Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Schwarzer Desktop / GVU-Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.11.2013, 09:44   #1
glizi
 
Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



Hallo,
ich habe hier einen PC der Opfer des GVU-Trojaners geworden ist. Ich konnte den eigentlichen Trojaner mit Hilfe des Forums und der HirenBoot CD schon entfernen. Beim Starten des PCs habe ich jetzt jedoch immer einen schwarzen Anmeldebildschirm. Der GVU Trojaner taucht nicht mehr auf. Der Zugriff auf den Desktop ist nicht möglich. Dies gilt ebenfalls für den Abgesicherten Modus. Das Programm Farbar's Recovery Scan Tool und OTLpe habe ich schon laufen lassen (Logs siehe unten).

Es handelt sich übrigens um Windows 7 x64.

Ich bitte um eure Hilfe. Vielen Dank vorab.

FRST.txt
Code:
ATTFilter
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by SYSTEM on MININT-IQADGNP on 16-11-2013 05:27:49
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [OrderReminder] - C:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2004-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [195072 2009-06-19] (ArcSoft Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()

==================== Services (Whitelisted) =================

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
S2 AdobeActiveFileMonitor; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-12] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S2 PhotoshopElementsDeviceConnect; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-12] ()
S2 bgsvcgen; "C:\Windows\SysWOW64\bgsvcgen.exe" [x]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc [x]
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc [x]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [x]
S2 NMSAccessU; C:\Program Files (x86)\Common Files\NMSAccessU.exe [x]
S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x]
S3 ServiceLayer; "C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe" [x]

==================== Drivers (Whitelisted) ====================

S2 ASPI32; No ImagePath
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
S1 cdrbsdrv; No ImagePath
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [x]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [x]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\Afc.sys 6CCD1135320109D6B219F1A6E04AD9F6
C:\Windows\system32\drivers\afd.sys 314C17917AC8523EC77A710215012A65
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atipmdag.sys D3E6B2E1394D93FE9DB0BA24814B0D8F
C:\Windows\System32\DRIVERS\atikmpag.sys CC4D915D786D3DA973B2EA9B95D59A29
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AtiPcie.sys C07A040D6B5A42DD41EE386CF90974C8
C:\Windows\System32\DRIVERS\avgntflt.sys 0D5C96FD25D6455D97A5C4D7706DFAB1
C:\Windows\System32\DRIVERS\avipbb.sys E26B3C8E9C3DDE047B32C5719955D715
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 2D659B569A76CDB83B815675A80D7096
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 0975BF32399A24117E317B5BF1D5D0AA
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 235362D403D9D677514649D88DB31914
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60a.sys 37E053A2CF8F0082B689ED74106E0CEC
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys 6FFECC25B39DC7652A0CEC0ADA9DB589
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 0BEFE32CA56D6EE89D58175725596A85
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys D43BC633B8660463E446E28E14A51262
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\system32\drivers\NTIDrvr.sys EE3BA1024594D5D09E314F206B94069E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\pccsmcfdx64.sys BC0018C2D29F655188A0ED3FA94FDB24
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 763AE0C6D9DF4C24B7E2C26036A8188A
C:\Windows\System32\drivers\RtHDMIVX.sys D6D381B76056C668679723938F06F16C
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\system32\drivers\UBHelper.sys A17D5E1A6DF4EAB0A480F2C490DE4C9D
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\system32\drivers\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\drivers\usbser.sys 4ACEE387FA8FD39F83564FCD2FC234F2
C:\Windows\system32\drivers\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\WinUSB.SYS FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-16 06:21 - 2013-11-16 06:21 - 00000049 _____ C:\Users\Fiete\AppData\Roaming\.directory
2013-11-16 05:49 - 2013-11-16 05:49 - 00000000 _____ C:\Recovery.txt
2013-11-16 04:06 - 2013-11-16 04:06 - 00000000 ____D C:\_OTL
2013-11-16 03:50 - 2013-11-16 05:13 - 00025632 _____ C:\Extras.Txt
2013-11-16 03:50 - 2013-11-16 05:12 - 00125638 _____ C:\OTL.Txt
2013-11-15 23:39 - 2013-11-15 23:39 - 00000000 ____D C:\FRST
2013-11-15 20:25 - 2013-11-15 20:25 - 00000051 _____ C:\.directory
2013-11-15 19:41 - 2013-11-15 19:41 - 00000050 _____ C:\Users\Fiete\AppData\Local\.directory
2013-11-14 20:09 - 2013-11-14 20:09 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-11-11 09:46 - 2013-11-11 09:46 - 103681534 _____ C:\Windows\SysWOW64\꒗掬Ḭ”
2013-11-08 21:09 - 2013-11-08 21:09 - 00000000 ____D C:\Users\Fiete\AppData\Local\{12629308-C230-436E-B1AC-2ED7B83D2025}
2013-11-04 21:15 - 2013-11-04 21:15 - 00000000 ____D C:\Users\Fiete\AppData\Local\{945B236A-598C-447D-BE18-E76B57135686}
2013-11-02 21:04 - 2013-11-02 21:04 - 00000000 ____D C:\Users\Fiete\AppData\Local\{2BBEB3B0-30C9-4503-AE4A-97C36428B0D6}
2013-11-01 21:33 - 2013-11-01 21:33 - 00000000 ____D C:\Users\Fiete\AppData\Local\{BE2E8CC1-F74A-4D09-BB9C-212AD942AF29}
2013-10-27 21:50 - 2013-11-03 18:31 - 00000000 ____D C:\Program Files (x86)\OnlineFotoservice
2013-10-27 20:57 - 2013-10-27 20:58 - 00000000 ____D C:\Users\Fiete\AppData\Local\{2852E9FC-3C43-430C-8906-860A91EC74EB}
2013-10-24 21:54 - 2013-10-24 21:54 - 00000000 ____D C:\Users\Fiete\AppData\Local\{D3AE76BD-6339-4001-9AE3-4077E6337142}
2013-10-23 20:16 - 2013-10-23 20:16 - 00000000 ____D C:\Users\Fiete\AppData\Local\{E90F1997-0069-4B64-BF08-AF3C3B6EF5CB}
2013-10-22 19:32 - 2013-10-22 19:32 - 00000000 ____D C:\Users\Fiete\AppData\Local\{92CEE15E-1D3F-44C8-8747-696A84F44974}
2013-10-21 20:24 - 2013-10-21 20:24 - 00000000 ____D C:\Users\Fiete\Documents\Nero
2013-10-19 21:01 - 2013-10-19 21:01 - 00000000 ____D C:\Users\Fiete\AppData\Local\{441CF273-D3F2-4224-8395-501463FFB2D9}
2013-10-18 23:10 - 2013-10-18 23:10 - 00000000 ____D C:\Users\Fiete\AppData\Local\{89ACA6CD-B3CE-4A5B-A0A2-C2DAB8282608}
2013-10-17 21:20 - 2013-10-17 21:21 - 00000000 ____D C:\Users\Fiete\AppData\Local\{765E9206-B200-4D1D-B330-E99AFC9AE151}

==================== One Month Modified Files and Folders =======

2013-11-16 06:21 - 2013-11-16 06:21 - 00000049 _____ C:\Users\Fiete\AppData\Roaming\.directory
2013-11-16 05:49 - 2013-11-16 05:49 - 00000000 _____ C:\Recovery.txt
2013-11-16 05:49 - 2010-12-11 21:15 - 00000000 __SHD C:\Recovery
2013-11-16 05:13 - 2013-11-16 03:50 - 00025632 _____ C:\Extras.Txt
2013-11-16 05:12 - 2013-11-16 03:50 - 00125638 _____ C:\OTL.Txt
2013-11-16 04:06 - 2013-11-16 04:06 - 00000000 ____D C:\_OTL
2013-11-16 03:43 - 2010-12-11 21:16 - 00000000 ____D C:\users\Fiete
2013-11-15 23:52 - 2009-07-14 03:34 - 30932992 _____ C:\Windows\System32\config\system.bak
2013-11-15 23:40 - 2009-07-14 03:34 - 81002496 _____ C:\Windows\System32\config\software.bak
2013-11-15 23:39 - 2013-11-15 23:39 - 00000000 ____D C:\FRST
2013-11-15 23:39 - 2009-07-14 05:45 - 00377608 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-15 20:25 - 2013-11-15 20:25 - 00000051 _____ C:\.directory
2013-11-15 19:58 - 2011-10-20 20:33 - 00000000 ____D C:\ProgramData\tmp
2013-11-15 19:41 - 2013-11-15 19:41 - 00000050 _____ C:\Users\Fiete\AppData\Local\.directory
2013-11-14 20:09 - 2013-11-14 20:09 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-11-14 20:09 - 2013-09-26 22:57 - 00006104 _____ C:\Windows\setupact.log
2013-11-14 20:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-13 01:39 - 2010-09-07 08:01 - 01142879 _____ C:\Windows\WindowsUpdate.log
2013-11-13 01:10 - 2012-04-08 09:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-12 21:51 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 21:51 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 18:30 - 2010-09-07 17:52 - 00657666 _____ C:\Windows\System32\perfh007.dat
2013-11-12 18:30 - 2010-09-07 17:52 - 00131024 _____ C:\Windows\System32\perfc007.dat
2013-11-12 18:30 - 2009-07-14 06:13 - 01507104 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-11 10:23 - 2010-12-20 19:04 - 00000047 _____ C:\Windows\Ulead32.INI
2013-11-11 09:46 - 2013-11-11 09:46 - 103681534 _____ C:\Windows\SysWOW64\꒗掬Ḭ”
2013-11-09 21:04 - 2012-05-06 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-08 21:09 - 2013-11-08 21:09 - 00000000 ____D C:\Users\Fiete\AppData\Local\{12629308-C230-436E-B1AC-2ED7B83D2025}
2013-11-08 19:13 - 2013-02-07 00:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-04 21:15 - 2013-11-04 21:15 - 00000000 ____D C:\Users\Fiete\AppData\Local\{945B236A-598C-447D-BE18-E76B57135686}
2013-11-03 18:48 - 2011-05-07 17:34 - 00000000 ____D C:\Users\Fiete\Documents\Steuerfälle
2013-11-03 18:46 - 2011-02-05 11:47 - 00000000 ____D C:\Users\Fiete\AppData\Local\MediaMonkey
2013-11-03 18:45 - 2010-07-14 11:35 - 00000000 ____D C:\Program Files (x86)\NTI
2013-11-03 18:45 - 2010-07-14 11:34 - 00001024 ___RH C:\Users\Public\Documents\NTIMMV9Acer.dll
2013-11-03 18:45 - 2010-07-14 11:34 - 00001024 ___RH C:\ProgramData\Documents\NTIMMV9Acer.dll
2013-11-03 18:31 - 2013-10-27 21:50 - 00000000 ____D C:\Program Files (x86)\OnlineFotoservice
2013-11-02 22:28 - 2012-02-27 00:43 - 00000000 ____D C:\Users\Fiete\Documents\Ahnenblatt
2013-11-02 22:02 - 2012-02-27 00:43 - 00000000 ____D C:\Users\Fiete\AppData\Roaming\Ahnenblatt
2013-11-02 21:04 - 2013-11-02 21:04 - 00000000 ____D C:\Users\Fiete\AppData\Local\{2BBEB3B0-30C9-4503-AE4A-97C36428B0D6}
2013-11-01 21:33 - 2013-11-01 21:33 - 00000000 ____D C:\Users\Fiete\AppData\Local\{BE2E8CC1-F74A-4D09-BB9C-212AD942AF29}
2013-10-31 00:28 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-29 22:42 - 2011-11-01 20:35 - 00001134 _____ C:\Users\Public\Desktop\dm-Fotowelt.lnk
2013-10-29 22:42 - 2011-11-01 20:35 - 00001134 _____ C:\ProgramData\Desktop\dm-Fotowelt.lnk
2013-10-27 21:55 - 2011-10-20 20:23 - 00000000 ____D C:\Program Files (x86)\CEWE COLOR
2013-10-27 20:58 - 2013-10-27 20:57 - 00000000 ____D C:\Users\Fiete\AppData\Local\{2852E9FC-3C43-430C-8906-860A91EC74EB}
2013-10-24 21:54 - 2013-10-24 21:54 - 00000000 ____D C:\Users\Fiete\AppData\Local\{D3AE76BD-6339-4001-9AE3-4077E6337142}
2013-10-23 20:16 - 2013-10-23 20:16 - 00000000 ____D C:\Users\Fiete\AppData\Local\{E90F1997-0069-4B64-BF08-AF3C3B6EF5CB}
2013-10-23 20:05 - 2009-07-14 03:34 - 00000675 _____ C:\Windows\win.ini
2013-10-22 19:32 - 2013-10-22 19:32 - 00000000 ____D C:\Users\Fiete\AppData\Local\{92CEE15E-1D3F-44C8-8747-696A84F44974}
2013-10-21 20:24 - 2013-10-21 20:24 - 00000000 ____D C:\Users\Fiete\Documents\Nero
2013-10-19 21:01 - 2013-10-19 21:01 - 00000000 ____D C:\Users\Fiete\AppData\Local\{441CF273-D3F2-4224-8395-501463FFB2D9}
2013-10-18 23:10 - 2013-10-18 23:10 - 00000000 ____D C:\Users\Fiete\AppData\Local\{89ACA6CD-B3CE-4A5B-A0A2-C2DAB8282608}
2013-10-17 21:21 - 2013-10-17 21:20 - 00000000 ____D C:\Users\Fiete\AppData\Local\{765E9206-B200-4D1D-B330-E99AFC9AE151}

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {8b6961fc-ba9e-11df-af15-803865a88766}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {8b6961fe-ba9e-11df-af15-803865a88766}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {8b6961fc-ba9e-11df-af15-803865a88766}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {8b6961fe-ba9e-11df-af15-803865a88766}
device                  ramdisk=[C:]\Recovery\8b6961fe-ba9e-11df-af15-803865a88766\Winre.wim,{8b6961ff-ba9e-11df-af15-803865a88766}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\8b6961fe-ba9e-11df-af15-803865a88766\Winre.wim,{8b6961ff-ba9e-11df-af15-803865a88766}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {8b6961fc-ba9e-11df-af15-803865a88766}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {8b6961ff-ba9e-11df-af15-803865a88766}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8b6961fe-ba9e-11df-af15-803865a88766\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3834.9 MB
Available physical RAM: 3226.84 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3213.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:28.14 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:2.36 GB) NTFS
Drive f: (GRMCHPXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
Drive g: (BSIX) (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: DE857073)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 961 MB) (Disk ID: 0023BC70)
Partition 1: (Active) - (Size=961 MB) - (Type=06)


LastRegBack: 2011-06-14 08:46

==================== End Of Log ============================
         
OTL.txt
Code:
ATTFilter
OTL logfile created on: 11/15/2013 11:08:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.83 Mb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 960.72 Mb Total Space | 956.39 Mb Free Space | 99.55% Space Free | Partition Type: FAT
Drive F: | 283.99 Gb Total Space | 28.85 Gb Free Space | 10.16% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/11 07:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto] -- F:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/04/20 18:34:40 | 000,202,752 | ---- | M] (AMD) [Auto] -- F:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto] -- F:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/11/08 13:13:28 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand] -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/09 12:10:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 13:41:47 | 000,622,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013/08/20 03:20:44 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/08/20 03:20:13 | 000,815,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/08/20 03:20:01 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- F:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/29 08:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto] -- F:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011/03/21 07:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand] -- F:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/07/14 05:34:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- F:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/28 08:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- F:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto] -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand] -- F:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto] -- F:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/08/27 10:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- F:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/06 10:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto] -- F:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/24 09:35:44 | 000,128,296 | ---- | M] () [Auto] -- F:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/08/07 04:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- F:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004/10/11 22:47:06 | 000,098,304 | ---- | M] () [Auto] -- F:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/11 21:40:38 | 000,118,784 | ---- | M] () [Auto] -- F:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/09/05 13:41:48 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- F:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/08/20 03:20:52 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- F:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/08/08 11:42:22 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- F:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/03/08 11:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/01/10 05:12:26 | 000,222,464 | ---- | M] (Dexetek ) [Kernel | On_Demand] -- F:\Windows\System32\drivers\DxVGrb.sys -- (DxVGrb)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/06/17 04:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/06/03 14:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/05/14 16:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/04/20 20:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/20 17:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/26 22:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/08/23 04:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- F:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- F:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- F:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- F:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Fiete_ON_F\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de/
IE - HKU\Fiete_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5552&r=273612100715l0424z145v4742108q
IE - HKU\Fiete_ON_F\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Fiete_ON_F\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Fiete_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfus205
IE - HKU\Fiete_ON_F\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - Reg Error: Key error. File not found
IE - HKU\Fiete_ON_F\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - Reg Error: Key error. File not found
IE - HKU\Fiete_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - F:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\Fiete_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - F:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\NetworkService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - F:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\NetworkService_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.fbdownloader.com/search.php?channel=sfde205&q="
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.fbdownloader.com/?channel=sfde205"
FF - prefs.js..keyword.URL: "hxxp://search.fbdownloader.com/search.php?channel=sfde205&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: F:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/22 09:07:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 08:27:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
 
[2011/01/14 05:21:58 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Fiete\AppData\Roaming\Mozilla\Extensions
[2011/01/14 05:21:58 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Fiete\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/10/14 14:30:36 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\extensions
[2013/09/22 14:42:43 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- F:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2013/09/22 14:42:41 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- F:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012/01/09 12:31:25 | 000,000,000 | ---D | M] (Babylon) -- F:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\extensions\ffxtlbr@babylon.com
[2013/02/08 15:36:50 | 000,000,000 | ---D | M] (Delta Toolbar) -- F:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\extensions\ffxtlbr@delta.com
[2011/02/08 03:49:04 | 000,000,915 | ---- | M] () -- F:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\searchplugins\conduit.xml
[2013/02/08 15:36:51 | 000,001,294 | ---- | M] () -- F:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\searchplugins\delta.xml
[2013/02/08 18:28:36 | 000,006,874 | ---- | M] () -- F:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\searchplugins\fbdownloader_search.xml
[2013/02/20 03:04:16 | 000,002,384 | ---- | M] () -- F:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\searchplugins\search.xml
[2013/05/22 15:15:51 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/07/02 02:42:53 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/08 13:13:31 | 000,000,000 | ---D | M] (Default) -- F:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/02 02:42:46 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/07/02 02:42:46 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- F:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) -- 
() (No name found) -- F:\USERS\FIETE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NM34ZS2N.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2013/09/03 08:53:52 | 000,187,248 | ---- | M] (Adobe Systems Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2013/02/08 15:36:43 | 000,006,484 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - F:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - F:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - F:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - F:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Fiete_ON_F\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Fiete_ON_F\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\Fiete_ON_F\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O3 - HKU\Fiete_ON_F\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] F:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] F:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] F:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] F:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] F:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] F:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] F:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] F:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBAgent] F:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [OrderReminder] F:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [QuickTime Task] F:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] F:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] F:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\Fiete_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - F:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - F:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - F:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - F:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - F:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - F:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - F:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - F:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - F:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - F:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - F:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - F:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - F:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - F:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - F:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - F:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - F:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - F:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - F:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - F:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - F:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - F:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - F:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - F:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - F:\Windows\System32\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - F:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - F:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - F:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - F:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - F:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - F:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - F:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - F:\Windows\System32\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - F:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - F:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - F:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - F:\Windows\System32\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - F:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - F:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - F:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - F:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - F:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - F:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - F:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6b2995c5-0baa-11e0-906b-88ae1d813a19}\Shell - "" = AutoRun
O33 - MountPoints2\{6b2995c5-0baa-11e0-906b-88ae1d813a19}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{81188436-c83b-11e0-9f35-88ae1d813a19}\Shell - "" = AutoRun
O33 - MountPoints2\{81188436-c83b-11e0-9f35-88ae1d813a19}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/15 22:06:03 | 000,000,000 | ---D | C] -- F:\_OTL
[2013/11/08 15:09:36 | 000,000,000 | ---D | C] -- F:\Users\Fiete\AppData\Local\{12629308-C230-436E-B1AC-2ED7B83D2025}
[2013/11/04 15:15:29 | 000,000,000 | ---D | C] -- F:\Users\Fiete\AppData\Local\{945B236A-598C-447D-BE18-E76B57135686}
[2013/11/02 15:04:27 | 000,000,000 | ---D | C] -- F:\Users\Fiete\AppData\Local\{2BBEB3B0-30C9-4503-AE4A-97C36428B0D6}
[2013/11/01 15:33:21 | 000,000,000 | ---D | C] -- F:\Users\Fiete\AppData\Local\{BE2E8CC1-F74A-4D09-BB9C-212AD942AF29}
[2013/10/27 15:50:23 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\OnlineFotoservice
[2013/10/27 14:57:54 | 000,000,000 | ---D | C] -- F:\Users\Fiete\AppData\Local\{2852E9FC-3C43-430C-8906-860A91EC74EB}
[2013/10/24 15:54:27 | 000,000,000 | ---D | C] -- F:\Users\Fiete\AppData\Local\{D3AE76BD-6339-4001-9AE3-4077E6337142}
[2013/10/23 14:16:38 | 000,000,000 | ---D | C] -- F:\Users\Fiete\AppData\Local\{E90F1997-0069-4B64-BF08-AF3C3B6EF5CB}
[2013/10/22 13:32:08 | 000,000,000 | ---D | C] -- F:\Users\Fiete\AppData\Local\{92CEE15E-1D3F-44C8-8747-696A84F44974}
[2013/10/21 14:24:58 | 000,000,000 | ---D | C] -- F:\Users\Fiete\Documents\Nero
[2013/10/19 15:01:21 | 000,000,000 | ---D | C] -- F:\Users\Fiete\AppData\Local\{441CF273-D3F2-4224-8395-501463FFB2D9}
[2013/10/18 17:10:21 | 000,000,000 | ---D | C] -- F:\Users\Fiete\AppData\Local\{89ACA6CD-B3CE-4A5B-A0A2-C2DAB8282608}
[2013/10/17 15:20:59 | 000,000,000 | ---D | C] -- F:\Users\Fiete\AppData\Local\{765E9206-B200-4D1D-B330-E99AFC9AE151}
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/15 16:45:32 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2013/11/15 16:45:17 | 3015,884,800 | -HS- | M] () -- F:\hiberfil.sys
[2013/11/15 14:25:53 | 000,000,051 | ---- | M] () -- F:\.directory
[2013/11/15 13:41:27 | 000,000,050 | ---- | M] () -- F:\Users\Fiete\AppData\Local\.directory
[2013/11/14 14:09:09 | 000,000,006 | -H-- | M] () -- F:\Windows\tasks\SA.DAT
[2013/11/12 19:35:59 | 009,880,457 | -H-- | M] () -- F:\Users\Fiete\AppData\Local\IconCache.db
[2013/11/12 19:10:03 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/12 15:51:09 | 000,009,696 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/12 15:51:09 | 000,009,696 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/12 12:30:03 | 001,507,104 | ---- | M] () -- F:\Windows\System32\PerfStringBackup.INI
[2013/11/12 12:30:03 | 000,657,666 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2013/11/12 12:30:03 | 000,618,912 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2013/11/12 12:30:03 | 000,131,024 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2013/11/12 12:30:03 | 000,107,232 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2013/11/11 04:23:28 | 000,000,047 | ---- | M] () -- F:\Windows\Ulead32.INI
[2013/11/08 13:13:46 | 000,002,052 | ---- | M] () -- F:\Users\Fiete\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/03 12:45:55 | 000,001,024 | RH-- | M] () -- F:\Users\Public\Documents\NTIMMV9Acer.dll
[2013/10/29 16:42:06 | 000,001,134 | ---- | M] () -- F:\Users\Public\Desktop\dm-Fotowelt.lnk
[2013/10/23 14:05:10 | 000,000,675 | ---- | M] () -- F:\Windows\win.ini
 
========== Files Created - No Company Name ==========
 
[2013/11/15 14:25:53 | 000,000,051 | ---- | C] () -- F:\.directory
[2013/11/15 13:41:27 | 000,000,050 | ---- | C] () -- F:\Users\Fiete\AppData\Local\.directory
[2013/10/10 11:04:32 | 002,220,368 | ---- | C] () -- F:\Users\Fiete\AppData\Local\omesuperv.exe
[2013/02/11 16:51:30 | 000,007,832 | ---- | C] () -- F:\Windows\CDPlayer.ini
[2012/12/13 16:29:31 | 000,000,024 | ---- | C] () -- F:\Windows\SysWow64\LOGL2DI_COINST.DAT
[2012/12/02 11:14:34 | 000,000,032 | ---- | C] () -- F:\Windows\CD_Start.INI
[2012/08/24 13:25:39 | 000,000,056 | -H-- | C] () -- F:\Windows\SysWow64\ezsidmv.dat
[2012/08/24 12:19:34 | 000,000,032 | ---- | C] () -- F:\Windows\Menu.INI
[2012/01/23 16:24:18 | 000,000,040 | ---- | C] () -- F:\Windows\iltwain.ini
[2011/10/20 10:37:08 | 000,004,096 | -H-- | C] () -- F:\Users\Fiete\AppData\Local\keyfile3.drm
[2011/08/06 15:32:17 | 000,000,046 | ---- | C] () -- F:\Windows\Speed.INI
[2011/06/15 14:42:35 | 000,000,069 | ---- | C] () -- F:\Windows\NeroDigital.ini
[2011/06/04 18:22:15 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2011/03/08 15:33:11 | 000,000,000 | ---- | C] () -- F:\Windows\PhEdit.INI
[2011/03/04 14:41:08 | 000,111,932 | ---- | C] () -- F:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/04 14:41:08 | 000,031,053 | ---- | C] () -- F:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/04 14:41:08 | 000,027,417 | ---- | C] () -- F:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/04 14:41:08 | 000,026,154 | ---- | C] () -- F:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/04 14:41:08 | 000,024,903 | ---- | C] () -- F:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/04 14:41:08 | 000,021,390 | ---- | C] () -- F:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/04 14:41:08 | 000,020,148 | ---- | C] () -- F:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/04 14:41:08 | 000,011,811 | ---- | C] () -- F:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/04 14:41:08 | 000,004,943 | ---- | C] () -- F:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/04 14:41:08 | 000,001,146 | ---- | C] () -- F:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011/03/04 14:41:08 | 000,001,139 | ---- | C] () -- F:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/04 14:41:08 | 000,001,139 | ---- | C] () -- F:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/04 14:41:08 | 000,001,136 | ---- | C] () -- F:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/04 14:41:08 | 000,001,129 | ---- | C] () -- F:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/04 14:41:08 | 000,001,129 | ---- | C] () -- F:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/04 14:41:08 | 000,001,120 | ---- | C] () -- F:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011/03/04 14:41:08 | 000,001,107 | ---- | C] () -- F:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011/03/04 14:41:08 | 000,001,104 | ---- | C] () -- F:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/04 14:41:08 | 000,000,097 | ---- | C] () -- F:\Windows\SysWow64\PICSDK.ini
[2011/02/07 16:40:27 | 000,000,046 | ---- | C] () -- F:\Windows\mxcdr.INI
[2011/01/27 06:55:11 | 000,000,052 | ---- | C] () -- F:\Windows\Relax.ini
[2011/01/26 16:13:27 | 000,000,016 | -H-- | C] () -- F:\Users\Fiete\AppData\Local\mxfilerelatedcache.mxc2
[2011/01/08 10:34:46 | 000,000,400 | ---- | C] () -- F:\Windows\ODBC.INI
[2011/01/08 10:07:12 | 000,000,209 | ---- | C] () -- F:\Windows\ODBCINST.INI
[2010/12/20 13:22:23 | 000,000,600 | ---- | C] () -- F:\Users\Fiete\AppData\Roaming\winscp.rnd
[2010/12/20 13:04:31 | 000,000,047 | ---- | C] () -- F:\Windows\Ulead32.INI
[2010/12/20 13:03:48 | 000,007,680 | ---- | C] () -- F:\Windows\SysWow64\drivers\Onsreged.sys
[2010/12/20 13:03:47 | 000,285,216 | ---- | C] () -- F:\Windows\SysWow64\drivers\Onsio.sys
[2010/12/20 12:44:13 | 000,000,600 | ---- | C] () -- F:\Users\Fiete\AppData\Local\PUTTY.RND
[2010/12/20 12:44:06 | 000,000,319 | ---- | C] () -- F:\Windows\homeDVD-Filme4.INI
[2010/12/20 12:41:31 | 000,019,968 | ---- | C] () -- F:\Windows\SysWow64\cpuinf32.dll
[2010/12/20 12:36:17 | 000,000,088 | ---- | C] () -- F:\Windows\magix.ini
[2010/12/20 12:35:37 | 000,001,208 | ---- | C] () -- F:\Windows\mgxoschk.ini
[2010/12/16 13:48:48 | 001,535,546 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/11 16:28:22 | 000,106,496 | R--- | C] () -- F:\Windows\SysWow64\vshp1020.dll
[2010/12/11 16:28:21 | 000,397,312 | R--- | C] () -- F:\Windows\SysWow64\zshp1020.exe
[2010/12/11 16:20:38 | 009,880,457 | -H-- | C] () -- F:\Users\Fiete\AppData\Local\IconCache.db
[2010/12/11 15:31:08 | 000,022,528 | ---- | C] () -- F:\Users\Fiete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/11 15:16:49 | 000,144,312 | ---- | C] () -- F:\Users\Fiete\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/08 04:46:42 | 004,497,993 | ---- | C] () -- F:\Windows\SysWow64\libavcodec.dll
[2010/09/08 04:46:42 | 001,529,856 | ---- | C] () -- F:\Windows\SysWow64\ff_samplerate.dll
[2010/09/08 04:46:42 | 001,212,665 | ---- | C] () -- F:\Windows\SysWow64\ffmpegmt.dll
[2010/09/08 04:46:42 | 000,903,723 | ---- | C] () -- F:\Windows\SysWow64\ff_x264.dll
[2010/09/08 04:46:42 | 000,880,220 | ---- | C] () -- F:\Windows\SysWow64\xvidcore.dll
[2010/09/08 04:46:42 | 000,336,384 | ---- | C] () -- F:\Windows\SysWow64\ff_libfaad2.dll
[2010/09/08 04:46:42 | 000,324,096 | ---- | C] () -- F:\Windows\SysWow64\TomsMoComp_ff.dll
[2010/09/08 04:46:42 | 000,248,320 | ---- | C] () -- F:\Windows\SysWow64\ff_kernelDeint.dll
[2010/09/08 04:46:42 | 000,216,576 | ---- | C] () -- F:\Windows\SysWow64\ff_libdts.dll
[2010/09/08 04:46:42 | 000,151,552 | ---- | C] () -- F:\Windows\SysWow64\ff_libmad.dll
[2010/09/08 04:46:42 | 000,145,408 | ---- | C] () -- F:\Windows\SysWow64\libmpeg2_ff.dll
[2010/09/08 04:46:42 | 000,142,291 | ---- | C] () -- F:\Windows\SysWow64\libmplayer.dll
[2010/09/08 04:46:42 | 000,121,856 | ---- | C] () -- F:\Windows\SysWow64\ff_liba52.dll
[2010/09/08 04:46:42 | 000,116,736 | ---- | C] () -- F:\Windows\SysWow64\ff_tremor.dll
[2010/09/08 04:46:42 | 000,097,792 | ---- | C] () -- F:\Windows\SysWow64\ff_unrar.dll
[2010/09/08 03:45:00 | 000,100,864 | ---- | C] () -- F:\Windows\SysWow64\ff_wmv9.dll
[2010/09/08 03:09:46 | 000,108,032 | ---- | C] () -- F:\Windows\SysWow64\ff_vfw.dll
[2010/09/07 02:07:09 | 000,000,000 | ---- | C] () -- F:\Windows\ativpsrm.bin
[2010/08/14 03:45:18 | 000,249,856 | ---- | C] () -- F:\Windows\SysWow64\dxr.dll
[2010/08/14 03:45:10 | 000,358,400 | ---- | C] () -- F:\Windows\SysWow64\gdsmux.exe
[2010/08/14 03:43:52 | 000,150,528 | ---- | C] () -- F:\Windows\SysWow64\mkx.dll
[2010/08/14 03:43:42 | 000,109,568 | ---- | C] () -- F:\Windows\SysWow64\avi.dll
[2010/08/14 03:43:34 | 000,141,824 | ---- | C] () -- F:\Windows\SysWow64\mp4.dll
[2010/08/14 03:43:22 | 000,123,392 | ---- | C] () -- F:\Windows\SysWow64\ogm.dll
[2010/08/14 03:42:54 | 000,113,152 | ---- | C] () -- F:\Windows\SysWow64\dsmux.exe
[2010/08/14 03:42:48 | 000,154,112 | ---- | C] () -- F:\Windows\SysWow64\ts.dll
[2010/08/14 03:42:10 | 000,097,792 | ---- | C] () -- F:\Windows\SysWow64\avs.dll
[2010/08/14 03:42:06 | 000,137,728 | ---- | C] () -- F:\Windows\SysWow64\mkv2vfr.exe
[2010/08/14 03:41:54 | 000,093,184 | ---- | C] () -- F:\Windows\SysWow64\avss.dll
[2010/08/14 03:40:02 | 000,080,384 | ---- | C] () -- F:\Windows\SysWow64\mkzlib.dll
[2010/08/14 03:39:58 | 000,024,576 | ---- | C] () -- F:\Windows\SysWow64\mkunicode.dll
[2010/08/04 22:36:18 | 000,002,093 | ---- | C] () -- F:\Windows\SysWow64\atipblag.dat
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- F:\Windows\SysWow64\ac3config.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/14 00:32:39 | 000,043,318 | ---- | C] () -- F:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 00:32:39 | 000,029,779 | ---- | C] () -- F:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:39 | 000,026,489 | ---- | C] () -- F:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:39 | 000,026,040 | ---- | C] () -- F:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:35:42 | 000,001,405 | ---- | C] () -- F:\Windows\msdfmap.ini
[2009/07/13 21:34:57 | 000,000,675 | ---- | C] () -- F:\Windows\win.ini
[2009/07/13 21:34:57 | 000,000,219 | ---- | C] () -- F:\Windows\system.ini
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- F:\Windows\SysWow64\xvidvfw.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- F:\Windows\SysWow64\mmfinfo.dll
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- F:\Windows\SysWow64\qt-dx331.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- F:\Windows\SysWow64\Registration.ini
[2007/04/27 02:43:58 | 000,120,200 | ---- | C] () -- F:\Windows\SysWow64\DLLDEV32i.dll
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- F:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011/05/07 11:31:19 | 000,000,000 | ---D | M] -- F:\ProgramData\AAV
[2010/07/14 05:29:22 | 000,000,000 | ---D | M] -- F:\ProgramData\Acer
[2010/12/11 15:15:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2013/02/08 15:36:36 | 000,000,000 | ---D | M] -- F:\ProgramData\Babylon
[2010/07/14 05:38:44 | 000,000,000 | ---D | M] -- F:\ProgramData\BackupManager
[2011/06/11 10:40:52 | 000,000,000 | ---D | M] -- F:\ProgramData\Canneverbe Limited
[2012/12/13 11:03:24 | 000,000,000 | ---D | M] -- F:\ProgramData\CLSK
[2012/12/14 15:19:00 | 000,000,000 | ---D | M] -- F:\ProgramData\Conexant
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/12/11 15:15:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2010/07/14 05:45:27 | 000,000,000 | ---D | M] -- F:\ProgramData\EgisTec IPS
[2010/07/14 05:18:39 | 000,000,000 | ---D | M] -- F:\ProgramData\eSobi
[2010/12/11 15:15:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2012/12/11 13:21:23 | 000,000,000 | ---D | M] -- F:\ProgramData\Installations
[2012/12/13 11:11:28 | 000,000,000 | ---D | M] -- F:\ProgramData\install_clap
[2011/12/08 16:31:44 | 000,000,000 | ---D | M] -- F:\ProgramData\MAGIX
[2011/02/09 04:59:04 | 000,000,000 | ---D | M] -- F:\ProgramData\NCH Swift Sound
[2012/12/12 13:32:22 | 000,000,000 | ---D | M] -- F:\ProgramData\NokiaMusic
[2010/07/14 05:24:51 | 000,000,000 | ---D | M] -- F:\ProgramData\OberonGameConsole
[2010/12/11 15:18:16 | 000,000,000 | ---D | M] -- F:\ProgramData\oem
[2011/03/04 14:51:31 | 000,000,000 | ---D | M] -- F:\ProgramData\Panasonic
[2011/01/02 14:36:50 | 000,000,000 | ---D | M] -- F:\ProgramData\Partner
[2012/02/12 14:24:49 | 000,000,000 | ---D | M] -- F:\ProgramData\PC Suite
[2012/12/13 15:50:48 | 000,000,000 | ---D | M] -- F:\ProgramData\SmartSound Software Inc
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/12/11 15:15:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2013/11/15 22:09:19 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2013/11/15 13:58:26 | 000,000,000 | ---D | M] -- F:\ProgramData\tmp
[2012/12/14 15:21:26 | 000,000,000 | ---D | M] -- F:\ProgramData\Ulead Systems
[2010/12/16 16:04:09 | 000,000,000 | ---D | M] -- F:\ProgramData\VirtualizedApplications
[2010/12/11 15:15:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2013/10/30 18:28:42 | 000,032,632 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/11/11 03:46:39 | 103,681,534 | ---- | M] ()(F:\Windows\SysWow64\????) -- F:\Windows\SysWow64\꒗掬Ḭ”
[2013/11/11 03:46:39 | 103,681,534 | ---- | C] ()(F:\Windows\SysWow64\????) -- F:\Windows\SysWow64\꒗掬Ḭ”
[2013/10/09 13:20:04 | 100,163,860 | ---- | M] ()(F:\Windows\SysWow64\????) -- F:\Windows\SysWow64\印⬨Ḭˆ
[2013/10/09 13:20:04 | 100,163,860 | ---- | C] ()(F:\Windows\SysWow64\????) -- F:\Windows\SysWow64\印⬨Ḭˆ
[2013/09/23 07:46:43 | 098,646,441 | ---- | M] ()(F:\Windows\SysWow64\???) -- F:\Windows\SysWow64\⻾쒱Ḭ
[2013/09/23 07:46:43 | 098,646,441 | ---- | C] ()(F:\Windows\SysWow64\???) -- F:\Windows\SysWow64\⻾쒱Ḭ
[2013/09/12 15:22:02 | 097,373,152 | ---- | M] ()(F:\Windows\SysWow64\???¡) -- F:\Windows\SysWow64\笣죢Ḭ¡
[2013/09/12 11:48:52 | 097,373,152 | ---- | C] ()(F:\Windows\SysWow64\???¡) -- F:\Windows\SysWow64\笣죢Ḭ¡
[2013/08/21 13:31:15 | 099,712,133 | ---- | M] ()(F:\Windows\SysWow64\???) -- F:\Windows\SysWow64\코蝤Ḭ
[2013/08/21 12:48:46 | 099,712,133 | ---- | C] ()(F:\Windows\SysWow64\???) -- F:\Windows\SysWow64\코蝤Ḭ
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> F:\ProgramData\Temp:DAF232F8
< End of report >
         

Alt 16.11.2013, 11:25   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



hi,

klassisches Beispiel für Finger weg von automatisierten Scannern auf CD. Rechner bootet nicht sauber, aber Malware Einträge im Log sind weg, die man sauber adressieren könnte.

Win DVD zur Hand?
__________________

__________________

Alt 16.11.2013, 11:28   #3
glizi
 
Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



Ja die habe ich.

Ich habe auch noch das OTLpe Log vor der Bereinigung

OTL.txt vor Bereinigung
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11/15/2013 9:45:03 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.83 Mb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive E: | 283.99 Gb Total Space | 28.06 Gb Free Space | 9.88% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/11 07:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/04/20 18:34:40 | 000,202,752 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto] -- E:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/11/12 13:04:07 | 000,061,536 | ---- | M] (Microsoft Corporation) [Auto] -- E:\ProgramData\qzjrwvj6.pss -- (Winmgmt)
SRV - [2013/11/08 13:13:28 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/09 12:10:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 13:41:47 | 000,622,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013/08/20 03:20:44 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/08/20 03:20:13 | 000,815,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/08/20 03:20:01 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/29 08:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto] -- E:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011/03/21 07:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand] -- E:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/07/14 05:34:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- E:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/28 08:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- E:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto] -- E:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand] -- E:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/08/27 10:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- E:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/06 10:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto] -- E:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/24 09:35:44 | 000,128,296 | ---- | M] () [Auto] -- E:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/08/07 04:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- E:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004/10/11 22:47:06 | 000,098,304 | ---- | M] () [Auto] -- E:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/11 21:40:38 | 000,118,784 | ---- | M] () [Auto] -- E:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/09/05 13:41:48 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/08/20 03:20:52 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/08/08 11:42:22 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/03/08 11:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/01/10 05:12:26 | 000,222,464 | ---- | M] (Dexetek ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\DxVGrb.sys -- (DxVGrb)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/06/17 04:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/06/03 14:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/05/14 16:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/04/20 20:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/20 17:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/26 22:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/08/23 04:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- E:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- E:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Fiete_ON_E\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de/
IE - HKU\Fiete_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5552&r=273612100715l0424z145v4742108q
IE - HKU\Fiete_ON_E\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Fiete_ON_E\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Fiete_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfus205
IE - HKU\Fiete_ON_E\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - Reg Error: Key error. File not found
IE - HKU\Fiete_ON_E\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - Reg Error: Key error. File not found
IE - HKU\Fiete_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\Fiete_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\NetworkService_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\NetworkService_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.fbdownloader.com/search.php?channel=sfde205&q="
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.fbdownloader.com/?channel=sfde205"
FF - prefs.js..keyword.URL: "hxxp://search.fbdownloader.com/search.php?channel=sfde205&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: E:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: E:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/22 09:07:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 08:27:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
 
[2011/01/14 05:21:58 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Fiete\AppData\Roaming\Mozilla\Extensions
[2011/01/14 05:21:58 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Fiete\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/10/14 14:30:36 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\extensions
[2013/09/22 14:42:43 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- E:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2013/09/22 14:42:41 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- E:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012/01/09 12:31:25 | 000,000,000 | ---D | M] (Babylon) -- E:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\extensions\ffxtlbr@babylon.com
[2013/02/08 15:36:50 | 000,000,000 | ---D | M] (Delta Toolbar) -- E:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\extensions\ffxtlbr@delta.com
[2011/02/08 03:49:04 | 000,000,915 | ---- | M] () -- E:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\searchplugins\conduit.xml
[2013/02/08 15:36:51 | 000,001,294 | ---- | M] () -- E:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\searchplugins\delta.xml
[2013/02/08 18:28:36 | 000,006,874 | ---- | M] () -- E:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\searchplugins\fbdownloader_search.xml
[2013/02/20 03:04:16 | 000,002,384 | ---- | M] () -- E:\Users\Fiete\AppData\Roaming\Mozilla\Firefox\Profiles\nm34zs2n.default\searchplugins\search.xml
[2013/05/22 15:15:51 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/07/02 02:42:53 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/08 13:13:31 | 000,000,000 | ---D | M] (Default) -- E:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/02 02:42:46 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/07/02 02:42:46 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- E:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) -- 
() (No name found) -- E:\USERS\FIETE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NM34ZS2N.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2013/09/03 08:53:52 | 000,187,248 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2011/02/05 05:43:08 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2013/02/08 15:36:43 | 000,006,484 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - E:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - E:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - E:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Fiete_ON_E\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Fiete_ON_E\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\Fiete_ON_E\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O3 - HKU\Fiete_ON_E\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] E:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] E:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] E:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] E:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] E:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] E:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] E:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] E:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] E:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBAgent] E:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [OrderReminder] E:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [QuickTime Task] E:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] E:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\Fiete_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - E:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - E:\Windows\System32\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - E:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - E:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - E:\Windows\System32\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - E:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - E:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - E:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - E:\Windows\System32\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - E:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - E:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - E:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - E:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - E:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - E:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6b2995c5-0baa-11e0-906b-88ae1d813a19}\Shell - "" = AutoRun
O33 - MountPoints2\{6b2995c5-0baa-11e0-906b-88ae1d813a19}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{81188436-c83b-11e0-9f35-88ae1d813a19}\Shell - "" = AutoRun
O33 - MountPoints2\{81188436-c83b-11e0-9f35-88ae1d813a19}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/12 13:04:07 | 000,061,536 | ---- | C] (Microsoft Corporation) -- E:\ProgramData\qzjrwvj6.pss
[2013/11/12 13:04:02 | 000,131,072 | ---- | C] (Microsoft Corporation) -- E:\ProgramData\6jvwrjzq.dss
[2013/11/08 15:09:36 | 000,000,000 | ---D | C] -- E:\Users\Fiete\AppData\Local\{12629308-C230-436E-B1AC-2ED7B83D2025}
[2013/11/04 15:15:29 | 000,000,000 | ---D | C] -- E:\Users\Fiete\AppData\Local\{945B236A-598C-447D-BE18-E76B57135686}
[2013/11/02 15:04:27 | 000,000,000 | ---D | C] -- E:\Users\Fiete\AppData\Local\{2BBEB3B0-30C9-4503-AE4A-97C36428B0D6}
[2013/11/01 15:33:21 | 000,000,000 | ---D | C] -- E:\Users\Fiete\AppData\Local\{BE2E8CC1-F74A-4D09-BB9C-212AD942AF29}
[2013/10/27 15:50:23 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\OnlineFotoservice
[2013/10/27 14:57:54 | 000,000,000 | ---D | C] -- E:\Users\Fiete\AppData\Local\{2852E9FC-3C43-430C-8906-860A91EC74EB}
[2013/10/24 15:54:27 | 000,000,000 | ---D | C] -- E:\Users\Fiete\AppData\Local\{D3AE76BD-6339-4001-9AE3-4077E6337142}
[2013/10/23 14:16:38 | 000,000,000 | ---D | C] -- E:\Users\Fiete\AppData\Local\{E90F1997-0069-4B64-BF08-AF3C3B6EF5CB}
[2013/10/22 13:32:08 | 000,000,000 | ---D | C] -- E:\Users\Fiete\AppData\Local\{92CEE15E-1D3F-44C8-8747-696A84F44974}
[2013/10/21 14:24:58 | 000,000,000 | ---D | C] -- E:\Users\Fiete\Documents\Nero
[2013/10/19 15:01:21 | 000,000,000 | ---D | C] -- E:\Users\Fiete\AppData\Local\{441CF273-D3F2-4224-8395-501463FFB2D9}
[2013/10/18 17:10:21 | 000,000,000 | ---D | C] -- E:\Users\Fiete\AppData\Local\{89ACA6CD-B3CE-4A5B-A0A2-C2DAB8282608}
[2013/10/17 15:20:59 | 000,000,000 | ---D | C] -- E:\Users\Fiete\AppData\Local\{765E9206-B200-4D1D-B330-E99AFC9AE151}
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/15 14:58:36 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/11/15 14:58:17 | 3015,884,800 | -HS- | M] () -- E:\hiberfil.sys
[2013/11/15 14:25:53 | 000,000,051 | ---- | M] () -- E:\.directory
[2013/11/15 13:41:27 | 000,000,050 | ---- | M] () -- E:\Users\Fiete\AppData\Local\.directory
[2013/11/14 14:09:33 | 095,025,368 | ---- | M] () -- E:\ProgramData\qzjrwvj6.bxx
[2013/11/14 14:09:26 | 000,000,000 | ---- | M] () -- E:\ProgramData\qzjrwvj6.fvv
[2013/11/14 14:09:09 | 000,000,006 | -H-- | M] () -- E:\Windows\tasks\SA.DAT
[2013/11/12 19:35:59 | 009,880,457 | -H-- | M] () -- E:\Users\Fiete\AppData\Local\IconCache.db
[2013/11/12 19:10:03 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/12 15:51:09 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/12 15:51:09 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/12 13:04:44 | 000,000,285 | ---- | M] () -- E:\ProgramData\qzjrwvj6.reg
[2013/11/12 13:04:07 | 000,061,536 | ---- | M] (Microsoft Corporation) -- E:\ProgramData\qzjrwvj6.pss
[2013/11/12 13:04:02 | 000,131,072 | ---- | M] (Microsoft Corporation) -- E:\ProgramData\6jvwrjzq.dss
[2013/11/12 12:30:03 | 001,507,104 | ---- | M] () -- E:\Windows\System32\PerfStringBackup.INI
[2013/11/12 12:30:03 | 000,657,666 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/11/12 12:30:03 | 000,618,912 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/11/12 12:30:03 | 000,131,024 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/11/12 12:30:03 | 000,107,232 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/11/11 04:23:28 | 000,000,047 | ---- | M] () -- E:\Windows\Ulead32.INI
[2013/11/08 13:13:46 | 000,002,052 | ---- | M] () -- E:\Users\Fiete\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/03 12:45:55 | 000,001,024 | RH-- | M] () -- E:\Users\Public\Documents\NTIMMV9Acer.dll
[2013/10/29 16:42:06 | 000,001,134 | ---- | M] () -- E:\Users\Public\Desktop\dm-Fotowelt.lnk
[2013/10/23 14:05:10 | 000,000,675 | ---- | M] () -- E:\Windows\win.ini
 
========== Files Created - No Company Name ==========
 
[2013/11/15 14:25:53 | 000,000,051 | ---- | C] () -- E:\.directory
[2013/11/15 13:41:27 | 000,000,050 | ---- | C] () -- E:\Users\Fiete\AppData\Local\.directory
[2013/11/12 13:04:44 | 000,000,285 | ---- | C] () -- E:\ProgramData\qzjrwvj6.reg
[2013/11/12 13:04:06 | 000,000,000 | ---- | C] () -- E:\ProgramData\qzjrwvj6.fvv
[2013/11/12 13:04:03 | 095,025,368 | ---- | C] () -- E:\ProgramData\qzjrwvj6.bxx
[2013/10/10 11:04:32 | 002,220,368 | ---- | C] () -- E:\Users\Fiete\AppData\Local\omesuperv.exe
[2013/02/11 16:51:30 | 000,007,832 | ---- | C] () -- E:\Windows\CDPlayer.ini
[2012/12/13 16:29:31 | 000,000,024 | ---- | C] () -- E:\Windows\SysWow64\LOGL2DI_COINST.DAT
[2012/12/02 11:14:34 | 000,000,032 | ---- | C] () -- E:\Windows\CD_Start.INI
[2012/08/24 13:25:39 | 000,000,056 | -H-- | C] () -- E:\Windows\SysWow64\ezsidmv.dat
[2012/08/24 12:19:34 | 000,000,032 | ---- | C] () -- E:\Windows\Menu.INI
[2012/01/23 16:24:18 | 000,000,040 | ---- | C] () -- E:\Windows\iltwain.ini
[2011/10/20 10:37:08 | 000,004,096 | -H-- | C] () -- E:\Users\Fiete\AppData\Local\keyfile3.drm
[2011/08/06 15:32:17 | 000,000,046 | ---- | C] () -- E:\Windows\Speed.INI
[2011/06/15 14:42:35 | 000,000,069 | ---- | C] () -- E:\Windows\NeroDigital.ini
[2011/06/04 18:22:15 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/03/08 15:33:11 | 000,000,000 | ---- | C] () -- E:\Windows\PhEdit.INI
[2011/03/04 14:41:08 | 000,111,932 | ---- | C] () -- E:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/04 14:41:08 | 000,031,053 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/04 14:41:08 | 000,027,417 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/04 14:41:08 | 000,026,154 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/04 14:41:08 | 000,024,903 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/04 14:41:08 | 000,021,390 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/04 14:41:08 | 000,020,148 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/04 14:41:08 | 000,011,811 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/04 14:41:08 | 000,004,943 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/04 14:41:08 | 000,001,146 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011/03/04 14:41:08 | 000,001,139 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/04 14:41:08 | 000,001,139 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/04 14:41:08 | 000,001,136 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/04 14:41:08 | 000,001,129 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/04 14:41:08 | 000,001,129 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/04 14:41:08 | 000,001,120 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011/03/04 14:41:08 | 000,001,107 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011/03/04 14:41:08 | 000,001,104 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/04 14:41:08 | 000,000,097 | ---- | C] () -- E:\Windows\SysWow64\PICSDK.ini
[2011/02/07 16:40:27 | 000,000,046 | ---- | C] () -- E:\Windows\mxcdr.INI
[2011/01/27 06:55:11 | 000,000,052 | ---- | C] () -- E:\Windows\Relax.ini
[2011/01/26 16:13:27 | 000,000,016 | -H-- | C] () -- E:\Users\Fiete\AppData\Local\mxfilerelatedcache.mxc2
[2011/01/08 10:34:46 | 000,000,400 | ---- | C] () -- E:\Windows\ODBC.INI
[2011/01/08 10:07:12 | 000,000,209 | ---- | C] () -- E:\Windows\ODBCINST.INI
[2010/12/20 13:22:23 | 000,000,600 | ---- | C] () -- E:\Users\Fiete\AppData\Roaming\winscp.rnd
[2010/12/20 13:04:31 | 000,000,047 | ---- | C] () -- E:\Windows\Ulead32.INI
[2010/12/20 13:03:48 | 000,007,680 | ---- | C] () -- E:\Windows\SysWow64\drivers\Onsreged.sys
[2010/12/20 13:03:47 | 000,285,216 | ---- | C] () -- E:\Windows\SysWow64\drivers\Onsio.sys
[2010/12/20 12:44:13 | 000,000,600 | ---- | C] () -- E:\Users\Fiete\AppData\Local\PUTTY.RND
[2010/12/20 12:44:06 | 000,000,319 | ---- | C] () -- E:\Windows\homeDVD-Filme4.INI
[2010/12/20 12:41:31 | 000,019,968 | ---- | C] () -- E:\Windows\SysWow64\cpuinf32.dll
[2010/12/20 12:36:17 | 000,000,088 | ---- | C] () -- E:\Windows\magix.ini
[2010/12/20 12:35:37 | 000,001,208 | ---- | C] () -- E:\Windows\mgxoschk.ini
[2010/12/16 13:48:48 | 001,535,546 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/11 16:28:22 | 000,106,496 | R--- | C] () -- E:\Windows\SysWow64\vshp1020.dll
[2010/12/11 16:28:21 | 000,397,312 | R--- | C] () -- E:\Windows\SysWow64\zshp1020.exe
[2010/12/11 16:20:38 | 009,880,457 | -H-- | C] () -- E:\Users\Fiete\AppData\Local\IconCache.db
[2010/12/11 15:31:08 | 000,022,528 | ---- | C] () -- E:\Users\Fiete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/11 15:16:49 | 000,144,312 | ---- | C] () -- E:\Users\Fiete\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/08 04:46:42 | 004,497,993 | ---- | C] () -- E:\Windows\SysWow64\libavcodec.dll
[2010/09/08 04:46:42 | 001,529,856 | ---- | C] () -- E:\Windows\SysWow64\ff_samplerate.dll
[2010/09/08 04:46:42 | 001,212,665 | ---- | C] () -- E:\Windows\SysWow64\ffmpegmt.dll
[2010/09/08 04:46:42 | 000,903,723 | ---- | C] () -- E:\Windows\SysWow64\ff_x264.dll
[2010/09/08 04:46:42 | 000,880,220 | ---- | C] () -- E:\Windows\SysWow64\xvidcore.dll
[2010/09/08 04:46:42 | 000,336,384 | ---- | C] () -- E:\Windows\SysWow64\ff_libfaad2.dll
[2010/09/08 04:46:42 | 000,324,096 | ---- | C] () -- E:\Windows\SysWow64\TomsMoComp_ff.dll
[2010/09/08 04:46:42 | 000,248,320 | ---- | C] () -- E:\Windows\SysWow64\ff_kernelDeint.dll
[2010/09/08 04:46:42 | 000,216,576 | ---- | C] () -- E:\Windows\SysWow64\ff_libdts.dll
[2010/09/08 04:46:42 | 000,151,552 | ---- | C] () -- E:\Windows\SysWow64\ff_libmad.dll
[2010/09/08 04:46:42 | 000,145,408 | ---- | C] () -- E:\Windows\SysWow64\libmpeg2_ff.dll
[2010/09/08 04:46:42 | 000,142,291 | ---- | C] () -- E:\Windows\SysWow64\libmplayer.dll
[2010/09/08 04:46:42 | 000,121,856 | ---- | C] () -- E:\Windows\SysWow64\ff_liba52.dll
[2010/09/08 04:46:42 | 000,116,736 | ---- | C] () -- E:\Windows\SysWow64\ff_tremor.dll
[2010/09/08 04:46:42 | 000,097,792 | ---- | C] () -- E:\Windows\SysWow64\ff_unrar.dll
[2010/09/08 03:45:00 | 000,100,864 | ---- | C] () -- E:\Windows\SysWow64\ff_wmv9.dll
[2010/09/08 03:09:46 | 000,108,032 | ---- | C] () -- E:\Windows\SysWow64\ff_vfw.dll
[2010/09/07 02:07:09 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2010/08/14 03:45:18 | 000,249,856 | ---- | C] () -- E:\Windows\SysWow64\dxr.dll
[2010/08/14 03:45:10 | 000,358,400 | ---- | C] () -- E:\Windows\SysWow64\gdsmux.exe
[2010/08/14 03:43:52 | 000,150,528 | ---- | C] () -- E:\Windows\SysWow64\mkx.dll
[2010/08/14 03:43:42 | 000,109,568 | ---- | C] () -- E:\Windows\SysWow64\avi.dll
[2010/08/14 03:43:34 | 000,141,824 | ---- | C] () -- E:\Windows\SysWow64\mp4.dll
[2010/08/14 03:43:22 | 000,123,392 | ---- | C] () -- E:\Windows\SysWow64\ogm.dll
[2010/08/14 03:42:54 | 000,113,152 | ---- | C] () -- E:\Windows\SysWow64\dsmux.exe
[2010/08/14 03:42:48 | 000,154,112 | ---- | C] () -- E:\Windows\SysWow64\ts.dll
[2010/08/14 03:42:10 | 000,097,792 | ---- | C] () -- E:\Windows\SysWow64\avs.dll
[2010/08/14 03:42:06 | 000,137,728 | ---- | C] () -- E:\Windows\SysWow64\mkv2vfr.exe
[2010/08/14 03:41:54 | 000,093,184 | ---- | C] () -- E:\Windows\SysWow64\avss.dll
[2010/08/14 03:40:02 | 000,080,384 | ---- | C] () -- E:\Windows\SysWow64\mkzlib.dll
[2010/08/14 03:39:58 | 000,024,576 | ---- | C] () -- E:\Windows\SysWow64\mkunicode.dll
[2010/08/04 22:36:18 | 000,002,093 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat
[2010/07/14 05:20:19 | 000,131,984 | ---- | C] () -- E:\ProgramData\FullRemove.exe
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- E:\Windows\SysWow64\ac3config.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:32:39 | 000,043,318 | ---- | C] () -- E:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 00:32:39 | 000,029,779 | ---- | C] () -- E:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:39 | 000,026,489 | ---- | C] () -- E:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:39 | 000,026,040 | ---- | C] () -- E:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:35:42 | 000,001,405 | ---- | C] () -- E:\Windows\msdfmap.ini
[2009/07/13 21:34:57 | 000,000,675 | ---- | C] () -- E:\Windows\win.ini
[2009/07/13 21:34:57 | 000,000,219 | ---- | C] () -- E:\Windows\system.ini
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- E:\Windows\SysWow64\xvidvfw.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- E:\Windows\SysWow64\mmfinfo.dll
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- E:\Windows\SysWow64\qt-dx331.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- E:\Windows\SysWow64\Registration.ini
[2007/04/27 02:43:58 | 000,120,200 | ---- | C] () -- E:\Windows\SysWow64\DLLDEV32i.dll
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- E:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011/05/07 11:31:19 | 000,000,000 | ---D | M] -- E:\ProgramData\AAV
[2010/07/14 05:29:22 | 000,000,000 | ---D | M] -- E:\ProgramData\Acer
[2010/12/11 15:15:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2013/02/08 15:36:36 | 000,000,000 | ---D | M] -- E:\ProgramData\Babylon
[2010/07/14 05:38:44 | 000,000,000 | ---D | M] -- E:\ProgramData\BackupManager
[2011/06/11 10:40:52 | 000,000,000 | ---D | M] -- E:\ProgramData\Canneverbe Limited
[2012/12/13 11:03:24 | 000,000,000 | ---D | M] -- E:\ProgramData\CLSK
[2012/12/14 15:19:00 | 000,000,000 | ---D | M] -- E:\ProgramData\Conexant
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2010/12/11 15:15:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2010/07/14 05:45:27 | 000,000,000 | ---D | M] -- E:\ProgramData\EgisTec IPS
[2010/07/14 05:18:39 | 000,000,000 | ---D | M] -- E:\ProgramData\eSobi
[2010/12/11 15:15:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/12/11 13:21:23 | 000,000,000 | ---D | M] -- E:\ProgramData\Installations
[2012/12/13 11:11:28 | 000,000,000 | ---D | M] -- E:\ProgramData\install_clap
[2011/12/08 16:31:44 | 000,000,000 | ---D | M] -- E:\ProgramData\MAGIX
[2011/02/09 04:59:04 | 000,000,000 | ---D | M] -- E:\ProgramData\NCH Swift Sound
[2012/12/12 13:32:22 | 000,000,000 | ---D | M] -- E:\ProgramData\NokiaMusic
[2010/07/14 05:24:51 | 000,000,000 | ---D | M] -- E:\ProgramData\OberonGameConsole
[2010/12/11 15:18:16 | 000,000,000 | ---D | M] -- E:\ProgramData\oem
[2011/03/04 14:51:31 | 000,000,000 | ---D | M] -- E:\ProgramData\Panasonic
[2011/01/02 14:36:50 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner
[2012/02/12 14:24:49 | 000,000,000 | ---D | M] -- E:\ProgramData\PC Suite
[2012/12/13 15:50:48 | 000,000,000 | ---D | M] -- E:\ProgramData\SmartSound Software Inc
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2010/12/11 15:15:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2013/11/15 14:27:00 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2013/11/15 13:58:26 | 000,000,000 | ---D | M] -- E:\ProgramData\tmp
[2012/12/14 15:21:26 | 000,000,000 | ---D | M] -- E:\ProgramData\Ulead Systems
[2010/12/16 16:04:09 | 000,000,000 | ---D | M] -- E:\ProgramData\VirtualizedApplications
[2010/12/11 15:15:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2013/10/30 18:28:42 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/11/11 03:46:39 | 103,681,534 | ---- | M] ()(E:\Windows\SysWow64\????) -- E:\Windows\SysWow64\꒗掬Ḭ”
[2013/11/11 03:46:39 | 103,681,534 | ---- | C] ()(E:\Windows\SysWow64\????) -- E:\Windows\SysWow64\꒗掬Ḭ”
[2013/10/09 13:20:04 | 100,163,860 | ---- | M] ()(E:\Windows\SysWow64\????) -- E:\Windows\SysWow64\印⬨Ḭˆ
[2013/10/09 13:20:04 | 100,163,860 | ---- | C] ()(E:\Windows\SysWow64\????) -- E:\Windows\SysWow64\印⬨Ḭˆ
[2013/09/23 07:46:43 | 098,646,441 | ---- | M] ()(E:\Windows\SysWow64\???) -- E:\Windows\SysWow64\⻾쒱Ḭ
[2013/09/23 07:46:43 | 098,646,441 | ---- | C] ()(E:\Windows\SysWow64\???) -- E:\Windows\SysWow64\⻾쒱Ḭ
[2013/09/12 15:22:02 | 097,373,152 | ---- | M] ()(E:\Windows\SysWow64\???¡) -- E:\Windows\SysWow64\笣죢Ḭ¡
[2013/09/12 11:48:52 | 097,373,152 | ---- | C] ()(E:\Windows\SysWow64\???¡) -- E:\Windows\SysWow64\笣죢Ḭ¡
[2013/08/21 13:31:15 | 099,712,133 | ---- | M] ()(E:\Windows\SysWow64\???) -- E:\Windows\SysWow64\코蝤Ḭ
[2013/08/21 12:48:46 | 099,712,133 | ---- | C] ()(E:\Windows\SysWow64\???) -- E:\Windows\SysWow64\코蝤Ḭ
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> E:\ProgramData\Temp:DAF232F8
< End of report >
         
--- --- ---
__________________

Geändert von glizi (16.11.2013 um 11:40 Uhr)

Alt 16.11.2013, 16:24   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
[2013/11/12 13:04:07 | 000,061,536 | ---- | C] (Microsoft Corporation) -- E:\ProgramData\qzjrwvj6.pss
[2013/11/12 13:04:02 | 000,131,072 | ---- | C] (Microsoft Corporation) -- E:\ProgramData\6jvwrjzq.dss
[2013/11/14 14:09:33 | 095,025,368 | ---- | M] () -- E:\ProgramData\qzjrwvj6.bxx
[2013/11/14 14:09:26 | 000,000,000 | ---- | M] () -- E:\ProgramData\qzjrwvj6.fvv
[2013/11/12 13:04:44 | 000,000,285 | ---- | M] () -- E:\ProgramData\qzjrwvj6.reg
[2013/11/12 13:04:07 | 000,061,536 | ---- | M] (Microsoft Corporation) -- E:\ProgramData\qzjrwvj6.pss
[2013/11/12 13:04:02 | 000,131,072 | ---- | M] (Microsoft Corporation) -- E:\ProgramData\6jvwrjzq.dss
[2013/11/12 13:04:44 | 000,000,285 | ---- | C] () -- E:\ProgramData\qzjrwvj6.reg
[2013/11/12 13:04:06 | 000,000,000 | ---- | C] () -- E:\ProgramData\qzjrwvj6.fvv
[2013/11/12 13:04:03 | 095,025,368 | ---- | C] () -- E:\ProgramData\qzjrwvj6.bxx
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Rechner normal starten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.11.2013, 17:04   #5
glizi
 
Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



Sieht nicht gut aus. Die sind anscheinend schon gelöscht.

Code:
ATTFilter
========== OTL ==========
File E:\ProgramData\qzjrwvj6.pss not found.
File E:\ProgramData\6jvwrjzq.dss not found.
File E:\ProgramData\qzjrwvj6.bxx not found.
File E:\ProgramData\qzjrwvj6.fvv not found.
File E:\ProgramData\qzjrwvj6.reg not found.
File E:\ProgramData\qzjrwvj6.pss not found.
File E:\ProgramData\6jvwrjzq.dss not found.
File E:\ProgramData\qzjrwvj6.reg not found.
File E:\ProgramData\qzjrwvj6.fvv not found.
File E:\ProgramData\qzjrwvj6.bxx not found.
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 11162013_120317
         


Alt 17.11.2013, 07:20   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________
--> Schwarzer Desktop / GVU-Trojaner

Alt 17.11.2013, 08:58   #7
glizi
 
Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



Danke vorab schon mal für deine Unterstützung.



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by SYSTEM on MININT-3O07G1D on 17-11-2013 03:57:56
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [OrderReminder] - C:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2004-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [195072 2009-06-19] (ArcSoft Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()

==================== Services (Whitelisted) =================

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
S2 AdobeActiveFileMonitor; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-12] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S2 PhotoshopElementsDeviceConnect; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-12] ()
S2 bgsvcgen; "C:\Windows\SysWOW64\bgsvcgen.exe" [x]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc [x]
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc [x]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [x]
S2 NMSAccessU; C:\Program Files (x86)\Common Files\NMSAccessU.exe [x]
S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x]
S3 ServiceLayer; "C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe" [x]

==================== Drivers (Whitelisted) ====================

S2 ASPI32; No ImagePath
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
S1 cdrbsdrv; No ImagePath
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [x]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [x]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\Afc.sys 6CCD1135320109D6B219F1A6E04AD9F6
C:\Windows\system32\drivers\afd.sys 314C17917AC8523EC77A710215012A65
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atipmdag.sys D3E6B2E1394D93FE9DB0BA24814B0D8F
C:\Windows\System32\DRIVERS\atikmpag.sys CC4D915D786D3DA973B2EA9B95D59A29
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AtiPcie.sys C07A040D6B5A42DD41EE386CF90974C8
C:\Windows\System32\DRIVERS\avgntflt.sys 0D5C96FD25D6455D97A5C4D7706DFAB1
C:\Windows\System32\DRIVERS\avipbb.sys E26B3C8E9C3DDE047B32C5719955D715
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 2D659B569A76CDB83B815675A80D7096
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 0975BF32399A24117E317B5BF1D5D0AA
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 235362D403D9D677514649D88DB31914
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60a.sys 37E053A2CF8F0082B689ED74106E0CEC
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys 6FFECC25B39DC7652A0CEC0ADA9DB589
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 0BEFE32CA56D6EE89D58175725596A85
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys D43BC633B8660463E446E28E14A51262
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\system32\drivers\NTIDrvr.sys EE3BA1024594D5D09E314F206B94069E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\pccsmcfdx64.sys BC0018C2D29F655188A0ED3FA94FDB24
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 763AE0C6D9DF4C24B7E2C26036A8188A
C:\Windows\System32\drivers\RtHDMIVX.sys D6D381B76056C668679723938F06F16C
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\system32\drivers\UBHelper.sys A17D5E1A6DF4EAB0A480F2C490DE4C9D
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\system32\drivers\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\drivers\usbser.sys 4ACEE387FA8FD39F83564FCD2FC234F2
C:\Windows\system32\drivers\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\WinUSB.SYS FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-16 18:03 - 2013-11-16 18:03 - 00000000 ____D C:\_OTL
2013-11-16 06:21 - 2013-11-16 06:21 - 00000049 _____ C:\Users\Fiete\AppData\Roaming\.directory
2013-11-16 05:49 - 2013-11-16 05:49 - 00000000 _____ C:\Recovery.txt
2013-11-16 04:06 - 2013-11-16 04:06 - 00000000 ____D C:\_OTL1
2013-11-16 03:50 - 2013-11-16 05:13 - 00025632 _____ C:\Extras.Txt
2013-11-16 03:50 - 2013-11-16 05:12 - 00125638 _____ C:\OTL.Txt
2013-11-15 23:39 - 2013-11-15 23:39 - 00000000 ____D C:\FRST
2013-11-15 20:25 - 2013-11-15 20:25 - 00000051 _____ C:\.directory
2013-11-15 19:41 - 2013-11-15 19:41 - 00000050 _____ C:\Users\Fiete\AppData\Local\.directory
2013-11-14 20:09 - 2013-11-14 20:09 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-11-11 09:46 - 2013-11-11 09:46 - 103681534 _____ C:\Windows\SysWOW64\꒗掬Ḭ”
2013-11-08 21:09 - 2013-11-08 21:09 - 00000000 ____D C:\Users\Fiete\AppData\Local\{12629308-C230-436E-B1AC-2ED7B83D2025}
2013-11-04 21:15 - 2013-11-04 21:15 - 00000000 ____D C:\Users\Fiete\AppData\Local\{945B236A-598C-447D-BE18-E76B57135686}
2013-11-02 21:04 - 2013-11-02 21:04 - 00000000 ____D C:\Users\Fiete\AppData\Local\{2BBEB3B0-30C9-4503-AE4A-97C36428B0D6}
2013-11-01 21:33 - 2013-11-01 21:33 - 00000000 ____D C:\Users\Fiete\AppData\Local\{BE2E8CC1-F74A-4D09-BB9C-212AD942AF29}
2013-10-27 21:50 - 2013-11-03 18:31 - 00000000 ____D C:\Program Files (x86)\OnlineFotoservice
2013-10-27 20:57 - 2013-10-27 20:58 - 00000000 ____D C:\Users\Fiete\AppData\Local\{2852E9FC-3C43-430C-8906-860A91EC74EB}
2013-10-24 21:54 - 2013-10-24 21:54 - 00000000 ____D C:\Users\Fiete\AppData\Local\{D3AE76BD-6339-4001-9AE3-4077E6337142}
2013-10-23 20:16 - 2013-10-23 20:16 - 00000000 ____D C:\Users\Fiete\AppData\Local\{E90F1997-0069-4B64-BF08-AF3C3B6EF5CB}
2013-10-22 19:32 - 2013-10-22 19:32 - 00000000 ____D C:\Users\Fiete\AppData\Local\{92CEE15E-1D3F-44C8-8747-696A84F44974}
2013-10-21 20:24 - 2013-10-21 20:24 - 00000000 ____D C:\Users\Fiete\Documents\Nero
2013-10-19 21:01 - 2013-10-19 21:01 - 00000000 ____D C:\Users\Fiete\AppData\Local\{441CF273-D3F2-4224-8395-501463FFB2D9}
2013-10-18 23:10 - 2013-10-18 23:10 - 00000000 ____D C:\Users\Fiete\AppData\Local\{89ACA6CD-B3CE-4A5B-A0A2-C2DAB8282608}

==================== One Month Modified Files and Folders =======

2013-11-16 18:03 - 2013-11-16 18:03 - 00000000 ____D C:\_OTL
2013-11-16 06:21 - 2013-11-16 06:21 - 00000049 _____ C:\Users\Fiete\AppData\Roaming\.directory
2013-11-16 05:49 - 2013-11-16 05:49 - 00000000 _____ C:\Recovery.txt
2013-11-16 05:49 - 2010-12-11 21:15 - 00000000 __SHD C:\Recovery
2013-11-16 05:13 - 2013-11-16 03:50 - 00025632 _____ C:\Extras.Txt
2013-11-16 05:12 - 2013-11-16 03:50 - 00125638 _____ C:\OTL.Txt
2013-11-16 04:06 - 2013-11-16 04:06 - 00000000 ____D C:\_OTL1
2013-11-16 03:43 - 2010-12-11 21:16 - 00000000 ____D C:\users\Fiete
2013-11-15 23:52 - 2009-07-14 03:34 - 30932992 _____ C:\Windows\System32\config\system.bak
2013-11-15 23:40 - 2009-07-14 03:34 - 81002496 _____ C:\Windows\System32\config\software.bak
2013-11-15 23:39 - 2013-11-15 23:39 - 00000000 ____D C:\FRST
2013-11-15 23:39 - 2009-07-14 05:45 - 00377608 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-15 20:25 - 2013-11-15 20:25 - 00000051 _____ C:\.directory
2013-11-15 19:58 - 2011-10-20 20:33 - 00000000 ____D C:\ProgramData\tmp
2013-11-15 19:41 - 2013-11-15 19:41 - 00000050 _____ C:\Users\Fiete\AppData\Local\.directory
2013-11-14 20:09 - 2013-11-14 20:09 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-11-14 20:09 - 2013-09-26 22:57 - 00006104 _____ C:\Windows\setupact.log
2013-11-14 20:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-13 01:39 - 2010-09-07 08:01 - 01142879 _____ C:\Windows\WindowsUpdate.log
2013-11-13 01:10 - 2012-04-08 09:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-12 21:51 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 21:51 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 18:30 - 2010-09-07 17:52 - 00657666 _____ C:\Windows\System32\perfh007.dat
2013-11-12 18:30 - 2010-09-07 17:52 - 00131024 _____ C:\Windows\System32\perfc007.dat
2013-11-12 18:30 - 2009-07-14 06:13 - 01507104 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-11 10:23 - 2010-12-20 19:04 - 00000047 _____ C:\Windows\Ulead32.INI
2013-11-11 09:46 - 2013-11-11 09:46 - 103681534 _____ C:\Windows\SysWOW64\꒗掬Ḭ”
2013-11-09 21:04 - 2012-05-06 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-08 21:09 - 2013-11-08 21:09 - 00000000 ____D C:\Users\Fiete\AppData\Local\{12629308-C230-436E-B1AC-2ED7B83D2025}
2013-11-08 19:13 - 2013-02-07 00:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-04 21:15 - 2013-11-04 21:15 - 00000000 ____D C:\Users\Fiete\AppData\Local\{945B236A-598C-447D-BE18-E76B57135686}
2013-11-03 18:48 - 2011-05-07 17:34 - 00000000 ____D C:\Users\Fiete\Documents\Steuerfälle
2013-11-03 18:46 - 2011-02-05 11:47 - 00000000 ____D C:\Users\Fiete\AppData\Local\MediaMonkey
2013-11-03 18:45 - 2010-07-14 11:35 - 00000000 ____D C:\Program Files (x86)\NTI
2013-11-03 18:45 - 2010-07-14 11:34 - 00001024 ___RH C:\Users\Public\Documents\NTIMMV9Acer.dll
2013-11-03 18:45 - 2010-07-14 11:34 - 00001024 ___RH C:\ProgramData\Documents\NTIMMV9Acer.dll
2013-11-03 18:31 - 2013-10-27 21:50 - 00000000 ____D C:\Program Files (x86)\OnlineFotoservice
2013-11-02 22:28 - 2012-02-27 00:43 - 00000000 ____D C:\Users\Fiete\Documents\Ahnenblatt
2013-11-02 22:02 - 2012-02-27 00:43 - 00000000 ____D C:\Users\Fiete\AppData\Roaming\Ahnenblatt
2013-11-02 21:04 - 2013-11-02 21:04 - 00000000 ____D C:\Users\Fiete\AppData\Local\{2BBEB3B0-30C9-4503-AE4A-97C36428B0D6}
2013-11-01 21:33 - 2013-11-01 21:33 - 00000000 ____D C:\Users\Fiete\AppData\Local\{BE2E8CC1-F74A-4D09-BB9C-212AD942AF29}
2013-10-31 00:28 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-29 22:42 - 2011-11-01 20:35 - 00001134 _____ C:\Users\Public\Desktop\dm-Fotowelt.lnk
2013-10-29 22:42 - 2011-11-01 20:35 - 00001134 _____ C:\ProgramData\Desktop\dm-Fotowelt.lnk
2013-10-27 21:55 - 2011-10-20 20:23 - 00000000 ____D C:\Program Files (x86)\CEWE COLOR
2013-10-27 20:58 - 2013-10-27 20:57 - 00000000 ____D C:\Users\Fiete\AppData\Local\{2852E9FC-3C43-430C-8906-860A91EC74EB}
2013-10-24 21:54 - 2013-10-24 21:54 - 00000000 ____D C:\Users\Fiete\AppData\Local\{D3AE76BD-6339-4001-9AE3-4077E6337142}
2013-10-23 20:16 - 2013-10-23 20:16 - 00000000 ____D C:\Users\Fiete\AppData\Local\{E90F1997-0069-4B64-BF08-AF3C3B6EF5CB}
2013-10-23 20:05 - 2009-07-14 03:34 - 00000675 _____ C:\Windows\win.ini
2013-10-22 19:32 - 2013-10-22 19:32 - 00000000 ____D C:\Users\Fiete\AppData\Local\{92CEE15E-1D3F-44C8-8747-696A84F44974}
2013-10-21 20:24 - 2013-10-21 20:24 - 00000000 ____D C:\Users\Fiete\Documents\Nero
2013-10-19 21:01 - 2013-10-19 21:01 - 00000000 ____D C:\Users\Fiete\AppData\Local\{441CF273-D3F2-4224-8395-501463FFB2D9}
2013-10-18 23:10 - 2013-10-18 23:10 - 00000000 ____D C:\Users\Fiete\AppData\Local\{89ACA6CD-B3CE-4A5B-A0A2-C2DAB8282608}

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
path                    \bootmgr
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {8b6961fc-ba9e-11df-af15-803865a88766}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {8b6961fe-ba9e-11df-af15-803865a88766}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {8b6961fc-ba9e-11df-af15-803865a88766}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {8b6961fe-ba9e-11df-af15-803865a88766}
device                  ramdisk=[C:]\Recovery\8b6961fe-ba9e-11df-af15-803865a88766\Winre.wim,{8b6961ff-ba9e-11df-af15-803865a88766}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\8b6961fe-ba9e-11df-af15-803865a88766\Winre.wim,{8b6961ff-ba9e-11df-af15-803865a88766}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {8b6961fc-ba9e-11df-af15-803865a88766}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {8b6961ff-ba9e-11df-af15-803865a88766}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8b6961fe-ba9e-11df-af15-803865a88766\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3834.9 MB
Available physical RAM: 3240.2 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3235.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:28.14 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:2.36 GB) NTFS
Drive f: (GRMCHPXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
Drive g: (BSIX) (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: DE857073)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 961 MB) (Disk ID: 0023BC70)
Partition 1: (Active) - (Size=961 MB) - (Type=06)


LastRegBack: 2011-06-14 08:46

==================== End Of Log ============================
         
--- --- ---

Alt 17.11.2013, 18:13   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



So kommen wir nit weiter. Bis wohin genau bootet er? vor oder nach der useranmeldung? Was siehst Du dann? Mehrere benutzer angelegt?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.11.2013, 19:54   #9
glizi
 
Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



Er bootet bis zur Useranmeldung (vermute ich). Diese sehe ich jedoch nicht (siehe Bild).
User gibt es nur einen (plus Administrator).


Alt 18.11.2013, 10:17   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



Zitat:
User gibt es nur einen (plus Administrator).
also 2. Geht einer der abgesicherten Modi in einem der beiden User?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.11.2013, 18:03   #11
glizi
 
Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



Im abgesicherten Modus genau das gleiche.

Alt 19.11.2013, 10:43   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



Das is an der Stelle irgendwie doof. Win DVD zur Hand? Den bekommen wir ohne nicht mehr hin.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.11.2013, 12:25   #13
glizi
 
Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



Ja die habe ich.

Alt 19.11.2013, 14:40   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



Reinlegen, von der booten, Inplace Upgrade machen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.11.2013, 15:02   #15
glizi
 
Schwarzer Desktop / GVU-Trojaner - Standard

Schwarzer Desktop / GVU-Trojaner



Meinst du damit drüber installieren?

Antwort

Themen zu Schwarzer Desktop / GVU-Trojaner
antivir, association, avg, avira, bho, bootmgr, defender, desktop, error, excel, farbar recovery scan tool, flash player, format, ftp, google, hdaudio.sys, home, launch, logfile, mozilla, pmmupdate.exe, programm, realtek, registry, scan, schannel.dll, security, services.exe, starten, svchost.exe, system, usbvideo.sys, windows



Ähnliche Themen: Schwarzer Desktop / GVU-Trojaner


  1. Schwarzer Desktop / GVU-Trojaner
    Log-Analyse und Auswertung - 20.08.2013 (15)
  2. Schwarzer Desktop / GVU-Trojaner - explorer.exe gelöscht
    Log-Analyse und Auswertung - 02.08.2013 (12)
  3. schwarzer desktop und alle datein + programme verschwunden
    Log-Analyse und Auswertung - 07.10.2012 (26)
  4. Schwarzer Desktop - Backdoor.Agent.RCGen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (13)
  5. Smart HDD Virus, Schwarzer Desktop / Bitte um Hilfe bei der Entfernung
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (28)
  6. Schwarzer Desktop
    Log-Analyse und Auswertung - 20.03.2012 (1)
  7. Schwarzer Desktop, verschwundene Dateien & Programme
    Log-Analyse und Auswertung - 09.02.2012 (8)
  8. Schwarzer Desktop und benutzer daten nicht sichtbar
    Log-Analyse und Auswertung - 06.02.2012 (6)
  9. GEMA-Trojaner schwarzer Desktop OTLPE out of memory
    Plagegeister aller Art und deren Bekämpfung - 11.12.2011 (3)
  10. Schwarzer Desktop wegen Windows XP Repair
    Plagegeister aller Art und deren Bekämpfung - 25.07.2011 (1)
  11. TR/Fakealert.OV; Festplatte angeblich defekt; Schwarzer Desktop
    Log-Analyse und Auswertung - 01.07.2011 (16)
  12. Windows XP recovery, Festplatte defekt, schwarzer Desktop
    Plagegeister aller Art und deren Bekämpfung - 12.06.2011 (2)
  13. Schwarzer Bildschirm, Desktop nicht sichtbar
    Log-Analyse und Auswertung - 10.06.2011 (1)
  14. Nach Virenscann schwarzer Bildschirm (desktop.ini)
    Plagegeister aller Art und deren Bekämpfung - 05.06.2011 (11)
  15. TR/Kazy.mekml.1 (Windows System alert + schwarzer Desktop)
    Log-Analyse und Auswertung - 23.05.2011 (1)
  16. logfile - schwarzer desktop
    Log-Analyse und Auswertung - 26.12.2005 (16)
  17. Trojaner Schwarzer Desktop
    Log-Analyse und Auswertung - 23.07.2005 (0)

Zum Thema Schwarzer Desktop / GVU-Trojaner - Hallo, ich habe hier einen PC der Opfer des GVU-Trojaners geworden ist. Ich konnte den eigentlichen Trojaner mit Hilfe des Forums und der HirenBoot CD schon entfernen. Beim Starten des - Schwarzer Desktop / GVU-Trojaner...
Archiv
Du betrachtest: Schwarzer Desktop / GVU-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.