Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.10.2012, 21:24   #1
tabularasa
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



Hallo zusammen,

ich bin auf Eure Hilfe angewiesen:

Vor ca. 1 Woche hatte ich auf meinem Laptop den BKA-Virus. Diesen konnte ich über den abgesicherten Modus und HijackThis entfernen (dachte ich zumindest, Ihr müsst wissen, dass ich Virenentfernung etc. keinerlei Erfahrung/Ahnung habe).

Seit dem Wochenende habe ich nun das Problem, dass ich mit meinem PC nicht mehr ins Internet komme. Die Fehlermeldung lautet, dass ich keinen Internetzugriff habe, da der DNS-Server nicht antwortet.

Sofern ich versuche, in den abgesicherten Modus zu gelangen tut sich gar nichts. Drücke ich beim Anschalten vom Laptop die F8-Taste, so passiert nichts und Windows startet ganz normal.

Meine letzte Idee war nun, dass ich eine Systemwiederherstellung versuche. Beim Versuch bekomme ich folgende Fehlermeldung:
"Systemwiederherstellungsfehler beim Kopieren der Registrierung aus dem Wiederherstellungspunkt. Unbekannter Fehler bei der Systemwiederherstellung. (0x80070570)"

Die gefundenen Viren und die Logdatei von Malwarebytes findet Ihr im Anhang.

Sofern ich Euch weitere Angaben muss/kann versuche ich mich so schnell wie möglich zu melden. Leider kann ich nur noch über den Firmen-Laptop ins Internet.

Für Eure Unterstützung schon im Voraus vielen Dank!

Viele Grüße

Michael
Angehängte Grafiken
Dateityp: jpg Malwarebytes.jpg (92,1 KB, 338x aufgerufen)

Alt 16.10.2012, 07:20   #2
Psychotic
/// Malwareteam
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.


Der BKA-Trojaner wäre das kleinere Übel! Du hast das ZeroAccess-Rootkit auf der Maschine, das könnte holprig werden...versuchen wirs!



Schritt 1: Flash Disinfector



Lade Dir den Flash Disinfector von sUBs und speichere Flash_Disinfector.exe auf Deinem Desktop ab. Gehe nun wie folgt vor (Anleitung):
  1. Trenne den Rechner physikalisch vom Netz.
  2. Deaktiviere den Hintergrundwächter deines AVP.
  3. Schließe jetzt alle externe Datenträgeran Deinen Rechner an.
  4. Starte den Flash Disinfector mit einem Doppelklick und folge ggf. den Anweisungen.
  5. Wenn der Scan zuende ist, kannst du das Programm schließen.
  6. Starte Deinen Rechner neu.
Hinweis: Flash Disinfector desinfiziert all Deine Laufwerke von Autoruninfektionen und erstellt einen versteckten Ordner mit demselben Namen, so dass dein Datenträger in Zukunft vor dieser Infektion geschützt ist. Während dem Scan wird Dein Desktop kurzfristig verschwinden und dann wiederkommen. Das ist normal.



Schritt 2: FRST (64)



Downloade dir bitte Farbar's Recovery Scan Tool x64 und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________

__________________

Alt 16.10.2012, 19:15   #3
tabularasa
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



Hallo Marius,

zu aller erst einmal vielen Dank, dass du dich meines Problemes annimmst. Alleine wäre ich mehr als aufgeschmissen und mir bliebe nichts anderes als eine Formatierung.

Nun zu deiner Anleitung: Leider bin ich nur bis zu Punkt 4 von Schritt 1 gekommen. Starte ich den Flash-Disinfector mit Doppelklick oder als Admin, so erscheint kurzzeitig die Windows-Sanduhr. Der Scan wird leider nicht gestartet.

Viele Grüße
Michael
__________________

Alt 17.10.2012, 06:35   #4
Psychotic
/// Malwareteam
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



Dann lass Schritt 1 weg.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 17.10.2012, 19:00   #5
tabularasa
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



Hallo Marius,

anbei die Datei.

Viele Grüße

Michael

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2012
Ran by lo54ytk54 at 17-10-2012 19:53:22
Running from F:\
  Service Pack 1 (X64) OS Language: German Standard 
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-10-17 19:52 - 2012-10-17 19:53 - 00000000 ____D C:\FRST
2012-10-16 19:49 - 2012-10-16 19:48 - 00132597 ____A C:\Users\lo54ytk54\Desktop\Flash_Disinfector.exe
2012-10-14 22:00 - 2012-10-14 22:00 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-10-14 22:00 - 2012-10-14 22:00 - 00000000 ____D C:\Users\lo54ytk54\AppData\Roaming\Malwarebytes
2012-10-14 22:00 - 2012-10-14 22:00 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-14 22:00 - 2012-10-14 22:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-14 22:00 - 2012-09-07 17:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-14 21:36 - 2012-10-14 21:36 - 00000000 ____D C:\Users\lo54ytk54\AppData\Local\MFAData
2012-10-14 21:36 - 2012-10-14 21:36 - 00000000 ____D C:\Users\lo54ytk54\AppData\Local\Avg2013
2012-10-14 21:36 - 2012-10-14 21:36 - 00000000 ____D C:\Users\All Users\MFAData
2012-10-07 16:57 - 2012-10-07 16:57 - 00000012 ____A C:\Windows\srun.log
2012-10-06 14:28 - 2012-10-06 14:28 - 00000000 ____D C:\Users\lo54ytk54\AppData\Roaming\Avira
2012-10-06 14:23 - 2012-10-06 14:23 - 00001998 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-10-06 14:22 - 2012-10-06 14:22 - 00000000 ____D C:\Users\All Users\Avira
2012-10-06 14:22 - 2012-10-06 14:22 - 00000000 ____D C:\Program Files (x86)\Avira
2012-10-06 14:22 - 2012-10-01 17:14 - 00129576 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2012-10-06 14:22 - 2012-09-24 09:58 - 00027800 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2012-10-06 14:22 - 2012-09-13 15:52 - 00099248 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2012-10-06 14:15 - 2012-10-06 14:16 - 102500872 ____A C:\Users\lo54ytk54\Downloads\avira_free_antivirus_de.exe
2012-10-05 15:43 - 2012-10-06 13:46 - 00000000 ____D C:\Users\All Users\nylpmmrsdmdeuhu
2012-10-05 15:43 - 2012-10-05 15:43 - 00076351 ____A C:\Users\All Users\qcdidvjxdbwlbuk
2012-09-25 07:14 - 2012-09-25 07:14 - 00000000 ____D C:\Users\All Users\GFI Software
2012-09-21 22:49 - 2012-08-24 20:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-21 22:49 - 2012-08-24 20:05 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-21 22:49 - 2012-08-24 20:05 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-21 22:49 - 2012-08-24 20:03 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-21 22:49 - 2012-08-24 20:03 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-21 22:49 - 2012-08-24 20:03 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-21 22:49 - 2012-08-24 20:03 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-21 22:49 - 2012-08-24 20:02 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-21 22:49 - 2012-08-24 20:02 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-21 22:49 - 2012-08-24 20:02 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-21 22:49 - 2012-08-24 18:57 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-21 22:49 - 2012-08-24 18:57 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-21 22:49 - 2012-08-24 18:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-21 22:49 - 2012-08-24 18:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-21 22:49 - 2012-08-24 18:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-21 22:49 - 2012-08-24 18:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-21 22:49 - 2012-08-24 18:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-21 22:49 - 2012-08-24 18:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-21 22:49 - 2012-08-24 18:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-21 22:48 - 2012-08-24 18:57 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-21 22:48 - 2012-08-24 17:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-21 22:48 - 2012-08-24 17:20 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-19 22:46 - 2012-09-19 22:46 - 00714592 ____A C:\Windows\Minidump\091912-22744-01.dmp

==================== 3 Months Modified Files ==================

2012-10-17 19:39 - 2010-01-13 00:48 - 00000558 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-17 19:38 - 2012-02-14 07:21 - 00020294 ____A C:\Windows\setupact.log
2012-10-17 19:38 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-17 19:34 - 2009-11-17 18:17 - 01960898 ____A C:\Windows\WindowsUpdate.log
2012-10-17 19:34 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-17 19:34 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-17 19:28 - 2010-01-13 00:48 - 00000554 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-16 20:11 - 2009-11-18 03:09 - 00763972 ____A C:\Windows\System32\perfh007.dat
2012-10-16 20:11 - 2009-11-18 03:09 - 00176696 ____A C:\Windows\System32\perfc007.dat
2012-10-16 20:11 - 2009-07-14 07:13 - 01789514 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-16 19:48 - 2012-10-16 19:49 - 00132597 ____A C:\Users\lo54ytk54\Desktop\Flash_Disinfector.exe
2012-10-15 21:11 - 2012-03-18 13:07 - 00008956 ____A C:\Windows\PFRO.log
2012-10-15 03:03 - 2010-01-11 15:02 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-14 22:00 - 2012-10-14 22:00 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-10-10 22:05 - 2012-08-24 15:30 - 00000047 ____A C:\Users\lo54ytk54\AppData\Roaming\msconfig.ini
2012-10-07 17:00 - 2012-04-02 20:21 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-07 17:00 - 2011-11-01 09:12 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-07 16:57 - 2012-10-07 16:57 - 00000012 ____A C:\Windows\srun.log
2012-10-06 14:23 - 2012-10-06 14:23 - 00001998 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-10-06 14:16 - 2012-10-06 14:15 - 102500872 ____A C:\Users\lo54ytk54\Downloads\avira_free_antivirus_de.exe
2012-10-05 15:43 - 2012-10-05 15:43 - 00076351 ____A C:\Users\All Users\qcdidvjxdbwlbuk
2012-10-01 17:14 - 2012-10-06 14:22 - 00129576 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2012-09-24 09:58 - 2012-10-06 14:22 - 00027800 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2012-09-19 22:46 - 2012-09-19 22:46 - 00714592 ____A C:\Windows\Minidump\091912-22744-01.dmp
2012-09-19 22:46 - 2012-07-02 19:08 - 521534961 ____A C:\Windows\MEMORY.DMP
2012-09-16 11:09 - 2011-03-08 15:09 - 00001402 ____A C:\Users\lo54ytk54\Desktop\Free YouTube to MP3 Converter.lnk
2012-09-13 15:52 - 2012-10-06 14:22 - 00099248 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2012-09-09 15:48 - 2012-09-09 15:48 - 00735552 ____A C:\Windows\Minidump\090912-24351-01.dmp
2012-09-07 17:04 - 2012-10-14 22:00 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-25 15:26 - 2012-08-25 15:26 - 00276992 ____A C:\Windows\Minidump\082512-21262-01.dmp
2012-08-24 20:05 - 2012-09-21 22:49 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 20:05 - 2012-09-21 22:49 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 20:05 - 2012-09-21 22:49 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 20:03 - 2012-09-21 22:49 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 20:03 - 2012-09-21 22:49 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 20:03 - 2012-09-21 22:49 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 20:03 - 2012-09-21 22:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 20:02 - 2012-09-21 22:49 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 20:02 - 2012-09-21 22:49 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 20:02 - 2012-09-21 22:49 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 18:57 - 2012-09-21 22:49 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 18:57 - 2012-09-21 22:49 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 18:57 - 2012-09-21 22:49 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 18:57 - 2012-09-21 22:49 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 18:57 - 2012-09-21 22:49 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 18:57 - 2012-09-21 22:48 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 18:56 - 2012-09-21 22:49 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 18:56 - 2012-09-21 22:49 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 18:56 - 2012-09-21 22:49 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-24 18:56 - 2012-09-21 22:49 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 17:59 - 2012-09-21 22:48 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 17:20 - 2012-09-21 22:48 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-22 20:12 - 2012-09-12 19:55 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 20:12 - 2012-09-12 19:55 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 20:12 - 2012-09-12 19:55 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-15 19:00 - 2009-07-14 06:45 - 02945160 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-06 06:22 - 2012-08-06 06:21 - 00709792 ____A C:\Windows\Minidump\080612-24788-01.dmp
2012-07-31 21:51 - 2009-07-14 07:08 - 00032626 ____A C:\Windows\Tasks\SCHEDLGU.TXT


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3848605699-2962884644-854676138-1000\$033b9c11cb15b76dcdd1a8dfe2fcf57f

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$033b9c11cb15b76dcdd1a8dfe2fcf57f

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 3998.84 MB
Available physical RAM: 2958.27 MB
Total Pagefile: 7995.87 MB
Available Pagefile: 6971.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: (Acer) (Fixed) (Total:453.66 GB) (Free:231.81 GB) NTFS
4 Drive f: () (Removable) (Total:3.73 GB) (Free:3.41 GB) FAT32

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          465 GB      0 B         
  Datentr„ger 1    Online         3837 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Wiederherstellun    12 GB  1024 KB
  Partition 2    Prim„r             100 MB    12 GB
  Partition 3    Prim„r             453 GB    12 GB

==================================================================================

Disk: 0
Partition 1
Typ      : 27
Versteckt: Ja
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4         PQSERVICE    NTFS   Partition     12 GB  Fehlerfre  Versteck

=========================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         SYSTEM RESE  NTFS   Partition    100 MB  Fehlerfre  System (partition with boot components)  

=========================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     C   Acer         NTFS   Partition    453 GB  Fehlerfre  Startpar

=========================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     C   Acer         NTFS   Partition    453 GB  Fehlerfre  Startpar

=========================================================

Partitions of Disk 1:
===============

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            3831 MB  5676 KB

==================================================================================

Disk: 1
Partition 1
Typ      : 0C
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     F                FAT32  Wechselmed  3831 MB  Fehlerfre          

=========================================================

Disk: 1
Partition 1
Typ      : 0C
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     F                FAT32  Wechselmed  3831 MB  Fehlerfre          

=========================================================

Last Boot: 2012-10-07 18:04

==================== End Of Log =============================
         


Alt 18.10.2012, 07:14   #6
Psychotic
/// Malwareteam
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



Du musst FRST, wie von mir erklärt, aus der Recovery-Umgebung starten, sonst kann ich dir nicht helfen!
__________________
--> BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich

Alt 18.10.2012, 18:12   #7
tabularasa
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



Ich habe das Problem, dass ich nicht in den Recovery-Modus komme.

- Über die F8-Taste komme ich nicht in den abgesicherten Modus. Ich kann die F8-Taste beim hochfahren so oft drücken wie ich will, da tut sich gar nichts
- Ich habe nen 13Zoll-Laptop ohne Laufwerk und habe dementsprechend auch keine Windows-CD, die ich booten kann

Ich hoffe, du kannst mir weiterhelfen!

Alt 19.10.2012, 06:17   #8
Psychotic
/// Malwareteam
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



Du drückst die F8-Taste, bevor der Windows-Startbildschirm erscheint. Kurz, nachdem du das Notebook eingeschaltet hast.

tut sich da nix?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 19.10.2012, 08:54   #9
tabularasa
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



Genau so ist es. Ich drück F8 nach dem Starten des PC's, es tut sich leider nichts und der PC fährt ganz normal hoch und ich komme dann in die Anmeldemaske.

Alt 19.10.2012, 09:37   #10
Psychotic
/// Malwareteam
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



OTLPE


Falls Du kein Brennprogramm installiert hast, lade
dir bitte ISOBurner herunter.
Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen.
Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
    Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von mit der OTLPE CD.
Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 19.10.2012, 18:00   #11
tabularasa
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



Bin nun soweit, dass ich den REATOGO-X-PE Desktop anzeigt bekomme.

Wenn ich jetzt allerdings auf das OTLPE doppelt klicke öffnet sich das Fenster "Browse for Folder". Hier habe ich nun die Auswahl aus meinen verschiedenen Laufwerken auszuwählen. Wähle ich unter dem Disk-Laufwerk den Ordner OTLPE und versuche zu starten bekomme ich die Fehlermeldung "RunScanner Error: Target is not windows 2000 or later".

Was soll ich tun?

Ich sollte noch dazu sagen, dass ich auf meinem Laptop Win7 drauf habe. Boote ich allerdings von der CD lande ich in Win XP.

EDIT: Habs hinbekommen!

Leider hat sich nur das OTL.txt geöffnet:

Code:
ATTFilter
OTL logfile created on: 10/19/2012 10:36:11 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.83 Mb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.40 Gb Free Space | 90.98% Space Free | Partition Type: FAT32
Drive E: | 453.66 Gb Total Space | 231.11 Gb Free Space | 50.94% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/10/02 18:24:36 | 000,786,976 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/17 12:20:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto] -- E:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- E:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/04/28 03:58:54 | 000,029,184 | ---- | M] () [Auto] -- E:\Windows\System32\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV:64bit: - [2007/11/28 09:51:42 | 001,039,872 | ---- | M] ( ) [Disabled] -- E:\Windows\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2012/09/25 05:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/09/25 04:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/09/07 11:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto] -- E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 11:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto] -- E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/29 07:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto] -- E:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/04/28 11:12:10 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/12/14 07:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto] -- E:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/10/22 11:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Disabled] -- E:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/09/16 09:06:22 | 000,080,896 | ---- | M] () [Auto] -- E:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/03 04:59:32 | 000,818,432 | ---- | M] (PC Tools) [Auto] -- E:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/11/09 09:03:24 | 001,576,960 | ---- | M] (DATEV eG) [Auto] -- E:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe -- (DVckService)
SRV - [2009/10/16 18:30:34 | 000,332,272 | ---- | M] (Google Inc.) [Disabled] -- E:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- E:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/09/17 08:06:28 | 000,239,200 | ---- | M] (DATEV eG) [Auto] -- E:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe -- (SCardService)
SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [Auto] -- E:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 20:43:00 | 000,146,016 | ---- | M] (DATEV eG) [On_Demand] -- E:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto] -- E:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/07/10 05:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/11/23 20:00:00 | 000,077,312 | ---- | M] (DATEV eG) [Auto] -- E:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2008/07/04 06:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto] -- E:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/10/19 12:04:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- E:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/10/01 11:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/09/24 03:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/09/13 09:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/09/07 11:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/12/29 10:29:31 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System] -- E:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/17 10:37:16 | 000,572,336 | ---- | M] (Paragon) [Kernel | System] -- E:\Windows\System32\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011/11/17 10:37:16 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System] -- E:\Windows\System32\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011/11/17 10:37:14 | 000,352,816 | ---- | M] (Paragon) [Kernel | System] -- E:\Windows\System32\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011/04/13 09:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/12 07:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/25 11:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/02/03 04:59:51 | 000,164,496 | ---- | M] (PC Tools) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pctplfw64.sys -- (pctplfw)
DRV:64bit: - [2010/02/03 04:59:50 | 000,095,504 | ---- | M] (PC Tools) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pctNdis-PacketFilter64.sys -- (PCTFW-PacketFilter)
DRV:64bit: - [2010/02/03 04:59:50 | 000,081,584 | ---- | M] (PC Tools) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pctNdis64.sys -- (pctNDIS)
DRV:64bit: - [2010/02/03 04:59:49 | 000,042,456 | ---- | M] (PC Tools) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pctNdis-DNS64.sys -- (PCTFW-DNS)
DRV:64bit: - [2010/02/03 04:59:48 | 000,306,648 | ---- | M] (PC Tools) [Kernel | System] -- E:\Windows\System32\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2009/12/07 14:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/11/01 14:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/15 00:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/09/02 12:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/22 17:24:58 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/07/27 03:04:38 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/20 03:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
DRV:64bit: - [2009/07/09 18:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- E:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/05/16 06:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008/05/16 06:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008/05/16 06:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/05/16 06:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008/05/16 06:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008/05/16 06:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008/05/16 06:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2012/05/08 09:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- E:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/12/27 13:58:13 | 000,028,632 | ---- | M] (Olof Lagerkvist) [Kernel | On_Demand] -- E:\Windows\SysWOW64\drivers\virtualdisk.sys -- (vrtldskdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1004&m=aspire_3810tz&r=273611092306l0321z125t4811v09s
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1004&m=aspire_3810tz&r=273611092306l0321z125t4811v09s
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\lo54ytk54_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1004&m=aspire_3810tz&r=273611092306l0321z125t4811v09s
IE - HKU\lo54ytk54_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\lo54ytk54_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\NetworkService_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_265.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: E:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@parallelgraphics.com/Cortona: E:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@veetle.com/vbp;version=0.9.17: E:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: E:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: E:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 15:11:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/24 11:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/23 08:24:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\lo54ytk54\AppData\Roaming\12011 [2012/05/31 16:14:25 | 000,000,000 | ---D | M]
 
[2010/01/10 12:43:29 | 000,000,000 | ---D | M] (No name found) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Extensions
[2010/01/10 12:39:57 | 000,000,000 | ---D | M] (No name found) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/06/19 15:11:27 | 000,000,000 | ---D | M] (No name found) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions
[2012/06/01 17:25:50 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012/09/25 00:46:43 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2010/06/14 06:09:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/01/30 05:47:03 | 000,000,000 | ---D | M] (CustomizeGoogle) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2011/05/07 04:09:51 | 000,000,000 | ---D | M] (Conduit Engine) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\engine@conduit.com
[2012/05/18 12:12:34 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\ich@maltegoetz.de
[2012/06/19 15:11:28 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2010/07/04 06:05:27 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\smartbookmarksbar@remy.juteau
[2012/05/27 07:40:51 | 000,000,950 | ---- | M] () -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\searchplugins\icqplugin-2.xml
[2010/06/21 10:35:24 | 000,001,042 | ---- | M] () -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\searchplugins\icqplugin.xml
[2011/12/27 17:40:13 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/10 13:14:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- E:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/05/05 03:23:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
[2010/11/15 18:38:38 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- E:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
() (No name found) -- E:\USERS\LO54YTK54\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3KF3FN56.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- E:\USERS\LO54YTK54\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3KF3FN56.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
[2012/04/28 11:12:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/06/01 08:22:18 | 000,874,008 | ---- | M] (ParallelGraphics) -- E:\Program Files (x86)\mozilla firefox\plugins\npCortona.dll
[2011/10/02 23:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 14:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/13 13:41:22 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/13 13:41:22 | 000,002,252 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/13 13:41:22 | 000,001,153 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/13 13:41:22 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/13 13:41:22 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/13 13:41:22 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - E:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - E:\DATEV\SYSTEM\DVCCSASCardBHO64002.dll (DATEV eG)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - E:\DATEV\SYSTEM\DVCCSASCardBHO002.dll (DATEV eG)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\lo54ytk54_ON_E\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] E:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] E:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] E:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] E:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] E:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [00PCTFW] E:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] E:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DATEV_SCardMan] E:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe (DATEV eG)
O4 - HKLM..\Run: [DVCCSAWTSSetEntryNTE] E:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe (DATEV eG)
O4 - HKLM..\Run: [HTC Sync Loader] E:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LManager] E:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SiPaHost] E:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG)
O4 - HKLM..\Run: [WinampAgent] E:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\lo54ytk54_ON_E..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - Startup: E:\Users\lo54ytk54\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: E:\Users\lo54ytk54\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Free YouTube Download - E:\Users\lo54ytk54\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - E:\Users\lo54ytk54\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - E:\Users\lo54ytk54\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - E:\Users\lo54ytk54\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.at ([]http is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.at ([]https is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datevnet.de ([*.services] http is out of zone range -  5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datevnet.de ([*.services] https is out of zone range -  5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O15 - HKU\lo54ytk54_ON_E\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15 - HKU\lo54ytk54_ON_E\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\lo54ytk54_ON_E Winlogon: Shell - (Explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1efb45d0-58e9-11df-8dea-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{1efb45d0-58e9-11df-8dea-001e3325abaf}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{264b020e-30ef-11e1-8393-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{264b020e-30ef-11e1-8393-001e3325abaf}\Shell\AutoRun\command - "" = D:\setup.exe /autorun
O33 - MountPoints2\{3ace34a0-a359-11e0-97d7-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{3ace34a0-a359-11e0-97d7-001e3325abaf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3ace34a3-a359-11e0-97d7-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{3ace34a3-a359-11e0-97d7-001e3325abaf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{98de5138-1340-11e0-bdca-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{98de5138-1340-11e0-bdca-001e3325abaf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{98de513a-1340-11e0-bdca-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{98de513a-1340-11e0-bdca-001e3325abaf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e7767470-169c-11e0-a37e-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{e7767470-169c-11e0-a37e-001e3325abaf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{fa5eafdc-5ab2-11df-8eff-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{fa5eafdc-5ab2-11df-8eff-001e3325abaf}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fa5eafdf-5ab2-11df-8eff-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{fa5eafdf-5ab2-11df-8eff-001e3325abaf}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/19 12:04:30 | 000,834,544 | ---- | C] (Duplex Secure Ltd.) -- E:\Windows\System32\drivers\sptd.sys
[2012/10/19 12:03:52 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\LSoft Technologies
[2012/10/19 12:03:52 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/10/19 12:00:50 | 127,231,689 | ---- | C] (Igor Pavlov) -- E:\Users\lo54ytk54\Desktop\OTLPENet.exe
[2012/10/18 13:05:17 | 000,000,000 | ---D | C] -- E:\Users\lo54ytk54\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2012/10/18 13:05:17 | 000,000,000 | ---D | C] -- E:\Users\lo54ytk54\AppData\Local\Apps
[2012/10/17 13:52:58 | 000,000,000 | ---D | C] -- E:\FRST
[2012/10/14 16:00:22 | 000,000,000 | ---D | C] -- E:\Users\lo54ytk54\AppData\Roaming\Malwarebytes
[2012/10/14 16:00:10 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/14 16:00:10 | 000,000,000 | ---D | C] -- E:\ProgramData\Malwarebytes
[2012/10/14 16:00:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbam.sys
[2012/10/14 16:00:08 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/14 15:36:49 | 000,000,000 | ---D | C] -- E:\Users\lo54ytk54\AppData\Local\MFAData
[2012/10/14 15:36:49 | 000,000,000 | ---D | C] -- E:\ProgramData\MFAData
[2012/10/14 15:36:49 | 000,000,000 | ---D | C] -- E:\Users\lo54ytk54\AppData\Local\Avg2013
[2012/10/06 08:28:30 | 000,000,000 | ---D | C] -- E:\Users\lo54ytk54\AppData\Roaming\Avira
[2012/10/06 08:23:01 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/10/06 08:22:52 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avipbb.sys
[2012/10/06 08:22:52 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avgntflt.sys
[2012/10/06 08:22:52 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avkmgr.sys
[2012/10/06 08:22:46 | 000,000,000 | ---D | C] -- E:\ProgramData\Avira
[2012/10/06 08:22:46 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Avira
[2012/10/05 09:43:25 | 000,000,000 | ---D | C] -- E:\ProgramData\nylpmmrsdmdeuhu
[2012/09/25 01:14:32 | 000,000,000 | ---D | C] -- E:\ProgramData\GFI Software
[2012/09/21 16:49:31 | 000,735,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2012/09/21 16:49:25 | 000,627,712 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeeds.dll
[2012/09/21 16:49:14 | 000,247,808 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2012/09/21 16:49:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieui.dll
[2012/09/21 16:49:11 | 000,097,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmled.dll
[2012/09/21 16:49:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmled.dll
[2012/09/21 16:49:01 | 000,134,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2012/09/21 16:48:59 | 000,132,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\url.dll
[2009/10/16 18:12:54 | 000,036,136 | ---- | C] (Oberon Media) -- E:\ProgramData\FullRemove.exe
[11 E:\ProgramData\*.tmp files -> E:\ProgramData\*.tmp -> ]
[11 E:\ProgramData\*.tmp files -> E:\ProgramData\*.tmp -> ]
[1 E:\Users\lo54ytk54\AppData\Roaming\*.tmp files -> E:\Users\lo54ytk54\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/19 15:21:04 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/10/19 15:20:58 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 15:20:58 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 15:15:48 | 000,000,554 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/19 13:40:04 | 000,000,558 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/19 12:03:52 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/10/19 12:00:52 | 127,231,689 | ---- | M] (Igor Pavlov) -- E:\Users\lo54ytk54\Desktop\OTLPENet.exe
[2012/10/18 13:05:18 | 000,002,546 | ---- | M] () -- E:\Users\lo54ytk54\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/10/16 14:11:11 | 000,763,972 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2012/10/16 14:11:11 | 000,707,880 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/10/16 14:11:11 | 000,176,696 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2012/10/16 14:11:11 | 000,143,184 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/10/16 13:48:22 | 000,132,597 | ---- | M] () -- E:\Users\lo54ytk54\Desktop\Flash_Disinfector.exe
[2012/10/15 16:21:01 | 000,294,747 | ---- | M] () -- E:\Users\lo54ytk54\Desktop\Malwarebytes.png
[2012/10/14 21:03:29 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/10/14 16:00:11 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/10 16:05:09 | 000,000,047 | ---- | M] () -- E:\Users\lo54ytk54\AppData\Roaming\msconfig.ini
[2012/10/07 11:00:30 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/07 11:00:30 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/06 08:23:01 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/10/05 09:43:25 | 000,076,351 | ---- | M] () -- E:\ProgramData\qcdidvjxdbwlbuk
[2012/10/01 11:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avipbb.sys
[2012/09/24 03:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avkmgr.sys
[11 E:\ProgramData\*.tmp files -> E:\ProgramData\*.tmp -> ]
[11 E:\ProgramData\*.tmp files -> E:\ProgramData\*.tmp -> ]
[1 E:\Users\lo54ytk54\AppData\Roaming\*.tmp files -> E:\Users\lo54ytk54\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/18 13:05:18 | 000,002,546 | ---- | C] () -- E:\Users\lo54ytk54\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/10/16 13:49:24 | 000,132,597 | ---- | C] () -- E:\Users\lo54ytk54\Desktop\Flash_Disinfector.exe
[2012/10/15 16:21:01 | 000,294,747 | ---- | C] () -- E:\Users\lo54ytk54\Desktop\Malwarebytes.png
[2012/10/05 09:43:21 | 000,076,351 | ---- | C] () -- E:\ProgramData\qcdidvjxdbwlbuk
[2012/08/24 09:30:38 | 000,000,047 | ---- | C] () -- E:\Users\lo54ytk54\AppData\Roaming\msconfig.ini
[2012/06/13 13:48:28 | 004,503,728 | ---- | C] () -- E:\ProgramData\c_0_lpt.pad
[2012/05/30 17:01:50 | 000,000,016 | ---- | C] () -- E:\Users\lo54ytk54\AppData\Roaming\blckdom.res
[2012/03/20 02:20:54 | 000,118,272 | ---- | C] () -- E:\Windows\SysWow64\PGVRMLSaver.dll
[2012/03/20 02:20:54 | 000,053,248 | ---- | C] () -- E:\Windows\SysWow64\zlib.dll
[2011/10/26 12:20:51 | 017,716,224 | ---- | C] () -- E:\Windows\SysWow64\libcef.dll
[2011/10/26 12:20:51 | 000,368,640 | ---- | C] () -- E:\Windows\SysWow64\ddad.dll
[2011/06/14 05:42:30 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/05/10 10:25:59 | 000,000,260 | ---- | C] () -- E:\Windows\wininit.ini
[2011/04/11 01:35:47 | 000,000,064 | ---- | C] () -- E:\Windows\SysWow64\rp_stats.dat
[2011/04/11 01:35:47 | 000,000,044 | ---- | C] () -- E:\Windows\SysWow64\rp_rules.dat
[2010/08/25 13:52:00 | 000,208,896 | ---- | C] () -- E:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 13:52:00 | 000,143,360 | ---- | C] () -- E:\Windows\SysWow64\iglhcp32.dll
[2010/07/24 14:05:22 | 000,000,162 | ---- | C] () -- E:\Windows\ODBC.INI
[2010/06/05 05:10:17 | 000,000,097 | ---- | C] () -- E:\Users\lo54ytk54\AppData\Local\fusioncache.dat
[2010/06/05 04:51:15 | 000,000,021 | ---- | C] () -- E:\Windows\DvInesKurusOleServer003.INI
[2010/06/05 04:50:17 | 000,000,113 | ---- | C] () -- E:\Windows\dvinesinstalllocation001.INI
[2010/06/05 04:50:10 | 000,000,113 | ---- | C] () -- E:\Windows\dvinesinstart001.INI
[2010/06/05 04:47:05 | 000,000,021 | ---- | C] () -- E:\Windows\Startup.INI
[2010/01/26 10:02:57 | 000,000,000 | ---- | C] () -- E:\Users\lo54ytk54\AppData\Roaming\wklnhst.dat
[2010/01/26 09:40:18 | 001,766,680 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/10 13:20:56 | 000,000,056 | -H-- | C] () -- E:\ProgramData\ezsidmv.dat
[2010/01/10 12:39:57 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat
[2009/11/17 12:52:46 | 000,001,018 | ---- | C] () -- E:\Windows\SysWow64\atipblup.dat
[2009/11/17 12:30:43 | 000,626,688 | ---- | C] () -- E:\Windows\Image.dll
[2009/11/17 12:30:43 | 000,200,704 | ---- | C] () -- E:\Windows\PLFSetI.exe
[2009/11/17 12:30:43 | 000,020,480 | ---- | C] () -- E:\Windows\USB_VIDEO_REG.exe
[2009/11/17 12:30:43 | 000,000,323 | ---- | C] () -- E:\Windows\PidList.ini
[2009/10/19 22:26:37 | 000,134,592 | ---- | C] () -- E:\Windows\SysWow64\igfcg500.bin
[2009/09/17 08:07:34 | 000,038,496 | ---- | C] () -- E:\Windows\SysWow64\JNILibrary.dll
[2009/09/17 08:07:26 | 000,112,224 | ---- | C] () -- E:\Windows\SysWow64\INetCert.dll
[2009/09/02 12:52:46 | 000,982,220 | ---- | C] () -- E:\Windows\SysWow64\igkrng500.bin
[2009/09/02 12:52:46 | 000,439,300 | ---- | C] () -- E:\Windows\SysWow64\igcompkrng500.bin
[2009/09/02 12:52:46 | 000,092,216 | ---- | C] () -- E:\Windows\SysWow64\igfcg500m.bin
[2009/07/23 10:49:06 | 000,782,336 | ---- | C] () -- E:\Windows\SysWow64\lxdndrs.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
[2009/05/14 04:46:42 | 000,081,920 | ---- | C] () -- E:\Windows\SysWow64\lxdncaps.dll
[2008/06/23 07:02:02 | 000,097,410 | R--- | C] () -- E:\ProgramData\DeviceManager.xml.rc4
[2008/05/23 11:48:50 | 000,020,270 | ---- | C] () -- E:\ProgramData\DeviceInstaller.xml
[2007/10/02 05:51:10 | 000,069,632 | ---- | C] () -- E:\Windows\SysWow64\lxdncnv4.dll
[1999/01/19 09:18:30 | 000,110,080 | ---- | C] () -- E:\Windows\SysWow64\LFPNG60N.DLL
[1999/01/19 09:18:30 | 000,046,080 | ---- | C] () -- E:\Windows\SysWow64\LFTIF60N.DLL
[1999/01/19 09:18:30 | 000,043,008 | ---- | C] () -- E:\Windows\SysWow64\LTFIL60N.DLL
[1999/01/19 09:18:30 | 000,020,480 | ---- | C] () -- E:\Windows\SysWow64\LFPSD60N.DLL
[1999/01/19 09:18:30 | 000,019,968 | ---- | C] () -- E:\Windows\SysWow64\LFTGA60N.DLL
[1999/01/19 09:18:30 | 000,019,456 | ---- | C] () -- E:\Windows\SysWow64\LFWPG60N.DLL
[1999/01/19 09:18:30 | 000,019,456 | ---- | C] () -- E:\Windows\SysWow64\LFWMF60N.DLL
[1999/01/19 09:18:28 | 000,176,128 | ---- | C] () -- E:\Windows\SysWow64\LFFAX60N.DLL
[1999/01/19 09:18:28 | 000,141,824 | ---- | C] () -- E:\Windows\SysWow64\LFCMP60N.DLL
[1999/01/19 09:18:28 | 000,023,552 | ---- | C] () -- E:\Windows\SysWow64\LFPCX60N.DLL
[1999/01/19 09:18:28 | 000,022,528 | ---- | C] () -- E:\Windows\SysWow64\LFPCT60N.DLL
[1999/01/19 09:18:28 | 000,022,528 | ---- | C] () -- E:\Windows\SysWow64\LFEPS60N.DLL
[1999/01/19 09:18:28 | 000,022,016 | ---- | C] () -- E:\Windows\SysWow64\LFBMP60N.DLL
[1999/01/19 09:18:28 | 000,018,432 | ---- | C] () -- E:\Windows\SysWow64\LFMSP60N.DLL
[1999/01/19 09:18:28 | 000,017,920 | ---- | C] () -- E:\Windows\SysWow64\LFMAC60N.DLL
[1995/02/14 18:11:00 | 000,017,920 | ---- | C] () -- E:\Windows\SysWow64\IMPLODE.DLL
 
========== LOP Check ==========
 
[2009/10/16 18:28:10 | 000,000,000 | ---D | M] -- E:\ProgramData\Acer
[2012/10/06 20:04:24 | 000,000,000 | ---D | M] -- E:\ProgramData\Ad-Aware Browsing Protection
[2009/11/17 15:35:39 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/01/04 13:42:27 | 000,000,000 | ---D | M] -- E:\ProgramData\backup
[2009/10/16 18:38:35 | 000,000,000 | ---D | M] -- E:\ProgramData\BackupManager
[2010/01/26 09:48:04 | 000,000,000 | ---D | M] -- E:\ProgramData\BVRP Software
[2012/07/14 17:55:36 | 000,000,000 | -H-D | M] -- E:\ProgramData\Common Files
[2011/12/29 10:28:57 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/11/17 15:35:39 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2010/08/23 10:48:23 | 000,000,000 | ---D | M] -- E:\ProgramData\EA Core
[2009/10/16 18:41:07 | 000,000,000 | ---D | M] -- E:\ProgramData\EgisTec
[2010/12/28 12:51:27 | 000,000,000 | ---D | M] -- E:\ProgramData\Electronic Arts
[2009/10/16 18:39:02 | 000,000,000 | ---D | M] -- E:\ProgramData\eSobi
[2012/01/04 13:42:21 | 000,000,000 | ---D | M] -- E:\ProgramData\explauncher
[2009/11/17 15:35:39 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2010/01/10 15:06:45 | 000,000,000 | ---D | M] -- E:\ProgramData\Friends Games
[2012/09/25 01:14:32 | 000,000,000 | ---D | M] -- E:\ProgramData\GFI Software
[2011/07/15 03:42:44 | 000,000,000 | ---D | M] -- E:\ProgramData\Gibraltar
[2010/10/11 09:52:22 | 000,000,000 | ---D | M] -- E:\ProgramData\ICQ
[2012/01/04 13:42:20 | 000,000,000 | ---D | M] -- E:\ProgramData\launcher
[2010/05/01 11:27:05 | 000,000,000 | ---D | M] -- E:\ProgramData\Lexmark 2600 Series
[2011/08/04 11:05:37 | 000,000,000 | ---D | M] -- E:\ProgramData\lx_cats
[2009/11/17 15:47:18 | 000,000,000 | ---D | M] -- E:\ProgramData\McQcModifier-5c47-a7b0
[2012/10/14 15:36:49 | 000,000,000 | ---D | M] -- E:\ProgramData\MFAData
[2012/10/06 07:46:05 | 000,000,000 | ---D | M] -- E:\ProgramData\nylpmmrsdmdeuhu
[2009/11/17 15:37:33 | 000,000,000 | ---D | M] -- E:\ProgramData\OEM
[2010/01/10 16:29:50 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner
[2010/03/04 14:49:40 | 000,000,000 | ---D | M] -- E:\ProgramData\PlayFirst
[2010/02/01 17:54:24 | 000,000,000 | ---D | M] -- E:\ProgramData\Sandlot Games
[2010/06/05 05:06:24 | 000,000,000 | ---D | M] -- E:\ProgramData\SkyCom
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2009/11/17 15:35:39 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2011/06/24 13:46:51 | 000,000,000 | ---D | M] -- E:\ProgramData\Swiss Academic Software
[2010/11/09 16:02:46 | 000,000,000 | ---D | M] -- E:\ProgramData\Sync App Settings
[2012/10/19 15:17:05 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/07/14 17:56:23 | 000,000,000 | ---D | M] -- E:\ProgramData\TuneUp Software
[2012/03/20 02:20:50 | 000,000,000 | ---D | M] -- E:\ProgramData\visTABLE
[2010/05/06 11:58:13 | 000,000,000 | ---D | M] -- E:\ProgramData\Vodafone
[2009/11/17 15:35:39 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2011/12/27 17:15:43 | 000,000,000 | -HSD | M] -- E:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012/07/14 17:55:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/07/31 15:51:50 | 000,032,626 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 2245 bytes -> E:\Users\lo54ytk54\Documents\Mail mit DAten.eml:OECustomProperty
@Alternate Data Stream - 153 bytes -> E:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 138 bytes -> E:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> E:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 128 bytes -> E:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 127 bytes -> E:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 122 bytes -> E:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 110 bytes -> E:\ProgramData\Temp:C31F31E6
< End of report >
         
EDIT: Habs hinbekommen!

Leider hat sich nur das OTL.txt geöffnet:

Code:
ATTFilter
OTL logfile created on: 10/19/2012 10:36:11 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.83 Mb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.40 Gb Free Space | 90.98% Space Free | Partition Type: FAT32
Drive E: | 453.66 Gb Total Space | 231.11 Gb Free Space | 50.94% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/10/02 18:24:36 | 000,786,976 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/17 12:20:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto] -- E:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- E:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/04/28 03:58:54 | 000,029,184 | ---- | M] () [Auto] -- E:\Windows\System32\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV:64bit: - [2007/11/28 09:51:42 | 001,039,872 | ---- | M] ( ) [Disabled] -- E:\Windows\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2012/09/25 05:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/09/25 04:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/09/07 11:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto] -- E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 11:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto] -- E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/29 07:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto] -- E:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/04/28 11:12:10 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/12/14 07:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto] -- E:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/10/22 11:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Disabled] -- E:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/09/16 09:06:22 | 000,080,896 | ---- | M] () [Auto] -- E:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/03 04:59:32 | 000,818,432 | ---- | M] (PC Tools) [Auto] -- E:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/11/09 09:03:24 | 001,576,960 | ---- | M] (DATEV eG) [Auto] -- E:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe -- (DVckService)
SRV - [2009/10/16 18:30:34 | 000,332,272 | ---- | M] (Google Inc.) [Disabled] -- E:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- E:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/09/17 08:06:28 | 000,239,200 | ---- | M] (DATEV eG) [Auto] -- E:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe -- (SCardService)
SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [Auto] -- E:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 20:43:00 | 000,146,016 | ---- | M] (DATEV eG) [On_Demand] -- E:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto] -- E:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/07/10 05:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/11/23 20:00:00 | 000,077,312 | ---- | M] (DATEV eG) [Auto] -- E:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2008/07/04 06:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto] -- E:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/10/19 12:04:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- E:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/10/01 11:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/09/24 03:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/09/13 09:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/09/07 11:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/12/29 10:29:31 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System] -- E:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/17 10:37:16 | 000,572,336 | ---- | M] (Paragon) [Kernel | System] -- E:\Windows\System32\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011/11/17 10:37:16 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System] -- E:\Windows\System32\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011/11/17 10:37:14 | 000,352,816 | ---- | M] (Paragon) [Kernel | System] -- E:\Windows\System32\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011/04/13 09:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/12 07:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/25 11:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/02/03 04:59:51 | 000,164,496 | ---- | M] (PC Tools) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pctplfw64.sys -- (pctplfw)
DRV:64bit: - [2010/02/03 04:59:50 | 000,095,504 | ---- | M] (PC Tools) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pctNdis-PacketFilter64.sys -- (PCTFW-PacketFilter)
DRV:64bit: - [2010/02/03 04:59:50 | 000,081,584 | ---- | M] (PC Tools) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pctNdis64.sys -- (pctNDIS)
DRV:64bit: - [2010/02/03 04:59:49 | 000,042,456 | ---- | M] (PC Tools) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pctNdis-DNS64.sys -- (PCTFW-DNS)
DRV:64bit: - [2010/02/03 04:59:48 | 000,306,648 | ---- | M] (PC Tools) [Kernel | System] -- E:\Windows\System32\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2009/12/07 14:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/11/01 14:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/15 00:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/09/02 12:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/22 17:24:58 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/07/27 03:04:38 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/20 03:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
DRV:64bit: - [2009/07/09 18:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- E:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/05/16 06:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008/05/16 06:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008/05/16 06:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/05/16 06:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008/05/16 06:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008/05/16 06:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008/05/16 06:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2012/05/08 09:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- E:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/12/27 13:58:13 | 000,028,632 | ---- | M] (Olof Lagerkvist) [Kernel | On_Demand] -- E:\Windows\SysWOW64\drivers\virtualdisk.sys -- (vrtldskdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1004&m=aspire_3810tz&r=273611092306l0321z125t4811v09s
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1004&m=aspire_3810tz&r=273611092306l0321z125t4811v09s
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\lo54ytk54_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1004&m=aspire_3810tz&r=273611092306l0321z125t4811v09s
IE - HKU\lo54ytk54_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\lo54ytk54_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\NetworkService_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_265.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: E:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@parallelgraphics.com/Cortona: E:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@veetle.com/vbp;version=0.9.17: E:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: E:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: E:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 15:11:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/24 11:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/23 08:24:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\lo54ytk54\AppData\Roaming\12011 [2012/05/31 16:14:25 | 000,000,000 | ---D | M]
 
[2010/01/10 12:43:29 | 000,000,000 | ---D | M] (No name found) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Extensions
[2010/01/10 12:39:57 | 000,000,000 | ---D | M] (No name found) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/06/19 15:11:27 | 000,000,000 | ---D | M] (No name found) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions
[2012/06/01 17:25:50 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012/09/25 00:46:43 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2010/06/14 06:09:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/01/30 05:47:03 | 000,000,000 | ---D | M] (CustomizeGoogle) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2011/05/07 04:09:51 | 000,000,000 | ---D | M] (Conduit Engine) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\engine@conduit.com
[2012/05/18 12:12:34 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\ich@maltegoetz.de
[2012/06/19 15:11:28 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2010/07/04 06:05:27 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\extensions\smartbookmarksbar@remy.juteau
[2012/05/27 07:40:51 | 000,000,950 | ---- | M] () -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\searchplugins\icqplugin-2.xml
[2010/06/21 10:35:24 | 000,001,042 | ---- | M] () -- E:\Users\lo54ytk54\AppData\Roaming\Mozilla\Firefox\Profiles\3kf3fn56.default\searchplugins\icqplugin.xml
[2011/12/27 17:40:13 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/10 13:14:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- E:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/05/05 03:23:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
[2010/11/15 18:38:38 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- E:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
() (No name found) -- E:\USERS\LO54YTK54\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3KF3FN56.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- E:\USERS\LO54YTK54\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3KF3FN56.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
[2012/04/28 11:12:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/06/01 08:22:18 | 000,874,008 | ---- | M] (ParallelGraphics) -- E:\Program Files (x86)\mozilla firefox\plugins\npCortona.dll
[2011/10/02 23:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 14:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/13 13:41:22 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/13 13:41:22 | 000,002,252 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/13 13:41:22 | 000,001,153 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/13 13:41:22 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/13 13:41:22 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/13 13:41:22 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - E:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - E:\DATEV\SYSTEM\DVCCSASCardBHO64002.dll (DATEV eG)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - E:\DATEV\SYSTEM\DVCCSASCardBHO002.dll (DATEV eG)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\lo54ytk54_ON_E\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] E:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] E:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] E:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] E:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] E:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [00PCTFW] E:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] E:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DATEV_SCardMan] E:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe (DATEV eG)
O4 - HKLM..\Run: [DVCCSAWTSSetEntryNTE] E:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe (DATEV eG)
O4 - HKLM..\Run: [HTC Sync Loader] E:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LManager] E:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SiPaHost] E:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG)
O4 - HKLM..\Run: [WinampAgent] E:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\lo54ytk54_ON_E..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - Startup: E:\Users\lo54ytk54\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: E:\Users\lo54ytk54\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Free YouTube Download - E:\Users\lo54ytk54\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - E:\Users\lo54ytk54\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - E:\Users\lo54ytk54\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - E:\Users\lo54ytk54\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.at ([]http is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.at ([]https is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datevnet.de ([*.services] http is out of zone range -  5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datevnet.de ([*.services] https is out of zone range -  5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15:64bit: - lo54ytk54_ON_E\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O15 - HKU\lo54ytk54_ON_E\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15 - HKU\lo54ytk54_ON_E\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\lo54ytk54_ON_E Winlogon: Shell - (Explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1efb45d0-58e9-11df-8dea-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{1efb45d0-58e9-11df-8dea-001e3325abaf}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{264b020e-30ef-11e1-8393-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{264b020e-30ef-11e1-8393-001e3325abaf}\Shell\AutoRun\command - "" = D:\setup.exe /autorun
O33 - MountPoints2\{3ace34a0-a359-11e0-97d7-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{3ace34a0-a359-11e0-97d7-001e3325abaf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3ace34a3-a359-11e0-97d7-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{3ace34a3-a359-11e0-97d7-001e3325abaf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{98de5138-1340-11e0-bdca-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{98de5138-1340-11e0-bdca-001e3325abaf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{98de513a-1340-11e0-bdca-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{98de513a-1340-11e0-bdca-001e3325abaf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e7767470-169c-11e0-a37e-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{e7767470-169c-11e0-a37e-001e3325abaf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{fa5eafdc-5ab2-11df-8eff-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{fa5eafdc-5ab2-11df-8eff-001e3325abaf}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fa5eafdf-5ab2-11df-8eff-001e3325abaf}\Shell - "" = AutoRun
O33 - MountPoints2\{fa5eafdf-5ab2-11df-8eff-001e3325abaf}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/19 12:04:30 | 000,834,544 | ---- | C] (Duplex Secure Ltd.) -- E:\Windows\System32\drivers\sptd.sys
[2012/10/19 12:03:52 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\LSoft Technologies
[2012/10/19 12:03:52 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/10/19 12:00:50 | 127,231,689 | ---- | C] (Igor Pavlov) -- E:\Users\lo54ytk54\Desktop\OTLPENet.exe
[2012/10/18 13:05:17 | 000,000,000 | ---D | C] -- E:\Users\lo54ytk54\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2012/10/18 13:05:17 | 000,000,000 | ---D | C] -- E:\Users\lo54ytk54\AppData\Local\Apps
[2012/10/17 13:52:58 | 000,000,000 | ---D | C] -- E:\FRST
[2012/10/14 16:00:22 | 000,000,000 | ---D | C] -- E:\Users\lo54ytk54\AppData\Roaming\Malwarebytes
[2012/10/14 16:00:10 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/14 16:00:10 | 000,000,000 | ---D | C] -- E:\ProgramData\Malwarebytes
[2012/10/14 16:00:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbam.sys
[2012/10/14 16:00:08 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/14 15:36:49 | 000,000,000 | ---D | C] -- E:\Users\lo54ytk54\AppData\Local\MFAData
[2012/10/14 15:36:49 | 000,000,000 | ---D | C] -- E:\ProgramData\MFAData
[2012/10/14 15:36:49 | 000,000,000 | ---D | C] -- E:\Users\lo54ytk54\AppData\Local\Avg2013
[2012/10/06 08:28:30 | 000,000,000 | ---D | C] -- E:\Users\lo54ytk54\AppData\Roaming\Avira
[2012/10/06 08:23:01 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/10/06 08:22:52 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avipbb.sys
[2012/10/06 08:22:52 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avgntflt.sys
[2012/10/06 08:22:52 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avkmgr.sys
[2012/10/06 08:22:46 | 000,000,000 | ---D | C] -- E:\ProgramData\Avira
[2012/10/06 08:22:46 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Avira
[2012/10/05 09:43:25 | 000,000,000 | ---D | C] -- E:\ProgramData\nylpmmrsdmdeuhu
[2012/09/25 01:14:32 | 000,000,000 | ---D | C] -- E:\ProgramData\GFI Software
[2012/09/21 16:49:31 | 000,735,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2012/09/21 16:49:25 | 000,627,712 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeeds.dll
[2012/09/21 16:49:14 | 000,247,808 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2012/09/21 16:49:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieui.dll
[2012/09/21 16:49:11 | 000,097,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmled.dll
[2012/09/21 16:49:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmled.dll
[2012/09/21 16:49:01 | 000,134,144 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2012/09/21 16:48:59 | 000,132,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\url.dll
[2009/10/16 18:12:54 | 000,036,136 | ---- | C] (Oberon Media) -- E:\ProgramData\FullRemove.exe
[11 E:\ProgramData\*.tmp files -> E:\ProgramData\*.tmp -> ]
[11 E:\ProgramData\*.tmp files -> E:\ProgramData\*.tmp -> ]
[1 E:\Users\lo54ytk54\AppData\Roaming\*.tmp files -> E:\Users\lo54ytk54\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/19 15:21:04 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/10/19 15:20:58 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 15:20:58 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 15:15:48 | 000,000,554 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/19 13:40:04 | 000,000,558 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/19 12:03:52 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/10/19 12:00:52 | 127,231,689 | ---- | M] (Igor Pavlov) -- E:\Users\lo54ytk54\Desktop\OTLPENet.exe
[2012/10/18 13:05:18 | 000,002,546 | ---- | M] () -- E:\Users\lo54ytk54\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/10/16 14:11:11 | 000,763,972 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2012/10/16 14:11:11 | 000,707,880 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/10/16 14:11:11 | 000,176,696 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2012/10/16 14:11:11 | 000,143,184 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/10/16 13:48:22 | 000,132,597 | ---- | M] () -- E:\Users\lo54ytk54\Desktop\Flash_Disinfector.exe
[2012/10/15 16:21:01 | 000,294,747 | ---- | M] () -- E:\Users\lo54ytk54\Desktop\Malwarebytes.png
[2012/10/14 21:03:29 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/10/14 16:00:11 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/10 16:05:09 | 000,000,047 | ---- | M] () -- E:\Users\lo54ytk54\AppData\Roaming\msconfig.ini
[2012/10/07 11:00:30 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/07 11:00:30 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/06 08:23:01 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/10/05 09:43:25 | 000,076,351 | ---- | M] () -- E:\ProgramData\qcdidvjxdbwlbuk
[2012/10/01 11:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avipbb.sys
[2012/09/24 03:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avkmgr.sys
[11 E:\ProgramData\*.tmp files -> E:\ProgramData\*.tmp -> ]
[11 E:\ProgramData\*.tmp files -> E:\ProgramData\*.tmp -> ]
[1 E:\Users\lo54ytk54\AppData\Roaming\*.tmp files -> E:\Users\lo54ytk54\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/18 13:05:18 | 000,002,546 | ---- | C] () -- E:\Users\lo54ytk54\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/10/16 13:49:24 | 000,132,597 | ---- | C] () -- E:\Users\lo54ytk54\Desktop\Flash_Disinfector.exe
[2012/10/15 16:21:01 | 000,294,747 | ---- | C] () -- E:\Users\lo54ytk54\Desktop\Malwarebytes.png
[2012/10/05 09:43:21 | 000,076,351 | ---- | C] () -- E:\ProgramData\qcdidvjxdbwlbuk
[2012/08/24 09:30:38 | 000,000,047 | ---- | C] () -- E:\Users\lo54ytk54\AppData\Roaming\msconfig.ini
[2012/06/13 13:48:28 | 004,503,728 | ---- | C] () -- E:\ProgramData\c_0_lpt.pad
[2012/05/30 17:01:50 | 000,000,016 | ---- | C] () -- E:\Users\lo54ytk54\AppData\Roaming\blckdom.res
[2012/03/20 02:20:54 | 000,118,272 | ---- | C] () -- E:\Windows\SysWow64\PGVRMLSaver.dll
[2012/03/20 02:20:54 | 000,053,248 | ---- | C] () -- E:\Windows\SysWow64\zlib.dll
[2011/10/26 12:20:51 | 017,716,224 | ---- | C] () -- E:\Windows\SysWow64\libcef.dll
[2011/10/26 12:20:51 | 000,368,640 | ---- | C] () -- E:\Windows\SysWow64\ddad.dll
[2011/06/14 05:42:30 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/05/10 10:25:59 | 000,000,260 | ---- | C] () -- E:\Windows\wininit.ini
[2011/04/11 01:35:47 | 000,000,064 | ---- | C] () -- E:\Windows\SysWow64\rp_stats.dat
[2011/04/11 01:35:47 | 000,000,044 | ---- | C] () -- E:\Windows\SysWow64\rp_rules.dat
[2010/08/25 13:52:00 | 000,208,896 | ---- | C] () -- E:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 13:52:00 | 000,143,360 | ---- | C] () -- E:\Windows\SysWow64\iglhcp32.dll
[2010/07/24 14:05:22 | 000,000,162 | ---- | C] () -- E:\Windows\ODBC.INI
[2010/06/05 05:10:17 | 000,000,097 | ---- | C] () -- E:\Users\lo54ytk54\AppData\Local\fusioncache.dat
[2010/06/05 04:51:15 | 000,000,021 | ---- | C] () -- E:\Windows\DvInesKurusOleServer003.INI
[2010/06/05 04:50:17 | 000,000,113 | ---- | C] () -- E:\Windows\dvinesinstalllocation001.INI
[2010/06/05 04:50:10 | 000,000,113 | ---- | C] () -- E:\Windows\dvinesinstart001.INI
[2010/06/05 04:47:05 | 000,000,021 | ---- | C] () -- E:\Windows\Startup.INI
[2010/01/26 10:02:57 | 000,000,000 | ---- | C] () -- E:\Users\lo54ytk54\AppData\Roaming\wklnhst.dat
[2010/01/26 09:40:18 | 001,766,680 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/10 13:20:56 | 000,000,056 | -H-- | C] () -- E:\ProgramData\ezsidmv.dat
[2010/01/10 12:39:57 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat
[2009/11/17 12:52:46 | 000,001,018 | ---- | C] () -- E:\Windows\SysWow64\atipblup.dat
[2009/11/17 12:30:43 | 000,626,688 | ---- | C] () -- E:\Windows\Image.dll
[2009/11/17 12:30:43 | 000,200,704 | ---- | C] () -- E:\Windows\PLFSetI.exe
[2009/11/17 12:30:43 | 000,020,480 | ---- | C] () -- E:\Windows\USB_VIDEO_REG.exe
[2009/11/17 12:30:43 | 000,000,323 | ---- | C] () -- E:\Windows\PidList.ini
[2009/10/19 22:26:37 | 000,134,592 | ---- | C] () -- E:\Windows\SysWow64\igfcg500.bin
[2009/09/17 08:07:34 | 000,038,496 | ---- | C] () -- E:\Windows\SysWow64\JNILibrary.dll
[2009/09/17 08:07:26 | 000,112,224 | ---- | C] () -- E:\Windows\SysWow64\INetCert.dll
[2009/09/02 12:52:46 | 000,982,220 | ---- | C] () -- E:\Windows\SysWow64\igkrng500.bin
[2009/09/02 12:52:46 | 000,439,300 | ---- | C] () -- E:\Windows\SysWow64\igcompkrng500.bin
[2009/09/02 12:52:46 | 000,092,216 | ---- | C] () -- E:\Windows\SysWow64\igfcg500m.bin
[2009/07/23 10:49:06 | 000,782,336 | ---- | C] () -- E:\Windows\SysWow64\lxdndrs.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
[2009/05/14 04:46:42 | 000,081,920 | ---- | C] () -- E:\Windows\SysWow64\lxdncaps.dll
[2008/06/23 07:02:02 | 000,097,410 | R--- | C] () -- E:\ProgramData\DeviceManager.xml.rc4
[2008/05/23 11:48:50 | 000,020,270 | ---- | C] () -- E:\ProgramData\DeviceInstaller.xml
[2007/10/02 05:51:10 | 000,069,632 | ---- | C] () -- E:\Windows\SysWow64\lxdncnv4.dll
[1999/01/19 09:18:30 | 000,110,080 | ---- | C] () -- E:\Windows\SysWow64\LFPNG60N.DLL
[1999/01/19 09:18:30 | 000,046,080 | ---- | C] () -- E:\Windows\SysWow64\LFTIF60N.DLL
[1999/01/19 09:18:30 | 000,043,008 | ---- | C] () -- E:\Windows\SysWow64\LTFIL60N.DLL
[1999/01/19 09:18:30 | 000,020,480 | ---- | C] () -- E:\Windows\SysWow64\LFPSD60N.DLL
[1999/01/19 09:18:30 | 000,019,968 | ---- | C] () -- E:\Windows\SysWow64\LFTGA60N.DLL
[1999/01/19 09:18:30 | 000,019,456 | ---- | C] () -- E:\Windows\SysWow64\LFWPG60N.DLL
[1999/01/19 09:18:30 | 000,019,456 | ---- | C] () -- E:\Windows\SysWow64\LFWMF60N.DLL
[1999/01/19 09:18:28 | 000,176,128 | ---- | C] () -- E:\Windows\SysWow64\LFFAX60N.DLL
[1999/01/19 09:18:28 | 000,141,824 | ---- | C] () -- E:\Windows\SysWow64\LFCMP60N.DLL
[1999/01/19 09:18:28 | 000,023,552 | ---- | C] () -- E:\Windows\SysWow64\LFPCX60N.DLL
[1999/01/19 09:18:28 | 000,022,528 | ---- | C] () -- E:\Windows\SysWow64\LFPCT60N.DLL
[1999/01/19 09:18:28 | 000,022,528 | ---- | C] () -- E:\Windows\SysWow64\LFEPS60N.DLL
[1999/01/19 09:18:28 | 000,022,016 | ---- | C] () -- E:\Windows\SysWow64\LFBMP60N.DLL
[1999/01/19 09:18:28 | 000,018,432 | ---- | C] () -- E:\Windows\SysWow64\LFMSP60N.DLL
[1999/01/19 09:18:28 | 000,017,920 | ---- | C] () -- E:\Windows\SysWow64\LFMAC60N.DLL
[1995/02/14 18:11:00 | 000,017,920 | ---- | C] () -- E:\Windows\SysWow64\IMPLODE.DLL
 
========== LOP Check ==========
 
[2009/10/16 18:28:10 | 000,000,000 | ---D | M] -- E:\ProgramData\Acer
[2012/10/06 20:04:24 | 000,000,000 | ---D | M] -- E:\ProgramData\Ad-Aware Browsing Protection
[2009/11/17 15:35:39 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/01/04 13:42:27 | 000,000,000 | ---D | M] -- E:\ProgramData\backup
[2009/10/16 18:38:35 | 000,000,000 | ---D | M] -- E:\ProgramData\BackupManager
[2010/01/26 09:48:04 | 000,000,000 | ---D | M] -- E:\ProgramData\BVRP Software
[2012/07/14 17:55:36 | 000,000,000 | -H-D | M] -- E:\ProgramData\Common Files
[2011/12/29 10:28:57 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/11/17 15:35:39 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2010/08/23 10:48:23 | 000,000,000 | ---D | M] -- E:\ProgramData\EA Core
[2009/10/16 18:41:07 | 000,000,000 | ---D | M] -- E:\ProgramData\EgisTec
[2010/12/28 12:51:27 | 000,000,000 | ---D | M] -- E:\ProgramData\Electronic Arts
[2009/10/16 18:39:02 | 000,000,000 | ---D | M] -- E:\ProgramData\eSobi
[2012/01/04 13:42:21 | 000,000,000 | ---D | M] -- E:\ProgramData\explauncher
[2009/11/17 15:35:39 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2010/01/10 15:06:45 | 000,000,000 | ---D | M] -- E:\ProgramData\Friends Games
[2012/09/25 01:14:32 | 000,000,000 | ---D | M] -- E:\ProgramData\GFI Software
[2011/07/15 03:42:44 | 000,000,000 | ---D | M] -- E:\ProgramData\Gibraltar
[2010/10/11 09:52:22 | 000,000,000 | ---D | M] -- E:\ProgramData\ICQ
[2012/01/04 13:42:20 | 000,000,000 | ---D | M] -- E:\ProgramData\launcher
[2010/05/01 11:27:05 | 000,000,000 | ---D | M] -- E:\ProgramData\Lexmark 2600 Series
[2011/08/04 11:05:37 | 000,000,000 | ---D | M] -- E:\ProgramData\lx_cats
[2009/11/17 15:47:18 | 000,000,000 | ---D | M] -- E:\ProgramData\McQcModifier-5c47-a7b0
[2012/10/14 15:36:49 | 000,000,000 | ---D | M] -- E:\ProgramData\MFAData
[2012/10/06 07:46:05 | 000,000,000 | ---D | M] -- E:\ProgramData\nylpmmrsdmdeuhu
[2009/11/17 15:37:33 | 000,000,000 | ---D | M] -- E:\ProgramData\OEM
[2010/01/10 16:29:50 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner
[2010/03/04 14:49:40 | 000,000,000 | ---D | M] -- E:\ProgramData\PlayFirst
[2010/02/01 17:54:24 | 000,000,000 | ---D | M] -- E:\ProgramData\Sandlot Games
[2010/06/05 05:06:24 | 000,000,000 | ---D | M] -- E:\ProgramData\SkyCom
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2009/11/17 15:35:39 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2011/06/24 13:46:51 | 000,000,000 | ---D | M] -- E:\ProgramData\Swiss Academic Software
[2010/11/09 16:02:46 | 000,000,000 | ---D | M] -- E:\ProgramData\Sync App Settings
[2012/10/19 15:17:05 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/07/14 17:56:23 | 000,000,000 | ---D | M] -- E:\ProgramData\TuneUp Software
[2012/03/20 02:20:50 | 000,000,000 | ---D | M] -- E:\ProgramData\visTABLE
[2010/05/06 11:58:13 | 000,000,000 | ---D | M] -- E:\ProgramData\Vodafone
[2009/11/17 15:35:39 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2011/12/27 17:15:43 | 000,000,000 | -HSD | M] -- E:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012/07/14 17:55:36 | 000,000,000 | -HSD | M] -- E:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/07/31 15:51:50 | 000,032,626 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 2245 bytes -> E:\Users\lo54ytk54\Documents\Mail mit DAten.eml:OECustomProperty
@Alternate Data Stream - 153 bytes -> E:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 138 bytes -> E:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> E:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 128 bytes -> E:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 127 bytes -> E:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 122 bytes -> E:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 110 bytes -> E:\ProgramData\Temp:C31F31E6
< End of report >
         

Alt 22.10.2012, 06:40   #12
Psychotic
/// Malwareteam
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



Machst du von dem Rechner aus online-Banking, Webeinkäufe oder ähnliches?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 22.10.2012, 08:49   #13
tabularasa
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



Sowohl als auch

Alt 22.10.2012, 09:18   #14
Psychotic
/// Malwareteam
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



Du hast seit längerem einen Trojaner am System, der Daten über finanzielle Transaktionen stiehlt.

Ändere umgehend, von einem anderen Rechner aus, alle relevanten Passwörter für solche Dienste!

Ziehe außerdem eine Neuinstallation in Betracht - falls du dich dennoch für eine Bereinigung interessierst, gib mir Bescheid!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 22.10.2012, 10:18   #15
tabularasa
 
BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Standard

BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich



Oha, das sind keine guten Nachrichten.

Sofern du eine Bereinigung nich als völlig abwegig und unmöglich erachtest würde ich mich für diese entscheiden und mich über deine Hilfe freuen!

Antwort

Themen zu BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich
abgesicherten, dns-server, entfernen, entfernung, fehlermeldung, folge, gen, hallo zusammen, hijack, hijackthis, internet, kein internet, kopieren, laptop, logdatei, malwarebytes, modus, nicht mehr, problem, schnell, startet, systemwiederherstellung, unbekannter, windows, zugriff



Ähnliche Themen: BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich


  1. Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.
    Plagegeister aller Art und deren Bekämpfung - 30.06.2015 (16)
  2. GVU Virus - Bundesamt für Sicherheit und Informationstechnik - kein abgesicherter Modus möglich FRST.txt vorhanden
    Log-Analyse und Auswertung - 02.04.2015 (25)
  3. GVU Trojaner kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 08.11.2014 (3)
  4. nach fast fertiger xp reperaturinstallation kein abgesicherter modus und keine windows anmeldung möglich
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (0)
  5. BKA Trojaner - kein Abgesicherter Modus - kein Internet
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (13)
  6. Shell wird immer zurückgesetzt, kein Login, kein Abgesicherter Modus | Virus OTL Log
    Log-Analyse und Auswertung - 29.12.2012 (0)
  7. kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 08.08.2012 (9)
  8. GEMA - Virus - kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  9. Verschlüsselungstrojaner - Kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (1)
  10. Lösegeldtrojaner - Kein abgesicherter Modus Möglich
    Plagegeister aller Art und deren Bekämpfung - 18.05.2012 (5)
  11. BUNDESTROJANER kein Abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (3)
  12. GEMA Trojaner/Virus, abgesicherter Modus nicht möglich, kein CD-LW
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (5)
  13. "Es besteht noch keine Internetverbindung" -nichts mehr möglich +kein Abgesicherter Modus
    Log-Analyse und Auswertung - 23.01.2012 (9)
  14. BKA Virus - kein abgesicherter Modus möglich - Windows XP
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (4)
  15. Kein Antiviren-Programm und auch kein abgesicherter Modus mehr möglich
    Log-Analyse und Auswertung - 12.02.2007 (1)
  16. kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 01.11.2004 (1)
  17. HILFE! Kein abgesicherter Modus/kein Internet???!!!
    Plagegeister aller Art und deren Bekämpfung - 07.10.2004 (8)

Zum Thema BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich - Hallo zusammen, ich bin auf Eure Hilfe angewiesen: Vor ca. 1 Woche hatte ich auf meinem Laptop den BKA-Virus. Diesen konnte ich über den abgesicherten Modus und HijackThis entfernen (dachte - BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich...
Archiv
Du betrachtest: BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.