Trojaner - Weißer Bildschirm, Please wait while connection is being established
Hallo :),
Leider wurde nun auch der Rechner (Vista) meiner Mutter von diesem lästigen Quälgeist befallen. Weißer Bildschirm, dt.+engl. Aufforderung zu warten bis die Verbindung hergestellt ist.
Am Rande erwähnt mittlerweile der dritte oder vierte Trojaner innerhalb von 6 Monaten. Vermutlich schützt sie ihren Pc bei weitem nicht ausreichend.
Für die Hilfe beim aktuellen Problem, sowie für Tipps die ich ihr geben kann um den Rechner in Zukunft davor zu schützen, wäre ich Ihnen sehr dankbar.
Hier die OTL.txt PHP-Code:
OTL logfile created on: 3/21/2012 8:25:46 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.90 Gb Total Space | 149.13 Gb Free Space | 66.61% Space Free | Partition Type: NTFS
Drive E: | 8.98 Gb Total Space | 1.66 Gb Free Space | 18.51% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2011/10/11 08:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 08:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/04/25 19:15:26 | 000,361,808 | ---- | M] () [Auto] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 06:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/10/11 09:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 09:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 09:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/06/10 14:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/09 18:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/06/09 18:23:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/06/05 12:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 06:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 11:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Lilly_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKU\Lilly_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKU\Lilly_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Lilly_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Lilly_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.5.5
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 15:37:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/09 19:12:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Lilly\AppData\Roaming\5015 [2011/06/07 11:37:24 | 000,000,000 | ---D | M]
[2009/05/12 12:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lilly\AppData\Roaming\Mozilla\Extensions
[2012/03/13 09:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lilly\AppData\Roaming\Mozilla\Firefox\Profiles\ds4l8uds.default\extensions
[2010/06/15 22:55:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lilly\AppData\Roaming\Mozilla\Firefox\Profiles\ds4l8uds.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/16 12:46:25 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Lilly\AppData\Roaming\Mozilla\Firefox\Profiles\ds4l8uds.default\extensions\2020Player@2020Technologies.com
[2009/05/15 07:50:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Lilly\AppData\Roaming\Mozilla\Firefox\Profiles\ds4l8uds.default\extensions\moveplayer@movenetworks.com
[2011/11/02 18:29:18 | 000,000,933 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\Mozilla\Firefox\Profiles\ds4l8uds.default\searchplugins\11-suche.xml
[2011/11/02 18:29:18 | 000,002,419 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\Mozilla\Firefox\Profiles\ds4l8uds.default\searchplugins\englische-ergebnisse.xml
[2011/11/02 18:29:18 | 000,010,525 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\Mozilla\Firefox\Profiles\ds4l8uds.default\searchplugins\gmx-suche.xml
[2011/11/02 18:29:18 | 000,002,457 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\Mozilla\Firefox\Profiles\ds4l8uds.default\searchplugins\lastminute.xml
[2011/08/14 05:42:51 | 000,005,508 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\Mozilla\Firefox\Profiles\ds4l8uds.default\searchplugins\webde-suche.xml
[2009/05/12 12:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/07 11:37:24 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\LILLY\APPDATA\ROAMING\5015
() (No name found) -- C:\USERS\LILLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DS4L8UDS.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/02/26 15:37:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/30 09:27:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/30 09:27:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/30 09:27:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/30 09:27:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/30 09:27:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/30 09:27:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\Lilly_ON_C\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCFix] C:\Program Files\PCFix\PCFix.exe (Dubai Click LLC)
O4 - HKLM..\Run: [SymLnch] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Lilly_ON_C..\Run: [Newwin] C:\Users\Lilly\AppData\Roaming\Servtree\helpnew.exe ()
O4 - HKU\Lilly_ON_C..\Run: [Userinit] File not found
O4 - HKU\Lilly_ON_C..\Run: [ZPseiK15zRSy1wG] C:\Users\Lilly\AppData\Roaming\hw56suzj11.exe (lyqU)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Lilly_ON_C Winlogon: Shell - (C:\Users\Lilly\AppData\Roaming\hw56suzj11.exe) - C:\Users\Lilly\AppData\Roaming\hw56suzj11.exe (lyqU)
O20 - HKU\Lilly_ON_C Winlogon: UserInit - (C:\Users\Lilly\AppData\Roaming\hw56suzj11.exe) - C:\Users\Lilly\AppData\Roaming\hw56suzj11.exe (lyqU)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9659c8a8-448d-11df-9964-001f16512dba}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{a8c805bb-7a0a-11de-9d15-001f16512dba}\Shell\AutoRun\command - "" = F:\autorun\autorun.bat SIIM2009_Index.pdf
O33 - MountPoints2\{a8c805bb-7a0a-11de-9d15-001f16512dba}\Shell\intro\command - "" = F:\autorun\autorun.bat SIIM2009_Index.pdf
O33 - MountPoints2\{b856d15d-49bf-11e1-8f02-001f16512dba}\Shell - "" = AutoRun
O33 - MountPoints2\{b856d15d-49bf-11e1-8f02-001f16512dba}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/03/19 17:04:50 | 000,294,912 | ---- | C] (lyqU) -- C:\Users\Lilly\AppData\Roaming\hw56suzj11.exe
[1 C:\Users\Lilly\AppData\Roaming\*.tmp files -> C:\Users\Lilly\AppData\Roaming\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/03/21 14:04:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/21 13:30:36 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D1478822-2732-47E9-8ECB-462848417A2A}.job
[2012/03/21 13:28:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 13:28:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 13:28:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/21 13:28:00 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 17:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/19 17:04:44 | 000,294,912 | ---- | M] (lyqU) -- C:\Users\Lilly\AppData\Roaming\hw56suzj11.exe
[2012/03/19 15:58:22 | 000,000,249 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/03/15 01:23:14 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/26 17:08:45 | 000,002,735 | ---- | M] () -- C:\Users\Lilly\Desktop\Microsoft Office Outlook 2003.lnk
[2012/02/23 04:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Users\Lilly\AppData\Roaming\*.tmp files -> C:\Users\Lilly\AppData\Roaming\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/07/17 14:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2010/11/08 21:03:48 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/11/08 21:03:47 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BXD2140.DAT
[2010/06/28 09:10:31 | 000,000,808 | ---- | C] () -- C:\Windows\System32\OKIPAR.DAT
[2010/02/25 09:57:59 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/06/17 14:11:00 | 000,007,592 | ---- | C] () -- C:\Users\Lilly\AppData\Local\d3d9caps.dat
[2009/05/27 15:11:37 | 000,031,744 | ---- | C] () -- C:\Users\Lilly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/12 12:49:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/12 11:56:12 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/12 11:56:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/02 08:03:45 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/08/02 08:03:45 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/08/02 08:03:45 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/08/02 08:03:45 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/08/01 23:47:20 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,297,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[color=#E56717]========== LOP Check ==========[/color]
[2011/06/07 11:37:24 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\5015
[2011/06/06 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\kock
[2011/05/30 11:08:18 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\PCFix
[2009/09/05 05:20:37 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\PlayFirst
[2011/02/15 01:11:26 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\Servtree
[2009/09/05 05:19:43 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\WildTangent
[2011/06/06 17:04:51 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\xmldm
[2011/07/17 14:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 14:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 14:49:08 | 000,000,000 | R--D | M] -- \SFX
[2012/03/16 13:53:02 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/21 13:30:36 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D1478822-2732-47E9-8ECB-462848417A2A}.job
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
Liebe Grüße :) |
