BKA Trojaner / OLTPE LOG / automatischer Neustart beim abgesicherten Modus
Hallo zusammen,
Hab 'n BKA-Trojaner auf einem System und bin diesmal leider machtlos dagegen da ich nicht in den abgesicherten Modus komme. Bin kein totaler Neuling was Virenentfernung mit MBAM / Combofix usw. angeht aber in diesem Fall überfragt; nach einigen Nachforschungen poste ich hier letztlich nun das Log vom OLTPE - Suchlauf.
Wäre klasse wenn ihr mir helfen könnt, habe noch 2 weitere Rechner mit dem selben Problem. Code:
OTL logfile created on: 4/2/2013 8:16:24 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511.00 Mb Total Physical Memory | 320.00 Mb Available Physical Memory | 63.00% Memory free
459.00 Mb Paging File | 338.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.36 Gb Total Space | 43.95 Gb Free Space | 59.11% Space Free | Partition Type: FAT32
Drive D: | 72.21 Gb Total Space | 71.17 Gb Free Space | 98.56% Space Free | Partition Type: NTFS
Drive E: | 2.45 Gb Total Space | 0.48 Gb Free Space | 19.54% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/03/08 20:36:52 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/08 09:45:18 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/08 09:45:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 09:45:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz132)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/05/08 09:45:18 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 09:45:18 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 16:08:08 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009/10/08 16:55:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 19:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/11/10 12:34:00 | 000,126,878 | R--- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nvcap.sys -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2003/11/10 12:34:00 | 000,013,360 | R--- | M] (NVIDIA Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nvxbar.sys -- (NVXBAR)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\x_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\x_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013/03/08 20:35:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013/03/08 20:35:52 | 000,000,000 | ---D | M]
[2010/07/06 13:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\mozilla\Extensions
[2010/07/06 13:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\mozilla\Firefox\Profiles\d39j00r7.default\extensions
[2010/07/11 14:00:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\mozilla\Firefox\Profiles\d39j00r7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/08 13:10:22 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus WebGuard") -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\mozilla\Firefox\Profiles\d39j00r7.default\extensions\toolbar@ask.com
[2013/03/08 20:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013/03/08 20:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2013/03/08 20:36:58 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/10/15 23:29:22 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2012/10/15 23:29:22 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/10/15 23:29:22 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/10/15 23:29:22 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/10/15 23:29:22 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/10/15 23:29:22 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
O1 HOSTS File: ([2002/08/29 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\x_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\x_ON_C..\Run: [RecordNow!] File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\x_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261231492250 (WUWebControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\x_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\x_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\x\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\x\Anwendungsdaten\skype.dat ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/17 11:58:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{46a9d9f4-1311-11df-b8d3-000c76c1bfce}\Shell\AutoRun\command - "" = L:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/04/02 14:05:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\x\Recent
[2013/04/02 13:56:36 | 000,000,000 | -HSD | C] -- C:\FOUND.022
[2013/03/29 08:24:58 | 000,000,000 | -HSD | C] -- C:\FOUND.021
[2013/03/29 01:20:52 | 000,000,000 | -HSD | C] -- C:\FOUND.020
[2013/03/21 22:38:31 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/21 22:38:31 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/03/09 06:48:08 | 000,000,000 | -HSD | C] -- C:\FOUND.019
[2013/03/08 20:35:48 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/02 18:35:44 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\skype.ini
[2013/04/02 18:34:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/02 13:56:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/31 10:24:12 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/28 23:35:28 | 000,084,992 | R--- | M] () -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\skype.dat
[2013/03/19 11:35:46 | 000,000,416 | ---- | M] () -- C:\Dokumente und Einstellungen\x\Eigene Dateien\spider.sav
[2013/03/16 15:17:16 | 000,002,367 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ACDSee 4.0.lnk
[2013/03/13 09:17:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/28 23:46:53 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\skype.ini
[2013/03/28 23:42:29 | 000,084,992 | R--- | C] () -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\skype.dat
[2012/10/11 11:43:26 | 000,032,768 | RH-- | C] () -- C:\Dokumente und Einstellungen\x\Recent.000
[2012/02/17 08:24:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/02/06 12:18:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2010/01/21 15:37:51 | 000,104,007 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/01/21 15:37:51 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/01/21 15:37:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/12/21 12:02:10 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/12/17 13:01:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/17 12:34:54 | 000,073,728 | ---- | C] () -- C:\WINDOWS\Dit.exe
[2009/12/17 12:34:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\DitExp.exe
[2009/12/17 12:34:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\Dit.DLL
[2009/12/17 12:34:54 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2009/12/17 12:29:59 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/17 12:29:59 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/12/17 12:29:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/12/17 12:08:19 | 000,126,878 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvcap.sys
[2009/12/17 12:07:56 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2009/12/17 12:07:56 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2009/12/17 12:00:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/17 11:56:09 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/17 11:52:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/17 11:51:17 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/22 19:20:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/08/29 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 12:00:00 | 000,448,892 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002/08/29 12:00:00 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002/08/29 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 12:00:00 | 000,080,332 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002/08/29 12:00:00 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002/08/29 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/08/29 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/09/21 06:00:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\InTouchViewer.dll
[2001/09/21 05:59:38 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\InTouchCOMClient.dll
[2001/09/17 09:49:22 | 000,421,888 | R--- | C] () -- C:\WINDOWS\System32\XMLParser.dll
[2001/09/17 09:49:20 | 000,573,440 | R--- | C] () -- C:\WINDOWS\System32\dbsock.dll
[2001/09/17 09:49:20 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\Transport.dll
[2001/09/17 09:48:54 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2001/09/17 09:48:54 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2001/09/17 09:48:54 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2001/09/17 09:48:54 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2001/09/17 09:48:54 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2001/09/17 09:48:54 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2001/09/17 09:48:54 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2001/09/17 09:48:52 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2001/09/17 09:48:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2001/09/17 09:48:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2001/09/17 09:48:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2001/09/17 09:48:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001/08/27 18:40:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/27 18:39:30 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
[2012/06/02 14:15:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\T-Online
[2009/12/17 12:13:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\InterTrust
[2010/01/22 13:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\ACD Systems
[2010/02/06 12:25:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Template
[2011/03/06 16:00:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\T-Online
[2011/07/09 09:17:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\AskToolbar
[2011/09/03 12:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Leadertech
[2011/11/04 15:54:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\elsterformular
[2012/04/27 08:47:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\pdfforge
[2012/04/27 09:03:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\PDF Software
[2009/12/17 12:13:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2010/01/21 14:33:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011/03/06 16:00:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2011/08/23 20:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ReviverSoft
[2011/11/04 15:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011/07/08 13:10:22 | 000,000,218 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2013/02/06 12:32:16 | 000,000,410 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3DAB6415-8B0A-42DC-B9C4-AC4ACB970DE0}.job
========== Purity Check ==========
< End of report >
|
