| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Bundespolizei..."auf dem Notebook und der Book ist gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.08.2011, 10:46
| #1 |
 |  "Bundespolizei..."auf dem Notebook und der Book ist gesperrt Hallo! Auf dem Notebook kommt nach Anmeldung eine bunte Seite mit "Bundespolizei hat festgestellt ... blablabla... 100,- Euro bezahlen um zu entsperren... Ich bin hier im Forum mit Hilfe der Tante Guugle gelandet und alle betreffende Threads durchgelesen. Vorab habe ich die Notebook-Platte an einem Rechner getestet und durch verschiedene AV-Programme durchsucht - nur Eset hat diese jshle.exe gefunden und gelöscht, aber sobald der Book gestartet ist war das Bild wieder da - und die Datei auch. Also wie beschrieben OTL-CD erstellt, gestartet und so sieht der Ergebnis aus : (es wurde nur die eine Datei erstellt - keine "Extras-Datei") Code:
ATTFilter
OTL logfile created on: 8/3/2011 1:26:29 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
894.00 Mb Total Physical Memory | 687.00 Mb Available Physical Memory | 77.00% Memory free
806.00 Mb Paging File | 718.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 90.25 Gb Total Space | 52.01 Gb Free Space | 57.63% Space Free | Partition Type: NTFS
Drive D: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive E: | 45.12 Gb Total Space | 45.04 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (CLTNetCnService)
SRV - [2009/01/12 16:59:58 | 000,164,097 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe -- (AntiVirMailService)
SRV - [2008/10/15 08:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\Avira Premium Security Suite\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 08:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe -- (AntiVirService)
SRV - [2008/06/12 08:59:46 | 000,258,305 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE -- (antivirwebservice)
SRV - [2008/05/16 04:19:16 | 000,344,321 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2008/05/09 07:22:40 | 000,041,217 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe -- (AVEService)
SRV - [2007/09/26 05:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/26 05:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007/06/28 20:25:03 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 13:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/08 04:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006/11/17 14:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System] -- -- (mailKmd)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2009/06/04 15:19:57 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/06/04 15:18:03 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Program Files\Avira\Avira Premium Security Suite\avgntflt.sys -- (avgntflt)
DRV - [2009/06/04 15:17:58 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\Avira Premium Security Suite\avgio.sys -- (avgio)
DRV - [2008/05/07 08:20:00 | 000,071,592 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2008/05/07 04:51:05 | 000,071,464 | ---- | M] (Avira GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2007/11/08 13:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/21 08:33:54 | 000,080,232 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System] -- C:\Windows\System32\drivers\sleen15.sys -- (SLEE_15_DRIVER)
DRV - [2007/02/01 05:55:10 | 000,690,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/01/08 07:16:50 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 03:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/07/14 08:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2003/04/28 05:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\tillmanns_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\tillmanns_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\tillmanns_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\tillmanns_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\tillmanns_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CtrlVol] File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SAFEHOME HotKeys] C:\Program Files\Steganos Safe Home\SteganosHotKeyService.exe ()
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\tillmanns_ON_C..\Run: [] File not found
O4 - HKU\tillmanns_ON_C..\Run: [avupdate] C:\Users\tillmanns\AppData\Roaming\jashla.exe (Legion)
O4 - HKU\tillmanns_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\tillmanns_ON_C..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers)
O4 - HKU\tillmanns_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\tillmanns_ON_C..\Run: [WeatherBugAlert] C:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies)
O4 - HKU\tillmanns_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O7 - HKU\tillmanns_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/08/01 17:57:08 | 000,192,000 | ---- | C] (Legion) -- C:\Users\tillmanns\AppData\Roaming\jashla.exe
[2010/02/03 18:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[2 C:\Users\tillmanns\AppData\Local\*.tmp files -> C:\Users\tillmanns\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/03 04:44:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/03 04:41:04 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/08/03 04:41:04 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/03 04:41:04 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/08/03 04:41:04 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/03 04:40:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3AA20BDA-7881-4C8E-B1B6-4835E47BC8C9}.job
[2011/08/03 04:36:16 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 04:36:16 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 04:36:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/03 04:35:41 | 937,672,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/02 02:34:17 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2011/08/02 01:34:02 | 000,000,000 | ---- | M] () -- C:\Users\tillmanns\AppData\Local\{0C69701B-E732-4175-9003-8EE4BE8C3C58}
[2011/08/02 00:49:51 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/08/02 00:09:44 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 17:57:08 | 000,192,000 | ---- | M] (Legion) -- C:\Users\tillmanns\AppData\Roaming\jashla.exe
[2011/07/23 03:48:54 | 000,015,872 | ---- | M] () -- C:\Users\tillmanns\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Users\tillmanns\AppData\Local\*.tmp files -> C:\Users\tillmanns\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/03 04:35:41 | 937,672,704 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/02 01:34:02 | 000,000,000 | ---- | C] () -- C:\Users\tillmanns\AppData\Local\{0C69701B-E732-4175-9003-8EE4BE8C3C58}
[2011/08/02 00:49:41 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/04/27 05:21:38 | 003,268,096 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2011/04/26 18:08:34 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/19 05:06:02 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/19 05:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/03/14 23:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/03/30 08:28:46 | 000,000,680 | ---- | C] () -- C:\Users\tillmanns\AppData\Local\d3d9caps.dat
[2007/11/07 11:34:33 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/11/07 11:27:22 | 000,021,762 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/10/02 12:19:17 | 000,015,872 | ---- | C] () -- C:\Users\tillmanns\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/02 11:12:23 | 000,000,122 | ---- | C] () -- C:\Users\tillmanns\AppData\Roaming\wklnhst.dat
[2007/10/02 10:12:16 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/10/02 10:12:16 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/06/29 06:05:51 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007/06/28 20:50:21 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007/06/28 20:43:32 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/06/28 20:43:32 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/02/05 14:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 11:33:31 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,368,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/08/11 03:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2010/09/09 02:12:08 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\EurekaLog
[2007/10/02 10:00:56 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\InterVideo
[2007/10/02 11:32:29 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\Template
[2011/05/27 10:07:28 | 000,000,000 | ---D | M] -- C:\Users\tillmanns\AppData\Roaming\VistaCodecs
[2007/10/02 09:27:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2007/10/02 09:27:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2007/10/02 09:27:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2007/10/02 09:35:41 | 000,000,000 | ---D | M] -- C:\ProgramData\fsc-reg
[2007/10/02 10:17:39 | 000,000,000 | ---D | M] -- C:\ProgramData\SBT
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2007/10/02 09:27:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/05/27 10:07:27 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs
[2007/10/02 09:27:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/08/02 02:34:17 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2008/08/21 09:37:21 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2011/08/03 04:43:55 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/03 04:40:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3AA20BDA-7881-4C8E-B1B6-4835E47BC8C9}.job
========== Purity Check ==========
< End of report >
Grüße Pirxis |
| Themen zu "Bundespolizei..."auf dem Notebook und der Book ist gesperrt |
| adobe, avira, bho, defender, error, euro, explorer, format, gesperrt, home, hotkey.sys, hotkeys, jashla.exe, launch, logfile, microsoft, notebook, nvidia, object, pdf, realtek, reatogo, registry, scan, sched.exe, security, symantec, tan, vista, winlogon |
Baum-Darstellung