| |
| |||||||
Log-Analyse und Auswertung: Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.12.2013, 15:09
| #1 |
 |  Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich! Hallo zusammen, mein System Win7 64bit Home. Kann leider die abzuarbeitende Liste nicht durchführen, da ich kein Zugriff auf meinen PC bekomme. Sofort nach dem Start kommt der Sperrbildschirm. Diese Nachricht schreibe ich von meinem Netbook - dass hat leider kein CD-Laufwerk. Ich habe aber noch eine OTL-PE Boot-CD rumliegen und habe diese gestartet und OTL Laufen lassen - vielleicht kann man damit ja was anfangen. OTL logfile created on: 12/29/2013 2:16:53 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.11.9600.16476) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86) Drive C: | 100.97 Mb Total Space | 73.96 Mb Free Space | 73.25% Space Free | Partition Type: NTFS Drive D: | 405.27 Gb Total Space | 282.51 Gb Free Space | 69.71% Space Free | Partition Type: NTFS Drive I: | 148.95 Gb Total Space | 85.16 Gb Free Space | 57.18% Space Free | Partition Type: NTFS Drive J: | 60.38 Gb Total Space | 21.05 Gb Free Space | 34.86% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/12/26 05:35:05 | 000,061,024 | ---- | M] (Microsoft Corporation) [Auto] -- I:\ProgramData\odbmqjwmqg.zvv -- (Winmgmt) SRV - [2013/12/20 14:29:08 | 000,166,352 | ---- | M] (APN LLC.) [Auto] -- I:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP) SRV - [2013/12/17 09:09:09 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/12/17 09:08:22 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013/11/25 12:58:31 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/09/11 15:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/23 02:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto] -- I:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013/04/04 08:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- I:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 08:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- I:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/03/08 17:13:18 | 050,921,648 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012/10/10 15:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/10/02 07:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/05/21 08:55:00 | 000,577,536 | ---- | M] (Hauppauge Computer Works) [Auto] -- I:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/04/28 20:21:52 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto] -- I:\Windows\SysWOW64\ACFXAU64.dll -- (AcfXAudioService) SRV - [2008/10/24 09:35:44 | 000,128,296 | ---- | M] () [Auto] -- I:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/12/17 09:09:20 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- I:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013/12/17 09:09:20 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- I:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013/11/25 13:00:25 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- I:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013/08/28 20:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\usbser.sys -- (usbser) DRV:64bit: - [2013/04/04 08:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- I:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/06/09 10:38:52 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System] -- I:\Windows\System32\drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2012/06/09 10:38:50 | 000,633,296 | ---- | M] (Paragon) [Kernel | System] -- I:\Windows\System32\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2012/06/09 10:38:50 | 000,389,968 | ---- | M] (Paragon) [Kernel | System] -- I:\Windows\System32\drivers\uim_vimx64.sys -- (Uim_VIM) DRV:64bit: - [2011/05/25 02:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/01/26 15:35:26 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/03/30 04:09:50 | 000,653,312 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\emBDA64.sys -- (USB28xxBGA) DRV:64bit: - [2010/03/25 10:52:26 | 000,154,880 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\emOEM64.sys -- (USB28xxOEM) DRV:64bit: - [2009/09/01 22:26:18 | 000,123,008 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ACFVA64.sys -- (acfva) DRV:64bit: - [2009/07/13 19:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA) DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 15:36:03 | 000,899,328 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- I:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/04/28 20:21:44 | 000,034,944 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ACFDCP64.sys -- (dgcfltr) DRV:64bit: - [2009/04/28 20:21:36 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- I:\Windows\System32\drivers\ACFXAU64.sys -- (XAudio) DRV:64bit: - [2007/05/06 20:00:00 | 000,081,920 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- I:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN) DRV:64bit: - [2007/03/15 01:08:46 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto] -- I:\Windows\System32\drivers\ACFSDK64.sys -- (mdmxsdk) DRV - [2011/09/08 10:50:50 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot] -- I:\Windows\SysWOW64\drivers\PzWDM.sys -- (PzWDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.comhxxp://www.tecstore.net [binary data] IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.de/ IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 0B B6 DB F7 6B CC 01 [binary data] IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\*****_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:1.9a9pre FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: I:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: I:\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: I:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: I:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: I:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: I:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: I:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: I:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) [2012/11/04 05:41:38 | 000,000,000 | ---D | M] (No name found) -- I:\Users\*****\AppData\Roaming\Mozilla\Extensions [2012/11/04 05:41:38 | 000,000,000 | ---D | M] (No name found) -- I:\Users\*****\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org [2013/10/31 12:09:09 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files (x86)\Mozilla Firefox\extensions File not found (No name found) -- I:\PROGRAM FILES (X86)\XXXL_KUECHENPLANER\PRISM\EXTENSIONS\INSPECTOR@MOZILLA.ORG O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts O2:64bit: - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - I:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - I:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - I:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - I:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - I:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BCSSync] I:\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] I:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ApnTBMon] I:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN) O4 - HKLM..\Run: [avgnt] I:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter3] I:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [FreePDF Assistant] I:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [MBBalloon] I:\Program Files (x86)\HOTALBUMMyBOX\MBBalloon.exe (PLANNING Co., Ltd.) O4 - HKU\*****_ON_I..\Run: [AmazonMP3DownloaderHelper] I:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe () O4 - HKU\*****_ON_I..\Run: [NetworkIndicator] I:\Program Files (x86)\network-activity-indicator1.5\NetworkIndicator.exe (ITSamples.com) O4 - HKU\LocalService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\UpdatusUser_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] File not found O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] File not found O4 - HKU\UpdatusUser_ON_I..\RunOnce: [mctadmin] File not found O4 - Startup: I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK () O4 - Startup: I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqjwmqg.lnk () O4 - Startup: I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - I:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - I:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - I:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - I:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - I:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - I:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\Program Files (x86)\Frontpage2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - *****_ON_I\..Trusted Domains: bnhof.de ([www] https in Trusted sites) O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.13.2) O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - I:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/12/10 12:49:36 | 000,000,000 | ---D | M] - D:\Auto privat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{011a46d3-d7d5-11e0-8fa1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{011a46d3-d7d5-11e0-8fa1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\reatogoMenu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/12/26 11:04:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- I:\Windows\System32\drivers\mbam.sys [2013/12/26 11:04:41 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/12/26 05:35:05 | 000,061,024 | ---- | C] (Microsoft Corporation) -- I:\ProgramData\odbmqjwmqg.zvv [2013/12/26 05:34:58 | 000,227,840 | ---- | C] (hxxp://tortoisesvn.net) -- I:\ProgramData\gqmwjqmbdo.jss [2013/12/20 16:45:08 | 000,000,000 | -HSD | C] -- I:\Config.Msi [2013/12/16 10:39:20 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013/12/12 12:02:35 | 012,625,920 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wmploc.DLL [2013/12/12 12:02:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\wmploc.DLL [2013/12/12 12:02:35 | 011,410,432 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\wmp.dll [2013/12/12 12:02:34 | 014,631,424 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wmp.dll [2013/12/12 12:01:03 | 000,574,976 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll [2013/12/12 12:01:03 | 000,440,832 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll [2013/12/12 12:01:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieetwcollectorres.dll [2013/12/12 12:01:02 | 000,708,608 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9diag.dll [2013/12/12 12:01:02 | 000,553,472 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript9diag.dll [2013/12/12 12:01:02 | 000,218,624 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ie4uinit.exe [2013/12/12 12:01:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieUnatt.exe [2013/12/12 12:01:02 | 000,111,616 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieetwcollector.exe [2013/12/12 12:01:02 | 000,066,048 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iesetup.dll [2013/12/12 12:01:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieetwproxystub.dll [2013/12/12 12:01:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iernonce.dll [2013/12/12 12:01:01 | 000,817,664 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieapfltr.dll [2013/12/12 12:01:01 | 000,703,488 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieapfltr.dll [2013/12/12 12:01:00 | 001,995,264 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\inetcpl.cpl [2013/12/12 12:01:00 | 001,928,192 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\inetcpl.cpl [2013/12/12 12:00:58 | 005,769,216 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9.dll [2013/12/12 12:00:58 | 004,243,968 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript9.dll [2013/12/12 11:51:58 | 000,465,920 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WMPhoto.dll [2013/12/12 11:51:58 | 000,417,792 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\WMPhoto.dll [2013/12/12 11:51:38 | 000,335,360 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msieftp.dll [2013/12/12 11:51:38 | 000,301,568 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msieftp.dll [2013/12/12 11:51:37 | 000,202,752 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\scrrun.dll [2013/12/12 11:51:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\scrrun.dll [2013/12/12 11:51:37 | 000,156,160 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\cscript.exe [2013/12/12 11:51:37 | 000,150,016 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wshom.ocx [2013/12/12 11:51:37 | 000,126,976 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\cscript.exe [2013/12/12 11:51:37 | 000,121,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\wshom.ocx [2013/12/12 11:51:36 | 000,230,400 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\portcls.sys [2013/12/12 11:51:36 | 000,159,232 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\imagehlp.dll [2013/12/12 11:51:36 | 000,116,736 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\drmk.sys [2013/12/12 11:51:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\imagehlp.dll [2013/12/08 03:50:17 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Common Files\Adobe [2007/08/13 10:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- I:\Users\*****\AppData\Local\CDRip.dll [2007/01/18 14:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- I:\Users\*****\AppData\Local\No23 Recorder.exe [2006/12/11 12:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- I:\Users\*****\AppData\Local\basscd.dll [2006/12/11 12:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- I:\Users\*****\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2013/12/29 03:36:21 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat [2013/12/29 03:35:05 | 3213,467,648 | -HS- | M] () -- I:\hiberfil.sys [2013/12/29 02:33:37 | 095,025,368 | ---- | M] () -- I:\ProgramData\odbmqjwmqg.fee [2013/12/29 02:33:31 | 000,000,000 | ---- | M] () -- I:\ProgramData\odbmqjwmqg.odd [2013/12/29 02:32:59 | 000,001,116 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/12/27 07:40:48 | 000,021,184 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/12/27 07:40:48 | 000,021,184 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/12/27 07:36:00 | 000,001,120 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/12/26 12:39:47 | 000,000,297 | ---- | M] () -- I:\ProgramData\odbmqjwmqg.reg [2013/12/26 12:32:45 | 000,702,980 | ---- | M] () -- I:\Windows\System32\perfh007.dat [2013/12/26 12:32:45 | 000,657,212 | ---- | M] () -- I:\Windows\System32\perfh009.dat [2013/12/26 12:32:45 | 000,150,620 | ---- | M] () -- I:\Windows\System32\perfc007.dat [2013/12/26 12:32:45 | 000,123,024 | ---- | M] () -- I:\Windows\System32\perfc009.dat [2013/12/26 10:54:56 | 001,928,716 | ---- | M] (Farbar) -- I:\Users\*****\Desktop\FRST64.exe [2013/12/26 05:35:05 | 000,061,024 | ---- | M] (Microsoft Corporation) -- I:\ProgramData\odbmqjwmqg.zvv [2013/12/26 05:35:01 | 000,001,039 | ---- | M] () -- I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqjwmqg.lnk [2013/12/26 05:34:58 | 000,227,840 | ---- | M] (hxxp://tortoisesvn.net) -- I:\ProgramData\gqmwjqmbdo.jss [2013/12/24 05:03:06 | 000,278,621 | ---- | M] () -- I:\Users\*****\Documents\frohe-weihnachten.jpg [2013/12/23 12:41:14 | 000,000,534 | ---- | M] () -- I:\Users\*****\AppData\Roaming\burnaware.ini [2013/12/17 09:09:20 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- I:\Windows\System32\drivers\avgntflt.sys [2013/12/17 09:09:20 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- I:\Windows\System32\drivers\avnetflt.sys [2013/12/16 10:39:20 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013/12/15 03:53:06 | 000,000,579 | ---- | M] () -- I:\Users\*****\Desktop\Adventskalender - Pollin Electronic.website [2013/12/12 12:33:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerApp.exe [2013/12/12 12:33:52 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/12/12 12:29:36 | 000,419,528 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT [2013/12/10 12:09:22 | 000,000,432 | ---- | M] () -- I:\Windows\BRWMARK.INI [2013/12/08 03:50:26 | 000,002,441 | ---- | M] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/12/06 14:03:52 | 000,014,305 | ---- | M] () -- I:\Users\*****\Documents\Mitgliederliste.pdf [2013/12/03 13:36:18 | 001,602,788 | ---- | M] () -- I:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2013/12/26 05:35:53 | 000,000,297 | ---- | C] () -- I:\ProgramData\odbmqjwmqg.reg [2013/12/26 05:35:01 | 000,001,039 | ---- | C] () -- I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqjwmqg.lnk [2013/12/26 05:35:01 | 000,000,000 | ---- | C] () -- I:\ProgramData\odbmqjwmqg.odd [2013/12/26 05:34:58 | 095,025,368 | ---- | C] () -- I:\ProgramData\odbmqjwmqg.fee [2013/12/24 05:04:50 | 000,278,621 | ---- | C] () -- I:\Users\*****\Documents\frohe-weihnachten.jpg [2013/12/22 06:23:06 | 000,120,416 | ---- | C] () -- I:\Users\*****\Documents\eBay Kaufbestätigung.pdf [2013/12/08 03:50:26 | 000,002,441 | ---- | C] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/12/08 03:29:43 | 000,000,579 | ---- | C] () -- I:\Users\*****\Desktop\Adventskalender - Pollin Electronic.website [2013/12/06 14:03:51 | 000,014,305 | ---- | C] () -- I:\Users\*****\Documents\Mitgliederliste.pdf [2013/11/28 11:26:19 | 001,602,788 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI [2013/10/30 06:16:31 | 000,000,534 | ---- | C] () -- I:\Users\*****\AppData\Roaming\burnaware.ini [2012/12/08 09:29:58 | 000,000,001 | ---- | C] () -- I:\Users\*****\AppData\Local\llftool.4.12.agreement [2012/05/19 01:26:18 | 000,002,213 | ---- | C] () -- I:\Windows\HCWPNP.INI [2012/02/29 17:19:30 | 000,000,209 | ---- | C] () -- I:\Windows\ODBCINST.INI [2012/02/29 17:18:51 | 000,037,639 | ---- | C] () -- I:\Windows\Irremote.ini [2012/02/29 17:18:28 | 000,142,337 | ---- | C] () -- I:\Windows\SysWow64\Wait.exe [2011/10/07 08:43:28 | 000,001,475 | ---- | C] () -- I:\Users\*****\AppData\Local\RecConfig.xml [2011/10/07 08:42:00 | 000,003,584 | ---- | C] () -- I:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/08 10:50:47 | 000,091,923 | ---- | C] () -- I:\Windows\SysWow64\EPPICPrinterDB.dat [2011/09/08 10:50:47 | 000,076,956 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern2.dat [2011/09/08 10:50:47 | 000,039,121 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern1.dat [2011/09/08 10:50:47 | 000,027,965 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_JP.dat [2011/09/06 14:19:26 | 000,000,507 | ---- | C] () -- I:\Windows\ODBC.INI [2011/09/06 09:20:52 | 000,000,010 | ---- | C] () -- I:\Windows\GSetup.ini [2011/09/06 08:16:30 | 000,000,017 | ---- | C] () -- I:\Users\*****\AppData\Local\resmon.resmoncfg [2011/09/05 17:34:50 | 000,303,104 | ---- | C] () -- I:\Windows\Uninstall_tkexe.exe [2011/09/05 15:44:16 | 000,000,432 | ---- | C] () -- I:\Windows\BRWMARK.INI [2011/09/05 15:44:16 | 000,000,034 | ---- | C] () -- I:\Windows\SysWow64\BD7025.DAT [2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll [2009/08/27 02:04:12 | 000,207,400 | R--- | C] () -- I:\Windows\GSetup.exe [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- I:\Windows\SysWow64\NOISE.DAT [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- I:\Windows\SysWow64\dssec.dat [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\SysWow64\mlang.dat [2007/08/13 10:46:00 | 000,155,136 | ---- | C] () -- I:\Users\*****\AppData\Local\lame_enc.dll [2006/10/25 18:06:48 | 000,064,000 | ---- | C] () -- I:\Users\*****\AppData\Local\vorbisenc.dll [2006/10/25 18:06:48 | 000,019,456 | ---- | C] () -- I:\Users\*****\AppData\Local\vorbisfile.dll [2006/10/25 18:06:46 | 000,143,872 | ---- | C] () -- I:\Users\*****\AppData\Local\vorbis.dll [2006/10/25 18:06:36 | 000,015,872 | ---- | C] () -- I:\Users\*****\AppData\Local\ogg.dll [2005/08/23 15:34:06 | 000,029,184 | ---- | C] () -- I:\Users\*****\AppData\Local\no23xwrapper.dll [2002/03/04 03:16:34 | 000,110,592 | R--- | C] () -- I:\Windows\SysWow64\Jpeg32.dll ========== LOP Check ========== [2013/05/12 05:33:42 | 000,000,000 | ---D | M] -- I:\ProgramData\AAV [2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Anwendungsdaten [2013/09/26 09:37:38 | 000,000,000 | ---D | M] -- I:\ProgramData\APN [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data [2013/09/26 09:37:58 | 000,000,000 | ---D | M] -- I:\ProgramData\AskPartnerNetwork [2012/10/23 17:13:53 | 000,000,000 | -H-D | M] -- I:\ProgramData\Common Files [2012/12/08 11:04:40 | 000,000,000 | ---D | M] -- I:\ProgramData\copypart [2012/12/08 11:00:08 | 000,000,000 | ---D | M] -- I:\ProgramData\createpart [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents [2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Dokumente [2012/02/19 04:53:45 | 000,000,000 | ---D | M] -- I:\ProgramData\eBay [2012/12/08 10:48:18 | 000,000,000 | ---D | M] -- I:\ProgramData\explauncher [2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favoriten [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites [2013/12/22 06:23:08 | 000,000,000 | ---D | M] -- I:\ProgramData\FreePDF [2011/09/05 13:15:16 | 000,000,000 | ---D | M] -- I:\ProgramData\G DATA [2012/02/29 17:20:07 | 000,000,000 | ---D | M] -- I:\ProgramData\Hauppauge [2011/09/05 16:34:03 | 000,000,000 | ---D | M] -- I:\ProgramData\ISDNWatch [2012/12/08 10:59:29 | 000,000,000 | ---D | M] -- I:\ProgramData\launcher [2012/01/28 13:04:45 | 000,000,000 | ---D | M] -- I:\ProgramData\NCH Swift Sound [2012/03/22 10:08:10 | 000,000,000 | ---D | M] -- I:\ProgramData\Nitro PDF [2013/01/15 10:27:02 | 000,000,000 | ---D | M] -- I:\ProgramData\Spamihilator [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu [2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Startmenü [2011/09/11 09:27:00 | 000,000,000 | ---D | M] -- I:\ProgramData\T-Online [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates [2013/09/29 11:37:31 | 000,000,000 | ---D | M] -- I:\ProgramData\TuneUp Software [2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Vorlagen [2013/09/29 11:55:54 | 000,000,000 | -HSD | M] -- I:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013/09/29 11:55:54 | 000,000,000 | -HSD | M] -- I:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} [2013/12/29 02:33:25 | 000,032,632 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013/11/11 12:55:45 | 103,792,856 | ---- | M] ()(I:\Windows\SysWow64\h??) -- I:\Windows\SysWow64\ℎά [2013/11/11 12:55:45 | 103,792,856 | ---- | C] ()(I:\Windows\SysWow64\h??) -- I:\Windows\SysWow64\ℎά < End of report > Gruß FUXS |
| Themen zu Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich! |
| adobe, antivir, autorun, avira, bho, browser, defender, desktop, ebay, error, explorer, firefox, format, helper, logfile, malwarebytes, microsoft, nvidia, opera, plug-in, realtek, registry, scan, senden, software, sperrbilschirm, system |
Baum-Darstellung