| protomolecul | 26.12.2012 19:27 |
GVU Trojaner, OTL.txt, OTL Auswertung
Hallo!
Wir haben einen GVU Trojaner auf einem Windows 7 PC. Durch das booten von einer Antiviren CD konnte er nicht entfernt werden. Nach dem Start von Windows erscheint sofort wieder die angebliche Warnmeldung der GVU.
Im Folgenden die OTL.txt: Code:
OTL logfile created on: 12/26/2012 7:05:25 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 74.27 Mb Free Space | 74.27% Space Free | Partition Type: NTFS
Drive D: | 78.03 Gb Total Space | 75.17 Gb Free Space | 96.34% Space Free | Partition Type: NTFS
Drive E: | 58.61 Gb Total Space | 29.95 Gb Free Space | 51.11% Space Free | Partition Type: NTFS
Drive F: | 15.00 Gb Total Space | 13.65 Gb Free Space | 91.03% Space Free | Partition Type: FAT32
Drive G: | 7.53 Gb Total Space | 6.00 Gb Free Space | 79.63% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2012/12/23 20:22:47 | 000,199,544 | ---- | M] (Корпорация Майкрософт) [Auto] -- E:\Users\Karl-Heinz\wgsdgsdgdsgsd.exe -- (Winmgmt)
SRV - [2012/12/12 05:29:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- E:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/29 06:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto] -- E:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/05/29 06:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto] -- E:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/04/29 23:52:54 | 003,795,560 | ---- | M] () [Auto] -- E:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2009/07/24 01:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto] -- E:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 01:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- E:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System] -- E:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System] -- E:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System] -- E:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 17:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto] -- E:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto] -- E:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 17:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System] -- E:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/10/15 11:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System] -- E:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV - [2012/02/09 05:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- E:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/07/09 22:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2007/01/08 06:21:47 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- E:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2007/01/08 06:21:46 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- E:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Karl-Heinz_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\Karl-Heinz_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Karl-Heinz_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Karl-Heinz_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 29 9C 21 AD 4B CC 01 [binary data]
IE - HKU\Karl-Heinz_ON_E\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKU\Karl-Heinz_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: E:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - E:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - E:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - E:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Karl-Heinz_ON_E\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - E:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\Karl-Heinz_ON_E\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] E:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] E:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CPMonitor] E:\Program Files\Roxio 2010\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] E:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [MailCheck IE Broker] E:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [nwiz] E:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [RoxWatchTray] E:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe (Sonic Solutions)
O4 - HKLM..\Run: [SiteRanker] E:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKLM..\Run: [WHITNEY_S2P] E:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe ()
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: E:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Karl-Heinz_ON_E\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\LocalService_ON_E\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_E\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_E\Software\Policies\Microsoft\Internet Explorer\Recovery present
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.6.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - E:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/12/16 14:54:16 | 000,000,000 | ---D | C] -- E:\Users\Karl-Heinz\Documents\Internet
[2012/12/05 10:31:57 | 000,000,000 | --SD | C] -- E:\Users\Karl-Heinz\Documents\Eigene Datenquellen
========== Files - Modified Within 30 Days ==========
[2012/12/24 09:02:15 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/12/24 09:01:40 | 095,023,320 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/24 09:00:00 | 000,001,102 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/24 08:59:49 | 2616,745,984 | -HS- | M] () -- E:\hiberfil.sys
[2012/12/24 03:22:53 | 000,018,816 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/24 03:22:53 | 000,018,816 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/24 03:11:00 | 000,001,106 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/23 22:29:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/23 20:22:51 | 000,002,959 | ---- | M] () -- E:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/23 20:22:51 | 000,001,055 | ---- | M] () -- E:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012/12/23 19:58:12 | 000,653,928 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2012/12/23 19:58:12 | 000,615,810 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/12/23 19:58:12 | 000,129,800 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2012/12/23 19:58:12 | 000,106,190 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/12/21 11:48:49 | 000,469,704 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2012/12/03 13:19:10 | 000,002,763 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk
[2012/12/03 13:19:10 | 000,002,747 | ---- | M] () -- E:\Users\Public\Desktop\Quicken Jubiläumsversion.lnk
[2012/12/03 13:19:10 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
========== Files Created - No Company Name ==========
[2012/12/23 20:22:51 | 000,002,959 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/23 20:22:51 | 000,001,055 | ---- | C] () -- E:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012/12/23 20:22:48 | 095,023,320 | ---- | C] () -- E:\ProgramData\dsgsdgdsgdsgw.pad
[2012/07/13 06:38:46 | 000,000,376 | ---- | C] () -- E:\Windows\mozregistry.dat
[2012/03/29 04:52:10 | 000,138,608 | ---- | C] () -- E:\Windows\System32\LxDNTvmc100.dll
[2012/03/29 04:52:10 | 000,074,608 | ---- | C] () -- E:\Windows\System32\LxDNTvm100.dll
[2012/03/29 04:52:08 | 000,309,616 | ---- | C] () -- E:\Windows\System32\LxDNT100.dll
[2011/10/16 12:37:20 | 000,010,358 | ---- | C] () -- E:\Users\Karl-Heinz\AppData\Roaming\SmarThruOptions.xml
[2011/10/16 12:37:19 | 000,036,864 | ---- | C] () -- E:\Windows\System32\SvcMan.exe
[2011/10/16 12:37:14 | 000,172,032 | ---- | C] () -- E:\Windows\System32\SecSNMP.dll
[2011/10/16 12:37:13 | 000,094,208 | ---- | C] () -- E:\Windows\System32\SamFaxPort.dll
[2011/10/16 12:37:08 | 000,000,124 | ---- | C] () -- E:\Windows\Readiris.ini
[2011/10/16 12:37:05 | 000,023,040 | ---- | C] () -- E:\Windows\System32\irisco32.dll
[2011/10/16 12:35:09 | 000,479,232 | ---- | C] () -- E:\Windows\ssndii.exe
[2011/10/16 12:33:29 | 000,110,592 | R--- | C] () -- E:\Windows\WiaInst.exe
[2011/10/16 12:33:17 | 000,217,088 | R--- | C] () -- E:\Windows\System32\ssminidriver.dll
[2011/10/16 12:33:17 | 000,027,136 | R--- | C] () -- E:\Windows\System32\ssimgfilter.dll
[2011/10/16 12:33:17 | 000,011,264 | R--- | C] () -- E:\Windows\System32\sssegfilter.dll
[2011/10/16 12:33:17 | 000,010,752 | R--- | C] () -- E:\Windows\System32\sserrhandler.dll
[2011/07/26 20:50:53 | 000,653,928 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2011/07/26 20:50:53 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2011/07/26 20:50:53 | 000,129,800 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2011/07/26 20:50:53 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2011/07/26 14:27:50 | 000,029,163 | ---- | C] () -- E:\Users\Karl-Heinz\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2009/11/18 22:01:46 | 000,270,336 | ---- | C] () -- E:\Windows\System32\SaMinDrv.dll
[2009/11/18 22:01:46 | 000,106,496 | ---- | C] () -- E:\Windows\System32\SaImgFlt.dll
[2009/11/18 22:01:46 | 000,090,112 | ---- | C] () -- E:\Windows\System32\SaSegFlt.dll
[2009/11/18 22:01:46 | 000,061,440 | ---- | C] () -- E:\Windows\System32\SaErHdlr.dll
[2009/11/18 22:01:34 | 000,022,723 | ---- | C] () -- E:\Windows\System32\sugw2l3.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,469,704 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,615,810 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,190 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- E:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2004/01/30 08:07:46 | 000,245,408 | ---- | C] () -- E:\Windows\System32\unicows.dll
========== LOP Check ==========
[2012/10/13 10:59:13 | 000,000,000 | ---D | M] -- E:\ProgramData\1&1 Mail & Media GmbH
[2012/07/01 12:18:00 | 000,000,000 | ---D | M] -- E:\ProgramData\AAV
[2011/07/26 10:59:35 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/05/20 11:51:20 | 000,000,000 | ---D | M] -- E:\ProgramData\AVAST Software
[2012/04/26 14:51:55 | 000,000,000 | ---D | M] -- E:\ProgramData\Buhl Data Service GmbH
[2012/04/19 05:10:39 | 000,000,000 | -H-D | M] -- E:\ProgramData\Common Files
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2012/10/13 10:59:14 | 000,000,000 | ---D | M] -- E:\ProgramData\DesktopIcons
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/07/26 10:59:35 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2012/10/01 12:11:54 | 000,000,000 | ---D | M] -- E:\ProgramData\elsterformular
[2011/07/26 12:05:36 | 000,000,000 | ---D | M] -- E:\ProgramData\eSellerate
[2011/07/26 10:59:35 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/07/19 08:12:44 | 000,000,000 | ---D | M] -- E:\ProgramData\Lexware
[2011/07/26 12:07:49 | 000,000,000 | ---D | M] -- E:\ProgramData\SmartSound Software Inc
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/07/26 10:59:35 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/02/12 13:33:06 | 000,000,000 | ---D | M] -- E:\ProgramData\TuneUp Software
[2011/07/26 12:08:19 | 000,000,000 | ---D | M] -- E:\ProgramData\Uninstall
[2012/10/13 10:59:00 | 000,000,000 | ---D | M] -- E:\ProgramData\UUdb
[2011/07/26 10:59:35 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2012/07/19 08:10:35 | 000,000,000 | ---D | M] -- E:\ProgramData\World Money
[2012/02/12 13:32:05 | 000,000,000 | -HSD | M] -- E:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/11/29 09:42:21 | 000,032,640 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Vielen Dank! |
