![]() |
|
Plagegeister aller Art und deren Bekämpfung: Polizeivirus, Sperrbildschirm, kein abgesicherter ModusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Polizeivirus, Sperrbildschirm, kein abgesicherter Modus Hallo Trojaner-Board! Am Montag habe ich mir offensichtlich den Polizeivirus eingefangen. Ich habe Windows Vista. Der Sperrbildschirm lässt sich nicht umgehen, Abgesicherter Modus fährt sofort wieder runter. Ich habe einen OTLpe-Scan durchgeführt und poste hier den durchgeführten Log. Für Hilfe wäre ich wirklich dankbar. Mfg LordArcras Code:
ATTFilter OTL logfile created on: 5/29/2013 10:20:12 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System Internet Explorer (Version = 8.0.6001.19088) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 124.78 Gb Total Space | 37.21 Gb Free Space | 29.82% Space Free | Partition Type: NTFS Drive D: | 24.25 Gb Total Space | 14.57 Gb Free Space | 60.08% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2012/07/05 00:03:18 | 000,343,024 | ---- | M] () [Auto] -- C:\Program Files\3DataManager\WTGService.exe -- (WTGService) SRV - [2012/06/11 10:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/06/11 10:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2010/07/30 03:24:16 | 000,069,632 | ---- | M] () [Auto] -- C:\Program Files\TP-LINK\TWCU\COMMON\RegistryWriter.exe -- (RalinkRegistryWriter) SRV - [2009/09/21 04:48:10 | 000,954,368 | ---- | M] (Wireless) [On_Demand] -- C:\Program Files\TP-LINK\QSS\jswpsapi.exe -- (jswpsapi) SRV - [2009/09/21 04:48:10 | 000,188,416 | ---- | M] (Wireless) [Auto] -- C:\Program Files\TP-LINK\QSS\jswpbapi.exe -- (jswpbapi) SRV - [2009/07/21 09:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/05/13 11:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/01 05:39:28 | 000,069,120 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2007/11/02 07:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2007/09/11 10:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2007/07/12 11:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2006/11/10 02:12:30 | 000,099,936 | ---- | M] () [On_Demand] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2005/11/17 10:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\Hofer Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand] -- -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand] -- -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand] -- -- (USBCCID) DRV - File not found [Kernel | On_Demand] -- -- (Tosrfusb) DRV - File not found [Kernel | On_Demand] -- -- (TosRfSnd) DRV - File not found [Kernel | On_Demand] -- -- (tosrfnds) DRV - File not found [Kernel | On_Demand] -- -- (Tosrfhid) DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom) DRV - File not found [Kernel | On_Demand] -- -- (tosrfbnp) DRV - File not found [Kernel | On_Demand] -- -- (tosrfbd) DRV - File not found [Kernel | On_Demand] -- -- (tosporte) DRV - File not found [Kernel | On_Demand] -- -- (RtsUIR) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (massfilter) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - File not found [Kernel | On_Demand] -- -- (hwusbdev) DRV - [2013/04/13 07:00:48 | 000,027,520 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV - [2013/04/13 07:00:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - [2013/04/13 07:00:47 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2013/04/13 07:00:47 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2013/04/13 07:00:47 | 000,095,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2013/04/13 07:00:47 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2013/04/13 07:00:47 | 000,067,584 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm) DRV - [2010/07/27 16:52:10 | 001,434,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2010/01/01 15:54:47 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/09/21 04:48:12 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2009/06/04 04:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009/05/11 05:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 05:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/13 07:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2007/12/18 06:31:00 | 007,630,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007/08/28 10:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007/08/22 14:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007/07/31 06:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007/06/26 08:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene) DRV - [2007/06/01 05:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531) DRV - [2007/05/25 04:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2007/05/25 04:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil) DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006/11/30 10:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2003/04/28 06:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 33 4D 42 C5 04 CC 01 [binary data] IE - HKU\Peter_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Peter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Peter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 09:27:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKU\Peter_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Corel Graphics Suite 1117] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation) O4 - HKLM..\Run: [CtrlVol] File not found O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\TP-LINK\QSS\jswtrayutil.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snp2uvc] File not found O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\Peter_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\Peter_ON_C..\Run: [OnlineFestplatte] C:\Program Files\aon\Onlinefestplatte\OnlineFestplatte.exe (Telekom Austria TA AG) O4 - HKU\Peter_ON_C..\Run: [TorrentEasy_7c0b10668d1c7de649cfb82968c6d6fc03ccf2dd] File not found O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldde-at.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.94.78.17 213.94.78.16 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\Peter_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\Peter_ON_C Winlogon: Shell - (C:\Users\Peter\AppData\Roaming\skype.dat) - C:\Users\Peter\AppData\Roaming\skype.dat () O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{385beb93-c234-11e2-92fc-0016d3899b94}\Shell - "" = AutoRun O33 - MountPoints2\{385beb93-c234-11e2-92fc-0016d3899b94}\Shell\AutoRun\command - "" = F:\StarUSB.exe O33 - MountPoints2\{38986d84-e5eb-11dc-8649-0015af7a9c4a}\Shell - "" = AutoRun O33 - MountPoints2\{38986d84-e5eb-11dc-8649-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{38986e11-e5eb-11dc-8649-0015af7a9c4a}\Shell - "" = AutoRun O33 - MountPoints2\{38986e11-e5eb-11dc-8649-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{6853cf71-0fcd-11dd-ae3d-0015af7a9c4a}\Shell - "" = AutoRun O33 - MountPoints2\{6853cf71-0fcd-11dd-ae3d-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{74198010-cba0-11dd-b64e-0016d3899b94}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isew32.exe O33 - MountPoints2\{74198010-cba0-11dd-b64e-0016d3899b94}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isew32.exe O33 - MountPoints2\{748fa335-657e-11de-b56f-0015af7a9c4a}\Shell - "" = AutoRun O33 - MountPoints2\{748fa335-657e-11de-b56f-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{748fa33e-657e-11de-b56f-0015af7a9c4a}\Shell - "" = AutoRun O33 - MountPoints2\{748fa33e-657e-11de-b56f-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{7d555f43-a835-11e2-89b9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7d555f43-a835-11e2-89b9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{7eb171ea-9dcb-11e2-818c-0016d3899b94}\Shell - "" = AutoRun O33 - MountPoints2\{7eb171ea-9dcb-11e2-818c-0016d3899b94}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{7eb1729f-9dcb-11e2-818c-0016d3899b94}\Shell - "" = AutoRun O33 - MountPoints2\{7eb1729f-9dcb-11e2-818c-0016d3899b94}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{886e50c3-a42b-11e2-b8f1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{886e50c3-a42b-11e2-b8f1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{b2065e7e-b074-11df-b166-0015af7a9c4a}\Shell - "" = AutoRun O33 - MountPoints2\{b2065e7e-b074-11df-b166-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{e8c89092-74c3-11e0-9bf1-0015af7a9c4a}\Shell - "" = AutoRun O33 - MountPoints2\{e8c89092-74c3-11e0-9bf1-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{e8c890b3-74c3-11e0-9bf1-0015af7a9c4a}\Shell - "" = AutoRun O33 - MountPoints2\{e8c890b3-74c3-11e0-9bf1-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{e8c890bb-74c3-11e0-9bf1-0016d3899b94}\Shell - "" = AutoRun O33 - MountPoints2\{e8c890bb-74c3-11e0-9bf1-0016d3899b94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{e8c890cb-74c3-11e0-9bf1-0016d3899b94}\Shell - "" = AutoRun O33 - MountPoints2\{e8c890cb-74c3-11e0-9bf1-0016d3899b94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ebdde03a-8798-11e0-87eb-0015af7a9c4a}\Shell - "" = AutoRun O33 - MountPoints2\{ebdde03a-8798-11e0-87eb-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ec45ea2e-5e1e-11e1-9cc9-0015af7a9c4a}\Shell - "" = AutoRun O33 - MountPoints2\{ec45ea2e-5e1e-11e1-9cc9-0015af7a9c4a}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{f861d2db-3087-11e1-9dc1-0016d3899b94}\Shell - "" = AutoRun O33 - MountPoints2\{f861d2db-3087-11e1-9dc1-0016d3899b94}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/05/29 04:44:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/04/29 13:43:32 | 000,000,000 | ---D | C] -- C:\Direkt Foto System 5 [2007/12/18 10:02:20 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2007/12/18 10:02:20 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2013/05/29 02:29:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/29 02:28:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013/05/29 02:28:08 | 000,000,004 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\skype.ini [2013/05/29 02:28:00 | 000,055,117 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\nvModes.001 [2013/05/29 02:27:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/29 02:27:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/29 02:27:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/29 02:27:22 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2013/05/28 09:31:00 | 000,000,680 | ---- | M] () -- C:\Users\Peter\AppData\Local\d3d9caps.dat [2013/05/28 09:30:21 | 000,001,791 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series.lnk [2013/05/28 09:27:05 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F10355E0-D7BB-4CB9-B945-CD84D48D1311}.job [2013/05/27 13:20:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/05/27 13:20:11 | 000,349,978 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/05/27 13:20:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/05/27 13:20:11 | 000,047,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/05/27 13:01:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013/05/27 12:43:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/01 20:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013/04/29 13:45:12 | 000,001,460 | ---- | M] () -- C:\Users\Public\Desktop\Direkt Foto System 5.lnk ========== Files Created - No Company Name ========== [2013/05/29 02:27:22 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2013/05/27 11:36:27 | 000,000,004 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\skype.ini [2013/04/29 13:45:12 | 000,001,460 | ---- | C] () -- C:\Users\Public\Desktop\Direkt Foto System 5.lnk [2012/03/19 15:47:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012/02/23 09:27:18 | 000,000,680 | ---- | C] () -- C:\Users\Peter\AppData\Local\d3d9caps.dat [2011/05/14 03:50:42 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/05/14 03:50:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011/05/13 14:15:24 | 000,060,928 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\skype.dat [2011/05/11 14:45:55 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2011/05/11 14:45:33 | 000,020,480 | ---- | C] () -- C:\Windows\System32\RAEXTUI.dll [2010/06/08 09:19:24 | 000,692,224 | ---- | C] () -- C:\Windows\System32\libeay32.dll [2010/06/08 09:19:24 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ssleay32.dll [2010/05/09 13:00:21 | 000,004,096 | -H-- | C] () -- C:\Users\Peter\AppData\Local\keyfile3.drm [2008/11/15 11:03:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008/10/30 16:27:24 | 000,014,336 | ---- | C] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/30 16:02:28 | 000,000,161 | ---- | C] () -- C:\Users\Peter\AppData\default.pls [2008/05/31 11:32:22 | 000,000,034 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Default.PLS [2008/03/08 11:50:06 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI [2008/02/28 13:08:29 | 000,055,117 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\nvModes.001 [2008/02/28 10:42:26 | 000,055,117 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\nvModes.dat [2008/02/28 08:18:00 | 000,000,394 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\wklnhst.dat [2007/12/18 10:54:32 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2007/12/18 10:02:20 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007/12/18 10:02:20 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2007/12/18 10:02:20 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2007/12/18 10:02:20 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2007/12/17 23:55:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007/12/09 13:50:19 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2007/12/09 13:18:59 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2007/12/09 13:18:58 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007/12/05 10:30:06 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2007/12/05 07:37:12 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007/10/18 13:04:09 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys [2007/10/18 13:04:09 | 000,232,704 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys [2007/10/18 13:03:14 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2006/12/11 00:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006/11/02 11:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006/11/02 11:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,476,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,349,978 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,047,958 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2013/05/27 11:42:17 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\3DataManager [2011/05/03 15:38:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Babylon [2011/01/19 15:18:00 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Canon [2012/12/12 14:28:10 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DirektFotoSystem3 [2011/05/13 13:53:05 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\mquadr.at [2008/03/08 11:49:55 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ScanSoft [2008/02/28 08:18:43 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Template [2013/04/16 12:39:55 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2008/02/28 08:02:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2013/05/29 02:28:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon [2008/03/08 11:45:11 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ [2011/01/26 07:12:34 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2008/02/28 08:02:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2008/02/28 08:02:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2012/08/23 15:18:45 | 000,000,000 | ---D | M] -- C:\ProgramData\HappyFoto-Designer [2011/05/13 13:53:05 | 000,000,000 | ---D | M] -- C:\ProgramData\m2backup [2007/12/09 13:20:53 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX [2012/02/23 09:16:57 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at [2011/05/11 14:46:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Ralink [2008/03/08 11:49:52 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2008/02/28 08:02:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011/05/11 14:15:22 | 000,000,000 | ---D | M] -- C:\ProgramData\TP-LINK [2011/05/11 14:45:54 | 000,000,000 | ---D | M] -- C:\ProgramData\TP-LINK Driver [2007/12/09 13:13:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems [2008/02/28 08:02:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2007/12/05 10:31:54 | 000,000,000 | ---D | M] -- C:\ProgramData\X10 Settings [2012/02/23 09:14:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\{0594BEF1-12CE-4053-A10C-630DD69A5F94} [2011/05/02 10:14:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\{092C512F-9ECA-47B0-BF89-F0FF91DB1676} [2011/05/13 13:51:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\{0B1855D9-8D06-4BE1-B93C-7EFA1D0C3E32} [2011/05/11 14:11:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\{29558F44-C67B-4F2C-99E0-F1CE2AE1F960} [2011/05/11 14:11:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\{392ECEAB-FD15-485B-8C44-C2C591EDECB5} [2012/02/23 09:25:49 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2007/12/09 13:42:37 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2011/05/13 13:52:22 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DE1CDDDC-29FB-4BCF-94A4-B8339595BAB7} [2013/05/29 02:28:43 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013/05/28 09:27:05 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F10355E0-D7BB-4CB9-B945-CD84D48D1311}.job ========== Purity Check ========== < End of report > |
Themen zu Polizeivirus, Sperrbildschirm, kein abgesicherter Modus |
adobe, antivir, autorun, avira, babylontoolbar, bho, bingbar, bonjour, canon, defender, desktop, explorer, firefox, format, google, home, launch, logfile, microsoft, nvidia, object, pdf, plug-in, realtek, rundll, software, wallpaper, windows, winlogon |