| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: weißer Bildschrim nach User Login unter Windows 7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.06.2013, 22:19
| #1 |
 |  weißer Bildschrim nach User Login unter Windows 7 Guten Abend zusammen, habe mir manch Themen angesehen aber wie Ihr selbst schreibt, sind Lösungen für die einzelnen Personen gedacht. Daher mein eigenes Thema. Ich bedanke mich vorab für Eure Hilfe und die von Euch eingesetzte Freizeit mir zu helfen. Problem nach dem Userlogin, wird der Desktop weiß, es gibt nichts zu sehen, klicken außer die kleine Leiste für die Sprachwahl.. CTRL STRG ENTF öffnet das Menü, der Klick auf den TAskmanager wird nicht ausgeführt. Ich habe OTLPE wie beschrieben geladen, gebrannt und ausgeführt. Anbei die Log Was nun? Code:
ATTFilter OTL logfile created on: 6/4/2013 1:23:05 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.88 Gb Total Space | 51.16 Gb Free Space | 46.56% Space Free | Partition Type: NTFS
Drive E: | 983.73 Mb Total Space | 420.47 Mb Free Space | 42.74% Space Free | Partition Type: FAT
Drive F: | 110.00 Gb Total Space | 100.96 Gb Free Space | 91.78% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2012/05/08 12:59:34 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/08 12:59:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 12:59:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/07/29 14:26:02 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/10/19 08:30:02 | 000,222,456 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008/07/10 07:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 07:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/05/12 19:47:20 | 000,077,480 | ---- | M] () [Auto] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 04:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (VMC326)
DRV - File not found [Kernel | On_Demand] -- -- (VMC302)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2012/05/08 12:59:34 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 12:59:34 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 11:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009/10/08 11:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/11/18 11:26:40 | 000,103,552 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gtstusbser.sys -- (gtstusbser)
DRV - [2008/04/26 22:07:00 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/05/23 04:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\sven_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKU\sven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKU\sven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\sven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\sven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 51 1F 09 92 7A CC 01 [binary data]
IE - HKU\sven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\sven_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\sven_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\sven_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\sven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\sven_ON_C..\Run: [{19E4F906-0FCA-6C68-0686-DA2B181F56B4}] File not found
O4 - HKU\sven_ON_C..\Run: [4E3E0230AEBB4E96] File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\sven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\sven_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\sven_ON_C Winlogon: Shell - (C:\Users\sven\AppData\Roaming\skype.dat) - C:\Users\sven\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/11/08 07:07:50 | 000,000,000 | ---D | M] - F:\auto -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a86f58c5-9d2d-11e1-97a9-001377e14b62}\Shell - "" = AutoRun
O33 - MountPoints2\{a86f58c5-9d2d-11e1-97a9-001377e14b62}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{ca0f17c0-1df1-11de-9017-001377e14b62}\Shell - "" = AutoRun
O33 - MountPoints2\{ca0f17c0-1df1-11de-9017-001377e14b62}\Shell\AutoRun\command - "" = G:\QsSetup.exe
O33 - MountPoints2\{ca9abea3-1ef1-11de-9b00-001377e14b62}\Shell - "" = AutoRun
O33 - MountPoints2\{ca9abea3-1ef1-11de-9b00-001377e14b62}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\QsSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 60 Days ==========
[2013/04/11 14:36:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/11 14:36:28 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/04/11 14:36:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/11 14:36:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/11 14:36:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/11 14:36:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/11 14:36:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/04/11 14:36:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/11 14:36:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/11 14:36:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/04/10 08:14:32 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/10 08:14:31 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/10 08:14:31 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/10 08:14:28 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/04/10 08:14:26 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/25 13:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
========== Files - Modified Within 60 Days ==========
[2013/06/03 15:12:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/03 15:12:45 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 15:12:45 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 15:12:36 | 000,000,004 | ---- | M] () -- C:\Users\sven\AppData\Roaming\skype.ini
[2013/06/03 14:49:36 | 000,000,680 | ---- | M] () -- C:\Users\sven\AppData\Local\d3d9caps.dat
[2013/06/03 14:47:41 | 3179,921,408 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/05 10:29:02 | 000,000,912 | ---- | M] () -- C:\Users\sven\Desktop\Dokument.rtf
[2013/05/05 04:44:40 | 000,179,693 | ---- | M] () -- C:\Users\sven\Desktop\Einladung-Einladungskarten-Hochzeit-fhe%20(2).jpg
[2013/05/01 20:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/27 14:13:41 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/27 14:13:41 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/27 14:13:41 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/27 14:13:41 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/11 15:00:42 | 000,368,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013/05/07 04:04:01 | 000,000,004 | ---- | C] () -- C:\Users\sven\AppData\Roaming\skype.ini
[2013/05/05 10:29:02 | 000,000,912 | ---- | C] () -- C:\Users\sven\Desktop\Dokument.rtf
[2013/05/05 10:12:54 | 000,179,693 | ---- | C] () -- C:\Users\sven\Desktop\Einladung-Einladungskarten-Hochzeit-fhe%20(2).jpg
[2012/03/14 23:29:18 | 000,000,680 | ---- | C] () -- C:\Users\sven\AppData\Local\d3d9caps.dat
[2012/01/11 12:57:48 | 000,110,592 | ---- | C] () -- C:\Users\sven\AppData\Roaming\skype.dat
[2011/12/31 10:37:40 | 000,007,680 | ---- | C] () -- C:\Users\sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/12 06:32:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/08/25 14:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 14:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 14:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 13:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 13:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 13:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/08/22 14:13:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/22 14:13:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/31 08:55:13 | 000,001,007 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI
[2009/01/02 03:06:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/02 02:27:20 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2009/01/02 02:26:25 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009/01/02 02:26:25 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009/01/02 02:18:23 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2009/01/02 02:18:23 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2009/01/02 02:18:07 | 000,004,860 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009/01/02 01:59:29 | 000,675,412 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/01/02 01:59:29 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/01/02 01:59:29 | 000,146,368 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/01/02 01:59:29 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/01/02 01:51:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/01/02 01:51:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2009/01/02 01:51:03 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/02/09 12:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007/02/26 03:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\imagine digital freedom.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,368,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,633,886 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,118,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/13 23:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
========== LOP Check ==========
[2011/09/29 14:46:53 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\DVDVideoSoft
[2011/09/29 14:46:28 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/07/28 14:44:04 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\ICQ
[2011/06/21 14:30:58 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Qiyl
[2012/12/29 13:05:12 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\RavensburgerTipToi
[2011/06/21 14:25:19 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Wyul
[2009/03/30 15:12:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/03/30 15:12:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/11/17 10:13:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/03/30 15:12:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/03/31 09:26:59 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2013/03/31 03:09:22 | 000,000,000 | ---D | M] -- C:\ProgramData\RavensburgerTipToi
[2009/01/02 02:19:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/03/30 15:12:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/03/30 15:12:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/01/02 02:46:59 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2013/06/03 15:12:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/16 08:56:54 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{27DB8BB8-9817-4932-A2CA-332B0EECBCA5}.job
========== Purity Check ==========
< End of report >
|
| Themen zu weißer Bildschrim nach User Login unter Windows 7 |
| adobe, antivir, autorun, avira, avira searchfree toolbar, bho, converter, defender, desktop, error, explorer, home, logfile, opera, plug-in, realtek, registry, software, taskmanager, trojan.agent.zr0, windows, öffnet |
Baum-Darstellung