Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 29.12.2013, 15:09   #1
FUXS
 
Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich! - Standard

Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich!



Hallo zusammen,

mein System Win7 64bit Home.

Kann leider die abzuarbeitende Liste nicht durchführen, da ich kein Zugriff auf meinen PC bekomme. Sofort nach dem Start kommt der Sperrbildschirm.

Diese Nachricht schreibe ich von meinem Netbook - dass hat leider kein CD-Laufwerk.
Ich habe aber noch eine OTL-PE Boot-CD rumliegen und habe diese gestartet und OTL Laufen lassen - vielleicht kann man damit ja was anfangen.

OTL logfile created on: 12/29/2013 2:16:53 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 100.97 Mb Total Space | 73.96 Mb Free Space | 73.25% Space Free | Partition Type: NTFS
Drive D: | 405.27 Gb Total Space | 282.51 Gb Free Space | 69.71% Space Free | Partition Type: NTFS
Drive I: | 148.95 Gb Total Space | 85.16 Gb Free Space | 57.18% Space Free | Partition Type: NTFS
Drive J: | 60.38 Gb Total Space | 21.05 Gb Free Space | 34.86% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/12/26 05:35:05 | 000,061,024 | ---- | M] (Microsoft Corporation) [Auto] -- I:\ProgramData\odbmqjwmqg.zvv -- (Winmgmt)
SRV - [2013/12/20 14:29:08 | 000,166,352 | ---- | M] (APN LLC.) [Auto] -- I:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/12/17 09:09:09 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/12/17 09:08:22 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/11/25 12:58:31 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/11 15:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/23 02:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto] -- I:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/04 08:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- I:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 08:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- I:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/08 17:13:18 | 050,921,648 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/10/10 15:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 07:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/05/21 08:55:00 | 000,577,536 | ---- | M] (Hauppauge Computer Works) [Auto] -- I:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 20:21:52 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto] -- I:\Windows\SysWOW64\ACFXAU64.dll -- (AcfXAudioService)
SRV - [2008/10/24 09:35:44 | 000,128,296 | ---- | M] () [Auto] -- I:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/17 09:09:20 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- I:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/12/17 09:09:20 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- I:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/11/25 13:00:25 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- I:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/08/28 20:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013/04/04 08:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- I:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/09 10:38:52 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System] -- I:\Windows\System32\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2012/06/09 10:38:50 | 000,633,296 | ---- | M] (Paragon) [Kernel | System] -- I:\Windows\System32\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2012/06/09 10:38:50 | 000,389,968 | ---- | M] (Paragon) [Kernel | System] -- I:\Windows\System32\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011/05/25 02:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/01/26 15:35:26 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/30 04:09:50 | 000,653,312 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2010/03/25 10:52:26 | 000,154,880 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009/09/01 22:26:18 | 000,123,008 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ACFVA64.sys -- (acfva)
DRV:64bit: - [2009/07/13 19:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:36:03 | 000,899,328 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- I:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/28 20:21:44 | 000,034,944 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ACFDCP64.sys -- (dgcfltr)
DRV:64bit: - [2009/04/28 20:21:36 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- I:\Windows\System32\drivers\ACFXAU64.sys -- (XAudio)
DRV:64bit: - [2007/05/06 20:00:00 | 000,081,920 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- I:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV:64bit: - [2007/03/15 01:08:46 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto] -- I:\Windows\System32\drivers\ACFSDK64.sys -- (mdmxsdk)
DRV - [2011/09/08 10:50:50 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot] -- I:\Windows\SysWOW64\drivers\PzWDM.sys -- (PzWDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.comhxxp://www.tecstore.net [binary data]
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.de/
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 0B B6 DB F7 6B CC 01 [binary data]
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\*****_ON_I\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\*****_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0





========== FireFox ==========

FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:1.9a9pre

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: I:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: I:\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: I:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: I:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: I:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: I:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: I:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: I:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)


[2012/11/04 05:41:38 | 000,000,000 | ---D | M] (No name found) -- I:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2012/11/04 05:41:38 | 000,000,000 | ---D | M] (No name found) -- I:\Users\*****\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org
[2013/10/31 12:09:09 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- I:\PROGRAM FILES (X86)\XXXL_KUECHENPLANER\PRISM\EXTENSIONS\INSPECTOR@MOZILLA.ORG

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - I:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - I:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - I:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - I:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - I:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BCSSync] I:\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] I:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApnTBMon] I:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [avgnt] I:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] I:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FreePDF Assistant] I:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MBBalloon] I:\Program Files (x86)\HOTALBUMMyBOX\MBBalloon.exe (PLANNING Co., Ltd.)
O4 - HKU\*****_ON_I..\Run: [AmazonMP3DownloaderHelper] I:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKU\*****_ON_I..\Run: [NetworkIndicator] I:\Program Files (x86)\network-activity-indicator1.5\NetworkIndicator.exe (ITSamples.com)
O4 - HKU\LocalService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_I..\RunOnce: [mctadmin] File not found
O4 - Startup: I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK ()
O4 - Startup: I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqjwmqg.lnk ()
O4 - Startup: I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - I:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - I:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - I:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - I:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - I:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - I:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\Program Files (x86)\Frontpage2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - I:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - *****_ON_I\..Trusted Domains: bnhof.de ([www] https in Trusted sites)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.13.2)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - I:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/10 12:49:36 | 000,000,000 | ---D | M] - D:\Auto privat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{011a46d3-d7d5-11e0-8fa1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{011a46d3-d7d5-11e0-8fa1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/12/26 11:04:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- I:\Windows\System32\drivers\mbam.sys
[2013/12/26 11:04:41 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/26 05:35:05 | 000,061,024 | ---- | C] (Microsoft Corporation) -- I:\ProgramData\odbmqjwmqg.zvv
[2013/12/26 05:34:58 | 000,227,840 | ---- | C] (hxxp://tortoisesvn.net) -- I:\ProgramData\gqmwjqmbdo.jss
[2013/12/20 16:45:08 | 000,000,000 | -HSD | C] -- I:\Config.Msi
[2013/12/16 10:39:20 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/12 12:02:35 | 012,625,920 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wmploc.DLL
[2013/12/12 12:02:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\wmploc.DLL
[2013/12/12 12:02:35 | 011,410,432 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\wmp.dll
[2013/12/12 12:02:34 | 014,631,424 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wmp.dll
[2013/12/12 12:01:03 | 000,574,976 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll
[2013/12/12 12:01:03 | 000,440,832 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll
[2013/12/12 12:01:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieetwcollectorres.dll
[2013/12/12 12:01:02 | 000,708,608 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9diag.dll
[2013/12/12 12:01:02 | 000,553,472 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 12:01:02 | 000,218,624 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ie4uinit.exe
[2013/12/12 12:01:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieUnatt.exe
[2013/12/12 12:01:02 | 000,111,616 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieetwcollector.exe
[2013/12/12 12:01:02 | 000,066,048 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iesetup.dll
[2013/12/12 12:01:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieetwproxystub.dll
[2013/12/12 12:01:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iernonce.dll
[2013/12/12 12:01:01 | 000,817,664 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieapfltr.dll
[2013/12/12 12:01:01 | 000,703,488 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 12:01:00 | 001,995,264 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\inetcpl.cpl
[2013/12/12 12:01:00 | 001,928,192 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 12:00:58 | 005,769,216 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9.dll
[2013/12/12 12:00:58 | 004,243,968 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript9.dll
[2013/12/12 11:51:58 | 000,465,920 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WMPhoto.dll
[2013/12/12 11:51:58 | 000,417,792 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\WMPhoto.dll
[2013/12/12 11:51:38 | 000,335,360 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msieftp.dll
[2013/12/12 11:51:38 | 000,301,568 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msieftp.dll
[2013/12/12 11:51:37 | 000,202,752 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\scrrun.dll
[2013/12/12 11:51:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\scrrun.dll
[2013/12/12 11:51:37 | 000,156,160 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\cscript.exe
[2013/12/12 11:51:37 | 000,150,016 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wshom.ocx
[2013/12/12 11:51:37 | 000,126,976 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\cscript.exe
[2013/12/12 11:51:37 | 000,121,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\wshom.ocx
[2013/12/12 11:51:36 | 000,230,400 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\portcls.sys
[2013/12/12 11:51:36 | 000,159,232 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\imagehlp.dll
[2013/12/12 11:51:36 | 000,116,736 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\drmk.sys
[2013/12/12 11:51:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\imagehlp.dll
[2013/12/08 03:50:17 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Common Files\Adobe
[2007/08/13 10:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- I:\Users\*****\AppData\Local\CDRip.dll
[2007/01/18 14:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- I:\Users\*****\AppData\Local\No23 Recorder.exe
[2006/12/11 12:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- I:\Users\*****\AppData\Local\basscd.dll
[2006/12/11 12:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- I:\Users\*****\AppData\Local\bass.dll

========== Files - Modified Within 30 Days ==========

[2013/12/29 03:36:21 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2013/12/29 03:35:05 | 3213,467,648 | -HS- | M] () -- I:\hiberfil.sys
[2013/12/29 02:33:37 | 095,025,368 | ---- | M] () -- I:\ProgramData\odbmqjwmqg.fee
[2013/12/29 02:33:31 | 000,000,000 | ---- | M] () -- I:\ProgramData\odbmqjwmqg.odd
[2013/12/29 02:32:59 | 000,001,116 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/27 07:40:48 | 000,021,184 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/27 07:40:48 | 000,021,184 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/27 07:36:00 | 000,001,120 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/26 12:39:47 | 000,000,297 | ---- | M] () -- I:\ProgramData\odbmqjwmqg.reg
[2013/12/26 12:32:45 | 000,702,980 | ---- | M] () -- I:\Windows\System32\perfh007.dat
[2013/12/26 12:32:45 | 000,657,212 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2013/12/26 12:32:45 | 000,150,620 | ---- | M] () -- I:\Windows\System32\perfc007.dat
[2013/12/26 12:32:45 | 000,123,024 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2013/12/26 10:54:56 | 001,928,716 | ---- | M] (Farbar) -- I:\Users\*****\Desktop\FRST64.exe
[2013/12/26 05:35:05 | 000,061,024 | ---- | M] (Microsoft Corporation) -- I:\ProgramData\odbmqjwmqg.zvv
[2013/12/26 05:35:01 | 000,001,039 | ---- | M] () -- I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqjwmqg.lnk
[2013/12/26 05:34:58 | 000,227,840 | ---- | M] (hxxp://tortoisesvn.net) -- I:\ProgramData\gqmwjqmbdo.jss
[2013/12/24 05:03:06 | 000,278,621 | ---- | M] () -- I:\Users\*****\Documents\frohe-weihnachten.jpg
[2013/12/23 12:41:14 | 000,000,534 | ---- | M] () -- I:\Users\*****\AppData\Roaming\burnaware.ini
[2013/12/17 09:09:20 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- I:\Windows\System32\drivers\avgntflt.sys
[2013/12/17 09:09:20 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- I:\Windows\System32\drivers\avnetflt.sys
[2013/12/16 10:39:20 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/15 03:53:06 | 000,000,579 | ---- | M] () -- I:\Users\*****\Desktop\Adventskalender - Pollin Electronic.website
[2013/12/12 12:33:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/12 12:33:52 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/12 12:29:36 | 000,419,528 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2013/12/10 12:09:22 | 000,000,432 | ---- | M] () -- I:\Windows\BRWMARK.INI
[2013/12/08 03:50:26 | 000,002,441 | ---- | M] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/12/06 14:03:52 | 000,014,305 | ---- | M] () -- I:\Users\*****\Documents\Mitgliederliste.pdf
[2013/12/03 13:36:18 | 001,602,788 | ---- | M] () -- I:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2013/12/26 05:35:53 | 000,000,297 | ---- | C] () -- I:\ProgramData\odbmqjwmqg.reg
[2013/12/26 05:35:01 | 000,001,039 | ---- | C] () -- I:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqjwmqg.lnk
[2013/12/26 05:35:01 | 000,000,000 | ---- | C] () -- I:\ProgramData\odbmqjwmqg.odd
[2013/12/26 05:34:58 | 095,025,368 | ---- | C] () -- I:\ProgramData\odbmqjwmqg.fee
[2013/12/24 05:04:50 | 000,278,621 | ---- | C] () -- I:\Users\*****\Documents\frohe-weihnachten.jpg
[2013/12/22 06:23:06 | 000,120,416 | ---- | C] () -- I:\Users\*****\Documents\eBay Kaufbestätigung.pdf
[2013/12/08 03:50:26 | 000,002,441 | ---- | C] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/12/08 03:29:43 | 000,000,579 | ---- | C] () -- I:\Users\*****\Desktop\Adventskalender - Pollin Electronic.website
[2013/12/06 14:03:51 | 000,014,305 | ---- | C] () -- I:\Users\*****\Documents\Mitgliederliste.pdf
[2013/11/28 11:26:19 | 001,602,788 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/30 06:16:31 | 000,000,534 | ---- | C] () -- I:\Users\*****\AppData\Roaming\burnaware.ini
[2012/12/08 09:29:58 | 000,000,001 | ---- | C] () -- I:\Users\*****\AppData\Local\llftool.4.12.agreement
[2012/05/19 01:26:18 | 000,002,213 | ---- | C] () -- I:\Windows\HCWPNP.INI
[2012/02/29 17:19:30 | 000,000,209 | ---- | C] () -- I:\Windows\ODBCINST.INI
[2012/02/29 17:18:51 | 000,037,639 | ---- | C] () -- I:\Windows\Irremote.ini
[2012/02/29 17:18:28 | 000,142,337 | ---- | C] () -- I:\Windows\SysWow64\Wait.exe
[2011/10/07 08:43:28 | 000,001,475 | ---- | C] () -- I:\Users\*****\AppData\Local\RecConfig.xml
[2011/10/07 08:42:00 | 000,003,584 | ---- | C] () -- I:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/08 10:50:47 | 000,091,923 | ---- | C] () -- I:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/09/08 10:50:47 | 000,076,956 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern2.dat
[2011/09/08 10:50:47 | 000,039,121 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern1.dat
[2011/09/08 10:50:47 | 000,027,965 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_JP.dat
[2011/09/06 14:19:26 | 000,000,507 | ---- | C] () -- I:\Windows\ODBC.INI
[2011/09/06 09:20:52 | 000,000,010 | ---- | C] () -- I:\Windows\GSetup.ini
[2011/09/06 08:16:30 | 000,000,017 | ---- | C] () -- I:\Users\*****\AppData\Local\resmon.resmoncfg
[2011/09/05 17:34:50 | 000,303,104 | ---- | C] () -- I:\Windows\Uninstall_tkexe.exe
[2011/09/05 15:44:16 | 000,000,432 | ---- | C] () -- I:\Windows\BRWMARK.INI
[2011/09/05 15:44:16 | 000,000,034 | ---- | C] () -- I:\Windows\SysWow64\BD7025.DAT
[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll
[2009/08/27 02:04:12 | 000,207,400 | R--- | C] () -- I:\Windows\GSetup.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- I:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- I:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\SysWow64\mlang.dat
[2007/08/13 10:46:00 | 000,155,136 | ---- | C] () -- I:\Users\*****\AppData\Local\lame_enc.dll
[2006/10/25 18:06:48 | 000,064,000 | ---- | C] () -- I:\Users\*****\AppData\Local\vorbisenc.dll
[2006/10/25 18:06:48 | 000,019,456 | ---- | C] () -- I:\Users\*****\AppData\Local\vorbisfile.dll
[2006/10/25 18:06:46 | 000,143,872 | ---- | C] () -- I:\Users\*****\AppData\Local\vorbis.dll
[2006/10/25 18:06:36 | 000,015,872 | ---- | C] () -- I:\Users\*****\AppData\Local\ogg.dll
[2005/08/23 15:34:06 | 000,029,184 | ---- | C] () -- I:\Users\*****\AppData\Local\no23xwrapper.dll
[2002/03/04 03:16:34 | 000,110,592 | R--- | C] () -- I:\Windows\SysWow64\Jpeg32.dll

========== LOP Check ==========

[2013/05/12 05:33:42 | 000,000,000 | ---D | M] -- I:\ProgramData\AAV
[2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Anwendungsdaten
[2013/09/26 09:37:38 | 000,000,000 | ---D | M] -- I:\ProgramData\APN
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data
[2013/09/26 09:37:58 | 000,000,000 | ---D | M] -- I:\ProgramData\AskPartnerNetwork
[2012/10/23 17:13:53 | 000,000,000 | -H-D | M] -- I:\ProgramData\Common Files
[2012/12/08 11:04:40 | 000,000,000 | ---D | M] -- I:\ProgramData\copypart
[2012/12/08 11:00:08 | 000,000,000 | ---D | M] -- I:\ProgramData\createpart
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents
[2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Dokumente
[2012/02/19 04:53:45 | 000,000,000 | ---D | M] -- I:\ProgramData\eBay
[2012/12/08 10:48:18 | 000,000,000 | ---D | M] -- I:\ProgramData\explauncher
[2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites
[2013/12/22 06:23:08 | 000,000,000 | ---D | M] -- I:\ProgramData\FreePDF
[2011/09/05 13:15:16 | 000,000,000 | ---D | M] -- I:\ProgramData\G DATA
[2012/02/29 17:20:07 | 000,000,000 | ---D | M] -- I:\ProgramData\Hauppauge
[2011/09/05 16:34:03 | 000,000,000 | ---D | M] -- I:\ProgramData\ISDNWatch
[2012/12/08 10:59:29 | 000,000,000 | ---D | M] -- I:\ProgramData\launcher
[2012/01/28 13:04:45 | 000,000,000 | ---D | M] -- I:\ProgramData\NCH Swift Sound
[2012/03/22 10:08:10 | 000,000,000 | ---D | M] -- I:\ProgramData\Nitro PDF
[2013/01/15 10:27:02 | 000,000,000 | ---D | M] -- I:\ProgramData\Spamihilator
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu
[2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Startmenü
[2011/09/11 09:27:00 | 000,000,000 | ---D | M] -- I:\ProgramData\T-Online
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates
[2013/09/29 11:37:31 | 000,000,000 | ---D | M] -- I:\ProgramData\TuneUp Software
[2011/09/05 08:50:18 | 000,000,000 | -HSD | M] -- I:\ProgramData\Vorlagen
[2013/09/29 11:55:54 | 000,000,000 | -HSD | M] -- I:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/09/29 11:55:54 | 000,000,000 | -HSD | M] -- I:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/12/29 02:33:25 | 000,032,632 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/11/11 12:55:45 | 103,792,856 | ---- | M] ()(I:\Windows\SysWow64\h??) -- I:\Windows\SysWow64\ℎά
[2013/11/11 12:55:45 | 103,792,856 | ---- | C] ()(I:\Windows\SysWow64\h??) -- I:\Windows\SysWow64\ℎά
< End of report >



Gruß
FUXS

 

Themen zu Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich!
adobe, antivir, autorun, avira, bho, browser, defender, desktop, ebay, error, explorer, firefox, format, helper, logfile, malwarebytes, microsoft, nvidia, opera, plug-in, realtek, registry, scan, senden, software, sperrbilschirm, system




Ähnliche Themen: Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich!


  1. Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.
    Plagegeister aller Art und deren Bekämpfung - 30.06.2015 (16)
  2. Windows XP: GVU Sperrbildschirm, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 27.05.2014 (17)
  3. Interpol-Sperrbildschirm, Win XP, kein abgesicherter Modus klappt - dauernder Neustart
    Log-Analyse und Auswertung - 02.03.2014 (5)
  4. BKA-Trojaner Sperrbildschirm Windows Vista (32bit) kein abgesicherter Modus
    Log-Analyse und Auswertung - 07.01.2014 (14)
  5. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (7)
  6. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Log-Analyse und Auswertung - 06.09.2013 (1)
  7. Bundespolizei Trojaner - anscheinend neueste Version - kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (7)
  8. Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (15)
  9. Polizeivirus, Sperrbildschirm, kein abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (9)
  10. Bundespolizei, Trojaner, Windows XP, Kein Taskmanager, kein abgesicherter Modus
    Log-Analyse und Auswertung - 14.04.2013 (20)
  11. Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (12)
  12. BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (40)
  13. kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 08.08.2012 (9)
  14. Bundespolizei Trojaner, kein abgesicherter Modus möglich, WinXP
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (3)
  15. Bundespolizei-Trojaner und kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 26.03.2012 (27)
  16. Bundespolizei Trojaner Hilfe gesucht, kein abgesicherter Modus, kein CD Laufwerk...
    Plagegeister aller Art und deren Bekämpfung - 14.12.2011 (1)
  17. Kein Antiviren-Programm und auch kein abgesicherter Modus mehr möglich
    Log-Analyse und Auswertung - 12.02.2007 (1)

Zum Thema Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich! - Hallo zusammen, mein System Win7 64bit Home. Kann leider die abzuarbeitende Liste nicht durchführen, da ich kein Zugriff auf meinen PC bekomme. Sofort nach dem Start kommt der Sperrbildschirm. Diese - Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich!...
Archiv
Du betrachtest: Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.