger denn je :(
Hey Leute habe4 hier gerade den Rechner meines Bruder stehen der sich den Bka Trojaner eingefangen hat und auch eine variante die nerviger ist als die ersten Versionen.
Er lässt mich nicht im Abgesicherten Modus fahren und auch die WindowsCd lässt sich nicht booten.
Deshalb habe ich jetzt mit OTLPENet.exe erst mal den Rechner bootfähig gemacht und habe mir den OLT.txt herrausscanen lassen eine extra.txt ist dabei nicht entstanden.
Deshalb die frage ob sich mal jemand den Log anschauen kann und mir da helfen kann.
ggf. ob ich noch mal Malewarebytes drauf machen soll und ein vollscan nützlich ist PHP-Code:
OTL logfile created on: 9/9/2011 9:34:42 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 84.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19.53 Gb Total Space | 1.02 Gb Free Space | 5.23% Space Free | Partition Type: NTFS
Drive D: | 61.50 Mb Total Space | 39.53 Mb Free Space | 64.28% Space Free | Partition Type: FAT32
Drive E: | 24.41 Gb Total Space | 20.09 Gb Free Space | 82.29% Space Free | Partition Type: NTFS
Drive F: | 30.57 Gb Total Space | 21.68 Gb Free Space | 70.93% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2011/03/01 12:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/08/01 14:47:48 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/07/06 07:23:40 | 001,051,968 | ---- | M] (TuneUp Software) [Auto] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/07/06 07:20:38 | 000,030,016 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/24 18:07:13 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/24 18:07:09 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/07/09 03:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/11/15 04:09:42 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/10/31 01:27:58 | 000,118,784 | ---- | M] (NVIDIA) [Auto] -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (w32n5223)
DRV - File not found [Kernel | On_Demand] -- -- (USBModem)
DRV - File not found [Kernel | On_Demand] -- -- (UsbDiag)
DRV - File not found [Kernel | On_Demand] -- -- (usbbus)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (DT154_A02)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/10/30 13:45:19 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/02/24 08:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/10/04 06:09:15 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/08/05 17:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/31 09:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009/05/27 17:14:21 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/27 17:14:15 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/27 17:14:13 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/07/09 03:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/02/26 21:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/11/08 13:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/09/20 21:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/09/20 21:10:54 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/09/20 21:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/20 21:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/20 21:10:26 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/09/20 21:10:20 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/19 09:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/03/01 11:27:26 | 004,484,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/31 01:29:06 | 000,006,912 | ---- | M] (NVidia Corp.) [Kernel | On_Demand] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2006/08/14 02:51:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/07/11 09:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 09:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/16 02:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2004/08/22 11:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 11:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Ranel_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.plusnetwork.com
IE - HKU\Ranel_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Ranel_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
IE - HKU\Ranel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Programme\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/09/01 17:09:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/09/01 17:09:46 | 000,000,000 | ---D | M]
[2011/09/06 17:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/07/24 06:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2006/08/09 06:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npWebLaunch.dll
[2010/12/12 11:25:29 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/07/24 08:20:05 | 000,002,319 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2010/12/12 11:25:29 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010/12/12 11:25:29 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/12/12 11:25:29 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/12/12 11:25:29 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2001/08/18 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKU\Ranel_ON_C\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKU\Ranel_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\Ranel_ON_C..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [SpybotDeletingA3682] C:\WINDOWS\System32\command.com ()
O4 - HKU\Ranel_ON_C..\RunOnce: [KeApplet] File not found
O4 - HKU\Ranel_ON_C..\RunOnce: [SpybotDeletingD1265] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NETGEAR WG111v3 Setup-Assistent.lnk = C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Ranel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\jashla.exe) - C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\jashla.exe (Start Jig Bikini Hack Chips)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008/08/22 17:03:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/09/06 18:02:43 | 000,192,000 | ---- | C] (Start Jig Bikini Hack Chips) -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\jashla.exe
[2011/08/23 17:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\Help
[2009/10/04 14:29:32 | 000,647,168 | ---- | C] (G-Collections) -- C:\Dokumente und Einstellungen\Ranel\KZNRUS.exe
[2009/03/17 06:02:15 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009/03/17 06:02:15 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/09/08 19:26:41 | 114,825,248 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/09/08 19:26:41 | 001,348,364 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/09/08 19:26:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/08 19:26:27 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/09/08 19:26:13 | 000,000,335 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/09/08 07:10:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/06 18:02:43 | 000,192,000 | ---- | M] (Start Jig Bikini Hack Chips) -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\jashla.exe
[2011/09/05 16:54:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/04 07:44:02 | 000,000,472 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\World of Warcraft.lnk
[2011/08/24 13:57:58 | 000,000,107 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/08/15 14:32:40 | 000,152,118 | ---- | M] () -- C:\Dokumente und Einstellungen\Ranel\Eigene Dateien\ts3_clientui-win32-14954-2011-08-15 20_32_39.109375.dmp
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/08/24 13:57:58 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/08/15 14:32:39 | 000,152,118 | ---- | C] () -- C:\Dokumente und Einstellungen\Ranel\Eigene Dateien\ts3_clientui-win32-14954-2011-08-15 20_32_39.109375.dmp
[2011/06/19 12:52:39 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/19 12:52:39 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/19 12:52:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/19 12:51:01 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/04/17 15:57:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/02/06 12:16:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/02/26 17:10:39 | 005,086,237 | ---- | C] () -- C:\Dokumente und Einstellungen\Ranel\img055.jpg
[2009/10/04 14:46:08 | 000,000,063 | ---- | C] () -- C:\Dokumente und Einstellungen\Ranel\KZNRUS.SUF
[2009/10/04 06:09:15 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/10/04 06:09:15 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/09/21 16:06:19 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\setup_ldm.iss
[2009/08/07 22:20:17 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/08/07 22:20:17 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\PnkBstrK.sys
[2009/08/07 12:34:30 | 000,215,104 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/08/07 12:34:13 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/02/16 06:23:31 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/02/16 06:23:31 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/02/16 06:23:31 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/10/05 10:07:55 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Vtw.INI
[2008/09/27 07:46:21 | 000,026,624 | ---- | C] () -- C:\Dokumente und Einstellungen\Ranel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/22 03:49:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/22 03:49:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/08/23 07:20:49 | 114,825,248 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/08/23 07:18:09 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/08/23 07:18:06 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2008/08/23 07:18:06 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2008/08/23 07:17:48 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/08/23 07:09:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/08/23 06:59:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/08/23 06:58:59 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2008/08/22 17:45:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/22 17:44:52 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/22 17:05:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/22 17:01:31 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/10/10 06:51:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/08/16 09:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 09:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/22 12:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 09:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,516,592 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001/08/18 08:00:00 | 000,493,368 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,100,638 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001/08/18 08:00:00 | 000,083,912 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1997/06/14 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[color=#E56717]========== LOP Check ==========[/color]
[2008/10/04 08:17:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\.#
[2011/07/24 08:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\Babylon
[2009/03/02 06:22:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\FOG Downloader
[2010/07/07 03:27:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\ICQ
[2010/06/02 15:25:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\InterTrust
[2009/09/21 16:06:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\Leadertech
[2011/08/20 15:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\PriceGong
[2008/12/24 20:53:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\Sony
[2009/01/17 07:14:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\TomTom
[2011/07/31 17:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\TS3Client
[2010/08/01 14:47:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ranel\Anwendungsdaten\TuneUp Software
[2011/07/24 08:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2011/03/28 04:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core
[2011/02/03 06:09:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eJhPfKp06504
[2011/03/28 04:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2009/05/31 12:08:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2008/08/23 07:18:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2011/07/25 11:32:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2008/12/24 20:53:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2009/01/17 07:15:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2010/08/01 14:47:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010/08/01 14:46:42 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/09/08 19:26:27 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
Danke schon mal im Vorraus |
