Polizeivirus, Sperrbildschirm, kein abgesicherter Modus

LordArcras · 29.05.2013, 08:39

Hallo Trojaner-Board!

Am Montag habe ich mir offensichtlich den Polizeivirus eingefangen. Ich habe Windows Vista.
Der Sperrbildschirm lässt sich nicht umgehen, Abgesicherter Modus fährt sofort wieder runter.

Ich habe einen OTLpe-Scan durchgeführt und poste hier den durchgeführten Log.

Für Hilfe wäre ich wirklich dankbar.

Mfg LordArcras

Code:

ATTFilter

OTL logfile created on: 5/29/2013 10:20:12 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 124.78 Gb Total Space | 37.21 Gb Free Space | 29.82% Space Free | Partition Type: NTFS
Drive D: | 24.25 Gb Total Space | 14.57 Gb Free Space | 60.08% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/07/05 00:03:18 | 000,343,024 | ---- | M] () [Auto] -- C:\Program Files\3DataManager\WTGService.exe -- (WTGService)
SRV - [2012/06/11 10:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 10:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/07/30 03:24:16 | 000,069,632 | ---- | M] () [Auto] -- C:\Program Files\TP-LINK\TWCU\COMMON\RegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2009/09/21 04:48:10 | 000,954,368 | ---- | M] (Wireless) [On_Demand] -- C:\Program Files\TP-LINK\QSS\jswpsapi.exe -- (jswpsapi)
SRV - [2009/09/21 04:48:10 | 000,188,416 | ---- | M] (Wireless) [Auto] -- C:\Program Files\TP-LINK\QSS\jswpbapi.exe -- (jswpbapi)
SRV - [2009/07/21 09:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 11:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/01 05:39:28 | 000,069,120 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007/11/02 07:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007/09/11 10:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007/07/12 11:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/11/10 02:12:30 | 000,099,936 | ---- | M] () [On_Demand] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2005/11/17 10:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\Hofer Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand] --  -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand] --  -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand] --  -- (USBCCID)
DRV - File not found [Kernel | On_Demand] --  -- (Tosrfusb)
DRV - File not found [Kernel | On_Demand] --  -- (TosRfSnd)
DRV - File not found [Kernel | On_Demand] --  -- (tosrfnds)
DRV - File not found [Kernel | On_Demand] --  -- (Tosrfhid)
DRV - File not found [Kernel | On_Demand] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] --  -- (tosrfbnp)
DRV - File not found [Kernel | On_Demand] --  -- (tosrfbd)
DRV - File not found [Kernel | On_Demand] --  -- (tosporte)
DRV - File not found [Kernel | On_Demand] --  -- (RtsUIR)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (massfilter)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (hwusbdev)
DRV - [2013/04/13 07:00:48 | 000,027,520 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2013/04/13 07:00:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2013/04/13 07:00:47 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/04/13 07:00:47 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2013/04/13 07:00:47 | 000,095,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2013/04/13 07:00:47 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2013/04/13 07:00:47 | 000,067,584 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2010/07/27 16:52:10 | 001,434,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2010/01/01 15:54:47 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/21 04:48:12 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2009/06/04 04:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/05/11 05:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 05:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 07:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/12/18 06:31:00 | 007,630,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/28 10:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/08/22 14:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/31 06:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007/06/26 08:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene)
DRV - [2007/06/01 05:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007/05/25 04:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/05/25 04:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/30 10:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2003/04/28 06:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche
IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 33 4D 42 C5 04 CC 01  [binary data]
IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Peter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Peter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 09:27:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\Peter_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Corel Graphics Suite 1117] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation)
O4 - HKLM..\Run: [CtrlVol]  File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\TP-LINK\QSS\jswtrayutil.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc]  File not found
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Peter_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Peter_ON_C..\Run: [OnlineFestplatte] C:\Program Files\aon\Onlinefestplatte\OnlineFestplatte.exe (Telekom Austria TA AG)
O4 - HKU\Peter_ON_C..\Run: [TorrentEasy_7c0b10668d1c7de649cfb82968c6d6fc03ccf2dd]  File not found
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldde-at.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.94.78.17 213.94.78.16
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Peter_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Peter_ON_C Winlogon: Shell - (C:\Users\Peter\AppData\Roaming\skype.dat) - C:\Users\Peter\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{385beb93-c234-11e2-92fc-0016d3899b94}\Shell - "" = AutoRun
O33 - MountPoints2\{385beb93-c234-11e2-92fc-0016d3899b94}\Shell\AutoRun\command - "" = F:\StarUSB.exe
O33 - MountPoints2\{38986d84-e5eb-11dc-8649-0015af7a9c4a}\Shell - "" = AutoRun
O33 - MountPoints2\{38986d84-e5eb-11dc-8649-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{38986e11-e5eb-11dc-8649-0015af7a9c4a}\Shell - "" = AutoRun
O33 - MountPoints2\{38986e11-e5eb-11dc-8649-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6853cf71-0fcd-11dd-ae3d-0015af7a9c4a}\Shell - "" = AutoRun
O33 - MountPoints2\{6853cf71-0fcd-11dd-ae3d-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{74198010-cba0-11dd-b64e-0016d3899b94}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isew32.exe
O33 - MountPoints2\{74198010-cba0-11dd-b64e-0016d3899b94}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isew32.exe
O33 - MountPoints2\{748fa335-657e-11de-b56f-0015af7a9c4a}\Shell - "" = AutoRun
O33 - MountPoints2\{748fa335-657e-11de-b56f-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{748fa33e-657e-11de-b56f-0015af7a9c4a}\Shell - "" = AutoRun
O33 - MountPoints2\{748fa33e-657e-11de-b56f-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7d555f43-a835-11e2-89b9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7d555f43-a835-11e2-89b9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{7eb171ea-9dcb-11e2-818c-0016d3899b94}\Shell - "" = AutoRun
O33 - MountPoints2\{7eb171ea-9dcb-11e2-818c-0016d3899b94}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{7eb1729f-9dcb-11e2-818c-0016d3899b94}\Shell - "" = AutoRun
O33 - MountPoints2\{7eb1729f-9dcb-11e2-818c-0016d3899b94}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{886e50c3-a42b-11e2-b8f1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{886e50c3-a42b-11e2-b8f1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{b2065e7e-b074-11df-b166-0015af7a9c4a}\Shell - "" = AutoRun
O33 - MountPoints2\{b2065e7e-b074-11df-b166-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e8c89092-74c3-11e0-9bf1-0015af7a9c4a}\Shell - "" = AutoRun
O33 - MountPoints2\{e8c89092-74c3-11e0-9bf1-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e8c890b3-74c3-11e0-9bf1-0015af7a9c4a}\Shell - "" = AutoRun
O33 - MountPoints2\{e8c890b3-74c3-11e0-9bf1-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e8c890bb-74c3-11e0-9bf1-0016d3899b94}\Shell - "" = AutoRun
O33 - MountPoints2\{e8c890bb-74c3-11e0-9bf1-0016d3899b94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e8c890cb-74c3-11e0-9bf1-0016d3899b94}\Shell - "" = AutoRun
O33 - MountPoints2\{e8c890cb-74c3-11e0-9bf1-0016d3899b94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ebdde03a-8798-11e0-87eb-0015af7a9c4a}\Shell - "" = AutoRun
O33 - MountPoints2\{ebdde03a-8798-11e0-87eb-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ec45ea2e-5e1e-11e1-9cc9-0015af7a9c4a}\Shell - "" = AutoRun
O33 - MountPoints2\{ec45ea2e-5e1e-11e1-9cc9-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{f861d2db-3087-11e1-9dc1-0016d3899b94}\Shell - "" = AutoRun
O33 - MountPoints2\{f861d2db-3087-11e1-9dc1-0016d3899b94}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/29 04:44:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/04/29 13:43:32 | 000,000,000 | ---D | C] -- C:\Direkt Foto System 5
[2007/12/18 10:02:20 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/12/18 10:02:20 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/29 02:29:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/29 02:28:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/05/29 02:28:08 | 000,000,004 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\skype.ini
[2013/05/29 02:28:00 | 000,055,117 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\nvModes.001
[2013/05/29 02:27:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/29 02:27:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/29 02:27:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/29 02:27:22 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/28 09:31:00 | 000,000,680 | ---- | M] () -- C:\Users\Peter\AppData\Local\d3d9caps.dat
[2013/05/28 09:30:21 | 000,001,791 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series.lnk
[2013/05/28 09:27:05 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F10355E0-D7BB-4CB9-B945-CD84D48D1311}.job
[2013/05/27 13:20:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/27 13:20:11 | 000,349,978 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/27 13:20:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/27 13:20:11 | 000,047,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/27 13:01:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2013/05/27 12:43:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/01 20:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/29 13:45:12 | 000,001,460 | ---- | M] () -- C:\Users\Public\Desktop\Direkt Foto System 5.lnk
 
========== Files Created - No Company Name ==========
 
[2013/05/29 02:27:22 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/27 11:36:27 | 000,000,004 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\skype.ini
[2013/04/29 13:45:12 | 000,001,460 | ---- | C] () -- C:\Users\Public\Desktop\Direkt Foto System 5.lnk
[2012/03/19 15:47:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/23 09:27:18 | 000,000,680 | ---- | C] () -- C:\Users\Peter\AppData\Local\d3d9caps.dat
[2011/05/14 03:50:42 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/14 03:50:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/05/13 14:15:24 | 000,060,928 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\skype.dat
[2011/05/11 14:45:55 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/05/11 14:45:33 | 000,020,480 | ---- | C] () -- C:\Windows\System32\RAEXTUI.dll
[2010/06/08 09:19:24 | 000,692,224 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2010/06/08 09:19:24 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2010/05/09 13:00:21 | 000,004,096 | -H-- | C] () -- C:\Users\Peter\AppData\Local\keyfile3.drm
[2008/11/15 11:03:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/30 16:27:24 | 000,014,336 | ---- | C] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/30 16:02:28 | 000,000,161 | ---- | C] () -- C:\Users\Peter\AppData\default.pls
[2008/05/31 11:32:22 | 000,000,034 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Default.PLS
[2008/03/08 11:50:06 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/02/28 13:08:29 | 000,055,117 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\nvModes.001
[2008/02/28 10:42:26 | 000,055,117 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\nvModes.dat
[2008/02/28 08:18:00 | 000,000,394 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\wklnhst.dat
[2007/12/18 10:54:32 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007/12/18 10:02:20 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/12/18 10:02:20 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/12/18 10:02:20 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007/12/18 10:02:20 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2007/12/17 23:55:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/12/09 13:50:19 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2007/12/09 13:18:59 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007/12/09 13:18:58 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/12/05 10:30:06 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007/12/05 07:37:12 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/10/18 13:04:09 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys
[2007/10/18 13:04:09 | 000,232,704 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys
[2007/10/18 13:03:14 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2006/12/11 00:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 11:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,476,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,349,978 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,047,958 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2013/05/27 11:42:17 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\3DataManager
[2011/05/03 15:38:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Babylon
[2011/01/19 15:18:00 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Canon
[2012/12/12 14:28:10 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DirektFotoSystem3
[2011/05/13 13:53:05 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\mquadr.at
[2008/03/08 11:49:55 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ScanSoft
[2008/02/28 08:18:43 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Template
[2013/04/16 12:39:55 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2008/02/28 08:02:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/05/29 02:28:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2008/03/08 11:45:11 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/01/26 07:12:34 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/02/28 08:02:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/02/28 08:02:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/08/23 15:18:45 | 000,000,000 | ---D | M] -- C:\ProgramData\HappyFoto-Designer
[2011/05/13 13:53:05 | 000,000,000 | ---D | M] -- C:\ProgramData\m2backup
[2007/12/09 13:20:53 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2012/02/23 09:16:57 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2011/05/11 14:46:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Ralink
[2008/03/08 11:49:52 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/02/28 08:02:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/05/11 14:15:22 | 000,000,000 | ---D | M] -- C:\ProgramData\TP-LINK
[2011/05/11 14:45:54 | 000,000,000 | ---D | M] -- C:\ProgramData\TP-LINK Driver
[2007/12/09 13:13:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2008/02/28 08:02:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2007/12/05 10:31:54 | 000,000,000 | ---D | M] -- C:\ProgramData\X10 Settings
[2012/02/23 09:14:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\{0594BEF1-12CE-4053-A10C-630DD69A5F94}
[2011/05/02 10:14:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\{092C512F-9ECA-47B0-BF89-F0FF91DB1676}
[2011/05/13 13:51:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\{0B1855D9-8D06-4BE1-B93C-7EFA1D0C3E32}
[2011/05/11 14:11:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\{29558F44-C67B-4F2C-99E0-F1CE2AE1F960}
[2011/05/11 14:11:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\{392ECEAB-FD15-485B-8C44-C2C591EDECB5}
[2012/02/23 09:25:49 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/12/09 13:42:37 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2011/05/13 13:52:22 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DE1CDDDC-29FB-4BCF-94A4-B8339595BAB7}
[2013/05/29 02:28:43 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/05/28 09:27:05 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F10355E0-D7BB-4CB9-B945-CD84D48D1311}.job
 
========== Purity Check ==========
 
 
< End of report >

schrauber · 29.05.2013, 09:15

Hi,

Diesen Fix in OTLPE durchführen!

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O20 - HKU\Peter_ON_C Winlogon: Shell - (C:\Users\Peter\AppData\Roaming\skype.dat) - C:\Users\Peter\AppData\Roaming\skype.dat ()
[2013/05/29 02:28:08 | 000,000,004 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\skype.ini
[2013/05/29 02:28:00 | 000,055,117 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\nvModes.001

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

LordArcras · 29.05.2013, 09:34

Danke für die rasche Antwort!

Hier das Logfile:

Code:

ATTFilter

========== OTL ==========
Registry value HKEY_USERS\Peter_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Peter\AppData\Roaming\skype.dat deleted successfully.
C:\Users\Peter\AppData\Roaming\skype.dat moved successfully.
C:\Users\Peter\AppData\Roaming\skype.ini moved successfully.
C:\Users\Peter\AppData\Roaming\nvModes.001 moved successfully.
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 05292013_123220

schrauber · 29.05.2013, 11:07

Rechner normal booten und freudig mitteilen dass es klappt

LordArcras · 29.05.2013, 11:14

Ich teile freudig mit, dass es geklappt hat

Vielen, vielen Dank!!!

schrauber · 29.05.2013, 11:26

Wir sind aber noch nit fertig

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

LordArcras · 29.05.2013, 14:02

oops, dachte das wars

Konnte so schön ins Windows, hab einen "normalen" Virusscan mit Antimalware gemacht.
Nachdem er dort nichts gefunden hat, habe ich alle meine Programme und Daten gesichert und alles neu aufgesetzt.

Ich glaube damit hat es sich erledigt. Oder sollte ich die gesicherten Daten noch einmal extra prüfen?

LG LordArcras

schrauber · 29.05.2013, 14:49

Nö, passt. Aber warum entferne ich die Malware wenn Du neuaufsetzt?

LordArcras · 29.05.2013, 15:33

Wie gesagt, Zugriff auf meine Programme für die Sicherungen.

schrauber · 29.05.2013, 19:06

Achso. War aber unnötig

29.05.2013, 11:07	#4
schrauber /// the machine /// TB-Ausbilder	Polizeivirus, Sperrbildschirm, kein abgesicherter Modus Rechner normal booten und freudig mitteilen dass es klappt __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

29.05.2013, 14:49	#8
schrauber /// the machine /// TB-Ausbilder	Polizeivirus, Sperrbildschirm, kein abgesicherter Modus Nö, passt. Aber warum entferne ich die Malware wenn Du neuaufsetzt? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

29.05.2013, 19:06	#10
schrauber /// the machine /// TB-Ausbilder	Polizeivirus, Sperrbildschirm, kein abgesicherter Modus Achso. War aber unnötig __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Polizeivirus, Sperrbildschirm, kein abgesicherter Modus

Plagegeister aller Art und deren Bekämpfung: Polizeivirus, Sperrbildschirm, kein abgesicherter Modus