Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU-Trojaner bekämpfen (https://www.trojaner-board.de/136532-gvu-trojaner-bekaempfen.html)

guitarplayer 13.06.2013 13:59
GVU-Trojaner bekämpfen
 
Liebes TB-Team,
habe mir auch den GVU-Trojaner auf meinem Laptop [Habe ein Acer 5930G mit Windows Vista 32bit-System] eingefangen und nach dem starten wurde der Bildschirm gleich schwarz und ich konnte nichts mehr machen.
Da bin ich auf das gleiche Thema von einem anderen User mit den selben Symtomen gestoßen und habe darauf vorerst die gleichen Schritte eingeleitet, wie sie von euch beschrieben wurden. Nun bin ich kein computer-pro und komme nicht weiter...

( http://www.trojaner-board.de/134277-...ildschirm.html )

...bis zu dem Punkt das ich die OTLpe CD auf dem Laptop zum laufen bekommen habe und nun die OTL.txt und die Extras.txt datei erstellt habe.

Nun habe ich eine externe 2,5" festplatte angeschlossen und wollte die dateien darauf ziehen, aber im 'Computer' zeigt es mir keine ext. Geräte an! Habe auch schon einen anderen stick angeschlossen aber nirgends ist was zufinden. nur:

RAMDisk (B:)
Acer (C:)
DATA (D:)

ReatogoPE (X:)

Könnt ihr mir weiterhelfen, benötige meinen Laptop dringend!! Danke schonmal im vorraus.

mfg rico

cosinus 13.06.2013 14:06
:hallo:

Das ist leider ein bekannter Bug der PE-Umgebung, du musst die USB-Geräte erst anstecken, danach darfst du von der OTLPE-CD booten

guitarplayer 13.06.2013 14:10
ok, ich starte den laptop nochmal neu, mit angeschlossenem usb gerät..

jetzt habe ichs geschafft die otl.txt und die extras.txt auf meinem gesunden rechner zuziehen:
ich warte dann auf weitere instruktionen von euch :)

OTL:
Code:
OTL logfile created on: 6/13/2013 5:41:28 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.65 Gb Total Space | 25.91 Gb Free Space | 18.17% Space Free | Partition Type: NTFS
Drive D: | 465.70 Gb Total Space | 450.17 Gb Free Space | 96.66% Space Free | Partition Type: FAT32
Drive E: | 142.67 Gb Total Space | 110.04 Gb Free Space | 77.13% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (TuneUp.UtilitiesSvc)
SRV - [2013/06/11 16:52:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/18 07:24:05 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/27 06:35:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/27 06:34:41 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/21 05:49:24 | 000,247,608 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/04/13 16:33:45 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) [Auto] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2008/11/04 10:50:16 | 000,085,096 | ---- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/07/24 06:12:48 | 003,517,440 | ---- | M] () [Auto] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008/03/21 07:22:52 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 15:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/04 17:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/10 11:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007/12/06 10:15:28 | 000,110,592 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/12/19 13:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (TuneUpUtilitiesDrv)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2013/03/27 06:35:22 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/03/27 06:35:22 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/03/27 06:35:22 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/02/27 18:54:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/30 05:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/06/26 16:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/06/18 13:28:29 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/06/18 13:28:28 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/04/11 01:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008/09/07 17:08:18 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/24 06:12:44 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/05/30 17:44:42 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/04/28 10:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/04/11 21:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/04/03 16:56:00 | 007,444,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/29 19:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/08/16 22:00:00 | 000,355,840 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\alesis2u.sys -- (ALESIS_USB2)
DRV - [2007/08/16 22:00:00 | 000,032,256 | ---- | M] (Numark) [Kernel | On_Demand] -- C:\Windows\System32\drivers\alesis2a.sys -- (ALESIS_USB2_A)
DRV - [2007/07/17 11:40:20 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/07/17 11:40:14 | 000,034,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/26 02:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006/11/23 12:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2005/02/23 09:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.web.de/runonce
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
IE - HKU\Mcx1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=97fd7da1-bd65-4aba-acd2-691d10144f65&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://web.de/ [binary data]
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=97fd7da1-bd65-4aba-acd2-691d10144f65&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=97fd7da1-bd65-4aba-acd2-691d10144f65&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Rico_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Rico_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/05 16:47:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/18 07:24:00 | 000,000,000 | ---D | M]
 
[2013/05/18 07:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/18 07:24:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/05 16:46:37 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (WEB.DE Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\Rico_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Mcx1_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Rico_ON_C..\Run: [EPSON BX320FW Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Rico_ON_C..\Run: [EPSON Stylus Photo PX700W (Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Rico_ON_C..\Run: [EPSON41B354 (Epson Stylus Office BX320FW)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Rico_ON_C..\Run: [Spotify] C:\Users\Rico\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\Rico_ON_C..\Run: [Spotify Web Helper] C:\Users\Rico\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\Mcx1_ON_C..\RunOnce: [AcerScrSav] C:\Windows\ACER\run_NB.exe ()
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk =  File not found
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk =  File not found
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -  File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/13 15:26:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/13 06:07:42 | 000,000,000 | ---D | C] -- C:\Temp
[2013/05/18 07:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/15 21:14:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/15 21:02:16 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/05/15 21:02:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/15 21:02:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/15 21:02:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/15 21:02:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/15 21:02:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/05/15 21:02:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/15 21:02:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/15 21:02:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/15 05:35:16 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 05:35:12 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rico\AppData\Roaming\*.tmp files -> C:\Users\Rico\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/13 07:36:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/13 05:50:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/06/12 19:39:18 | 000,000,004 | ---- | M] () -- C:\Users\Rico\AppData\Roaming\skype.ini
[2013/06/12 19:33:04 | 000,245,436 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/06/12 19:33:04 | 000,245,436 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/12 18:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/12 18:51:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 18:51:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 15:15:32 | 000,002,513 | ---- | M] () -- C:\Users\Rico\Desktop\Excel 2003.lnk
[2013/06/12 10:41:47 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/06/12 10:41:47 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/12 10:41:47 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/06/12 10:41:47 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/11 20:57:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/11 16:52:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/11 16:52:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/11 09:49:16 | 000,002,481 | ---- | M] () -- C:\Users\Rico\Desktop\Word 2003.lnk
[2013/06/02 14:49:09 | 000,000,664 | ---- | M] () -- C:\Users\Rico\Desktop\FSCapture.lnk
[2013/05/26 15:06:44 | 000,172,544 | ---- | M] () -- C:\Users\Rico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/16 06:09:48 | 000,392,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rico\AppData\Roaming\*.tmp files -> C:\Users\Rico\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/12 19:37:22 | 000,000,004 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\skype.ini
[2013/06/02 14:49:31 | 000,000,664 | ---- | C] () -- C:\Users\Rico\Desktop\FSCapture.lnk
[2013/03/27 06:49:15 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/09/18 12:21:46 | 000,076,348 | ---- | C] () -- C:\ProgramData\vciwbphvqrcnodj
[2012/05/17 05:20:36 | 000,000,079 | ---- | C] () -- C:\Users\Rico\AppData\Local\CrystalDiskMark30.ini
[2012/03/08 17:02:02 | 000,060,928 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\skype.dat
[2012/01/01 09:55:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/01/01 09:55:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/05 16:46:23 | 000,000,013 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\urhtps.dat
[2010/09/26 07:06:18 | 000,000,996 | ---- | C] () -- C:\Windows\wiso.ini
[2009/11/20 17:16:33 | 000,004,096 | -H-- | C] () -- C:\Users\Rico\AppData\Local\keyfile3.drm
[2009/06/18 13:28:29 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/06/18 13:28:28 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/06/13 16:09:20 | 000,000,760 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\setup_ldm.iss
[2009/03/11 18:28:09 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2009/02/04 14:30:17 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT
[2009/02/04 13:11:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/02/04 13:11:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/02/04 13:11:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/02/04 13:11:22 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/02/04 13:11:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/02/04 13:11:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/02/04 13:11:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/02/04 13:11:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/02/04 13:11:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/02/04 13:11:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/02/04 13:11:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/02/04 13:11:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/02/04 13:11:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/02/04 13:11:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/02/04 13:11:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/02/04 13:11:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/02/04 13:11:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/02/04 13:11:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/02/04 13:11:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/01/16 13:39:45 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/12/15 13:12:29 | 000,000,995 | ---- | C] () -- C:\Windows\eReg.dat
[2008/12/08 09:36:21 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/12/08 09:36:21 | 000,022,328 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\PnkBstrK.sys
[2008/12/08 09:36:06 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008/12/08 09:36:04 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2008/12/08 09:36:04 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008/10/22 00:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/09/17 09:11:06 | 000,000,043 | ---- | C] () -- C:\Windows\festo.ini
[2008/09/07 16:37:07 | 000,012,583 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\UserTile.png
[2008/09/07 08:58:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/07 06:35:00 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/31 13:00:34 | 000,000,680 | ---- | C] () -- C:\Users\Rico\AppData\Local\d3d9caps.dat
[2008/08/31 07:03:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/29 18:00:21 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LAME_MP3.dll
[2008/08/29 15:32:42 | 000,065,024 | ---- | C] () -- C:\Windows\IFinst26.exe
[2008/08/28 15:51:26 | 000,172,544 | ---- | C] () -- C:\Users\Rico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/28 13:19:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/24 15:52:43 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2008/07/24 06:15:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/07/24 06:13:09 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008/07/24 06:11:28 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/07/24 06:11:28 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/07/24 06:11:28 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe
[2008/07/24 06:11:28 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/07/24 06:08:01 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/07/24 06:08:01 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/07/24 06:08:01 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/07/24 06:08:01 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/07/24 06:03:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/07/24 06:01:50 | 000,245,436 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/07/24 06:01:48 | 000,245,436 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/05/07 23:32:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/05/07 23:32:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/05/07 23:32:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/05/07 23:32:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/05/07 14:06:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/07 14:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/07 14:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/30 04:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/30 04:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/04/30 04:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/04/30 04:09:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/01/26 02:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,392,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/12/20 05:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/20 05:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2013/03/27 06:45:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Epson
[2008/08/28 11:39:15 | 000,000,000 | -HSD | M] -- C:\Users\Rico\AppData\Roaming\.#
[2011/03/05 09:13:07 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\5012
[2011/05/28 09:14:17 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\5015
[2009/03/11 18:36:21 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Ableton
[2008/08/28 15:32:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Acer
[2008/05/07 14:02:23 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Acer GameZone Console
[2013/01/25 11:26:32 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Amazon
[2008/11/06 12:53:41 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Autodesk
[2012/10/27 16:58:02 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\avidemux
[2010/09/26 07:06:22 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Buhl Data Service
[2011/01/30 07:35:28 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Cakewalk
[2012/05/07 10:32:54 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2008/12/24 16:47:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2009/01/07 10:45:41 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/05/09 10:38:30 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DataCast
[2012/09/10 15:04:28 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Dropbox
[2012/10/29 20:57:19 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DVDVideoSoft
[2012/01/01 09:16:38 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\elsterformular
[2009/02/07 12:26:51 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Epson
[2013/04/22 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\ICQ
[2008/09/21 16:18:26 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\InfraRecorder
[2011/03/05 09:12:56 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\kock
[2008/08/30 10:54:43 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Leadertech
[2012/05/17 05:15:42 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\OpenCandy
[2008/09/07 16:37:07 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\PeerNetworking
[2012/02/25 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Smart PDF Converter
[2009/01/04 16:38:33 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\SPORE
[2013/06/12 19:31:27 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Spotify
[2009/03/11 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Steinberg
[2012/04/15 08:37:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\TeamViewer
[2011/12/29 19:46:14 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\TuneUp Software
[2011/05/29 19:51:23 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\UAs
[2009/06/25 17:58:41 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Ubisoft
[2012/02/25 12:44:46 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\UDC Profiles
[2011/06/13 14:30:18 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\xmldm
[2008/09/08 11:09:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Age of Empires 3
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/11/06 12:53:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2011/10/02 21:49:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest
[2010/12/02 12:41:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest Bluetooth SDK
[2013/03/31 08:09:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2010/03/11 14:39:15 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2011/01/30 07:33:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Cakewalk
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/10/26 12:51:42 | 000,000,000 | ---D | M] -- C:\ProgramData\dvdfab
[2009/02/23 10:41:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2012/04/04 11:00:34 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2011/02/06 15:40:13 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2008/07/24 06:18:29 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/05/07 13:52:27 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames
[2011/05/19 08:50:19 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009/04/13 16:33:49 | 000,000,000 | ---D | M] -- C:\ProgramData\IEConfiguration1und1
[2008/11/19 06:33:30 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2012/10/27 21:28:18 | 000,000,000 | ---D | M] -- C:\ProgramData\NtiDvdCopy
[2008/08/28 11:37:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games
[2012/09/18 12:21:57 | 000,000,000 | ---D | M] -- C:\ProgramData\quqvouzquchmbyv
[2009/07/12 18:14:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Screentime
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/03/11 18:32:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Steinberg
[2009/03/11 18:28:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Syncrosoft
[2009/06/25 17:58:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2008/08/28 11:39:07 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/29 19:47:10 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2009/02/04 13:24:36 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/12/25 22:08:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Windows
[2012/02/22 16:08:03 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/05/07 13:51:35 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/12/29 19:42:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/06/11 20:57:50 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
< End of report >
EXTRAS:
Code:
OTL Extras logfile created on: 6/13/2013 5:41:28 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.65 Gb Total Space | 25.91 Gb Free Space | 18.17% Space Free | Partition Type: NTFS
Drive D: | 465.70 Gb Total Space | 450.17 Gb Free Space | 96.66% Space Free | Partition Type: FAT32
Drive E: | 142.67 Gb Total Space | 110.04 Gb Free Space | 77.13% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Anwendungen\Microsoft Office 2003\OFFICE11\msohtmed.exe" %1
htmlfile [print] -- "D:\Anwendungen\Microsoft Office 2003\OFFICE11\msohtmed.exe" /p %1
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- D:\Anwendungen\VLC-Player\vlc.exe --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- D:\Anwendungen\VLC-Player\vlc.exe --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = er100LT
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{481C4C27-7A05-47D8-BACB-A3FDD3162D1B}" = Acer Crystal Eye Webcam 3.0.3.1
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{5783F2D7-7001-0407-0002-0060B0CE6BBA}" = AutoCAD 2009 - Deutsch
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.3.1
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A9FC434F-9950-487C-82F1-E1515FA70DA4}" = ArcSoft ShowBiz DVD 2
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}" = FlatOut2
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Acer Acer Bio Protection 6.0.00.15" = Acer Bio Protection

AAA 6.0.00.15
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AutoCAD 2009 - Deutsch" = AutoCAD 2009 - Deutsch
"Avira AntiVir Desktop" = Avira Free Antivirus
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.6.2a
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"DVD Shrink_is1" = DVD Shrink 3.2
"ElsterFormular 11.5.1.4843" = ElsterFormular-Upgrade
"ElsterFormular 13.1.1.8531k" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"EPSON BX320FW Series" = EPSON BX320FW Series Printer Uninstall
"EPSON PX700W Series" = EPSON PX700W Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Benutzerhandbuch" = EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Handbuch
"Festo Fluidsim_is1" = Festo FluidSim 3.6
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Left 4 Dead_is1" = Left 4 Dead v1.0.0.5
"Live Lite Alesis Edition" = Live Lite Alesis Edition
"LManager" = Launch Manager
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFreeCodec" = MyFreeCodec
"NAVIGON Fresh" = NAVIGON Fresh 1.4.9
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SeriousSam2" = Serious Sam 2
"SONARLE_is1" = SONAR 6 LE
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"USB_AUDIO_DEusb-audio.deAlesis" = Alesis USB Audio driver
"VLC media player" = VLC media player 0.9.6
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.0.7.0
"XviD_is1" = XviD MPEG-4 Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Rico_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Spotify" = Spotify
 
< End of report >
ich hoffe ihr könnt mir bei meinem problem schnell weiterhelfen!

würde mich um rückantwort freuen ;)

cosinus 14.06.2013 14:09
Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk =  File not found
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk =  File not found
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
:Files
C:\Users\Rico\AppData\Roaming\skype.ini
C:\Users\Rico\AppData\Roaming\skype.dat
C:\ProgramData\vciwbphvqrcnodj
C:\Users\Rico\AppData\Roaming\.#
C:\Users\Rico\AppData\Roaming\5012
C:\Users\Rico\AppData\Roaming\5015
C:\Users\Rico\AppData\Roaming\kock
C:\Users\Rico\AppData\Roaming\UAs
C:\Users\Rico\AppData\Roaming\xmldm
C:\ProgramData\quqvouzquchmbyv
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

guitarplayer 14.06.2013 16:09
Habe den fix über OTLPE ausgeführt und die .log-datei bekommen (siehe unten).

Nun passierte aber nichts, kein neustart vom laptop!
Der Reatogo-XP desktop blieb und ich habe den laptop manuell heruntergefahren und startete somit ohne CD den Laptop neu um zu sehen ob ich wieder in mein altes Windows Vista wieder reinkomme.
Ergebnis war das ich die auswahl zwischen
-abgesicherten modus
-abgesicherten modus (mit eingabeauforderung)
-windows normal starten

Ich startete im 'normalen modus' und es kam kurze Zeit später ein weiteres Fenster mit

-mit starthilfe starten (empfohlen)
-windows normal starten

ich ging auf 'starthilfe starten' und es ging eine fenster auf mit 'Startup Repair' mit einem blauen ladebalken der immer wieder durchs bild läuft. Nun war es fertig und es hat angeboten nur das problem zusenden oder nicht.. und danach ging der laptop wieder aus (fuhr komplett runter).

wie kann ich den laptop richtig neu starten, sodass ich wieder ins windows komme?

logfile:
Code:
========== OTL ==========
C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk moved successfully.
C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
========== FILES ==========
C:\Users\Rico\AppData\Roaming\skype.ini moved successfully.
C:\Users\Rico\AppData\Roaming\skype.dat moved successfully.
C:\ProgramData\vciwbphvqrcnodj moved successfully.
C:\Users\Rico\AppData\Roaming\.# folder moved successfully.
C:\Users\Rico\AppData\Roaming\5012\components folder moved successfully.
C:\Users\Rico\AppData\Roaming\5012 folder moved successfully.
C:\Users\Rico\AppData\Roaming\5015\components folder moved successfully.
C:\Users\Rico\AppData\Roaming\5015 folder moved successfully.
C:\Users\Rico\AppData\Roaming\kock folder moved successfully.
C:\Users\Rico\AppData\Roaming\UAs folder moved successfully.
C:\Users\Rico\AppData\Roaming\xmldm folder moved successfully.
C:\ProgramData\quqvouzquchmbyv folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06142013_194603

cosinus 14.06.2013 18:09
Nach dem Fix unter OTLPE muss man den Rechner manuell neu starten
Startet dein installiertes Windows nun wieder oder nicht? Wenn nicht, dann in einem der abgesicherten Modi?

guitarplayer 14.06.2013 19:31
Leider startet mein installiertes windows nicht.
es bietet mir beim starten jetzt immer nur noch die 2 möglichkeiten an:
-mit starthilfe starten
-normal starten

und mit beiden varianten funktioniert es nicht.

cosinus 14.06.2013 20:27
Dann mach bitte ein neues Log mit OTLPE

guitarplayer 14.06.2013 20:54
nach erneutem fix mit dem code kommt anschließend die nachricht:

The system requires a reboot to finish removing files.
Do you want to reboot now?
Yes / No

Habe auf 'Yes' geklickt und danach passierte nichts. Habe daraufhin den rechner neu gestartet.
Jetzt bekam ich mal wieder die Auswahlmöglichkeiten:
-abgesicherter modus
-abgesicherter modus (mit netzwerktreibern)
-abgesicherter modus (mit eingabeaufforderung)
- windows normal starten

ich startete den abgesicherten modus (mit eingabeaufforderung) und wieder nur ein schwarzer screen mit weißem mauszeiger... :(

Kann es sein das ich vielleicht noch irgendwelche einstellungen im bios treffen muss?
Wenn ich die OTLPE-CD starte musste ich ja auch vorerst ins bios (-mehrmals F2 drücken) um dann
bei dem Punkt 'Boot' die priority order festlegen. Diese schaut momentan so aus:

1: CD/DVD: Slimtype DVD A DS8A2S-(PS
2: IDEO: WDC WD3200BEVT-22ZCT0-(PM)
3: USB HDD: Toshiba External USB HDD
4: USB FDD
5: USB KEY:
6: USB CD/DVD ROM:
7: Network Boot: B02 D00 Yukon PXE

Bei dem Punkt 'Main' sieht es momentan so aus:

Quiet Boot: [Enable]
Network Boot: [Enable]
F12 Boot Menu: [Enable]
D2D Recovery: [Enable]
SATA Mode: [AHCI]

Zitat:
Zitat von guitarplayer (Beitrag 1086268)
nach erneutem fix mit dem code kommt anschließend die nachricht:

The system requires a reboot to finish removing files.
Do you want to reboot now?
Yes / No

Habe auf 'Yes' geklickt und danach passierte nichts. Habe daraufhin den rechner neu gestartet.
Jetzt bekam ich mal wieder die Auswahlmöglichkeiten:
-abgesicherter modus
-abgesicherter modus (mit netzwerktreibern)
-abgesicherter modus (mit eingabeaufforderung)
- windows normal starten

ich startete den abgesicherten modus (mit eingabeaufforderung) und wieder nur ein schwarzer screen mit weißem mauszeiger... :(

Kann es sein das ich vielleicht noch irgendwelche einstellungen im bios treffen muss?
Wenn ich die OTLPE-CD starte musste ich ja auch vorerst ins bios (-mehrmals F2 drücken) um dann
bei dem Punkt 'Boot' die priority order festlegen. Diese schaut momentan so aus:

1: CD/DVD: Slimtype DVD A DS8A2S-(PS
2: IDEO: WDC WD3200BEVT-22ZCT0-(PM)
3: USB HDD: Toshiba External USB HDD
4: USB FDD
5: USB KEY:
6: USB CD/DVD ROM:
7: Network Boot: B02 D00 Yukon PXE

Bei dem Punkt 'Main' sieht es momentan so aus:

Quiet Boot: [Enable]
Network Boot: [Enable]
F12 Boot Menu: [Enable]
D2D Recovery: [Enable]
SATA Mode: [AHCI]
---

hier die Variante auf die Frage nach dem Fix:

The system requires a reboot to finish removing files.
Do you want to reboot now?
Yes / No

Wenn ich auf 'No' klicke, erscheint dieser Log hier:
Code:
========== OTL ==========
File move failed. C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk scheduled to be moved on reboot.
File move failed. C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk scheduled to be moved on reboot.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Unable to delete ADS C:\ProgramData\TEMP:4F636E25 .
========== FILES ==========
File\Folder C:\Users\Rico\AppData\Roaming\skype.ini not found.
File\Folder C:\Users\Rico\AppData\Roaming\skype.dat not found.
File\Folder C:\ProgramData\vciwbphvqrcnodj not found.
File\Folder C:\Users\Rico\AppData\Roaming\.# not found.
File\Folder C:\Users\Rico\AppData\Roaming\5012 not found.
File\Folder C:\Users\Rico\AppData\Roaming\5015 not found.
File\Folder C:\Users\Rico\AppData\Roaming\kock not found.
File\Folder C:\Users\Rico\AppData\Roaming\UAs not found.
File\Folder C:\Users\Rico\AppData\Roaming\xmldm not found.
File\Folder C:\ProgramData\quqvouzquchmbyv not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06152013_201829
[QUOTE=guitarplayer;1086268]nach erneutem fix mit dem code kommt anschließend die nachricht:

The system requires a reboot to finish removing files.
Do you want to reboot now?
Yes / No

Habe auf 'Yes' geklickt und danach passierte nichts. Habe daraufhin den rechner neu gestartet.
Jetzt bekam ich mal wieder die Auswahlmöglichkeiten:
-abgesicherter modus
-abgesicherter modus (mit netzwerktreibern)
-abgesicherter modus (mit eingabeaufforderung)
- windows normal starten

ich startete den abgesicherten modus (mit eingabeaufforderung) und wieder nur ein schwarzer screen mit weißem mauszeiger... :(

Kann es sein das ich vielleicht noch irgendwelche einstellungen im bios treffen muss?
Wenn ich die OTLPE-CD starte musste ich ja auch vorerst ins bios (-mehrmals F2 drücken) um dann
bei dem Punkt 'Boot' die priority order festlegen. Diese schaut momentan so aus:

1: CD/DVD: Slimtype DVD A DS8A2S-(PS
2: IDEO: WDC WD3200BEVT-22ZCT0-(PM)
3: USB HDD: Toshiba External USB HDD
4: USB FDD
5: USB KEY:
6: USB CD/DVD ROM:
7: Network Boot: B02 D00 Yukon PXE

Bei dem Punkt 'Main' sieht es momentan so aus:

Quiet Boot: [Enable]
Network Boot: [Enable]
F12 Boot Menu: [Enable]
D2D Recovery: [Enable]
SATA Mode: [AHCI]

srry, wollte eigentlich nur den text bearbeiten, dabei hat es nur zitate erstellt -.-
-aber alle optionen die ich bis jetzt habe, habe ich nun dargestellt.

cosinus 17.06.2013 11:38
Das Fixlog hast du schon gepostet. Ich wollte ein neues Log von OTLPE sehen

guitarplayer 17.06.2013 12:13
OTL2:
Code:
OTL logfile created on: 6/17/2013 9:01:09 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.65 Gb Total Space | 22.83 Gb Free Space | 16.01% Space Free | Partition Type: NTFS
Drive D: | 465.70 Gb Total Space | 465.70 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive E: | 142.67 Gb Total Space | 110.04 Gb Free Space | 77.13% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (TuneUp.UtilitiesSvc)
SRV - [2013/06/11 16:52:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/18 07:24:05 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/27 06:35:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/27 06:34:41 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/21 05:49:24 | 000,247,608 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/04/13 16:33:45 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) [Auto] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2008/11/04 10:50:16 | 000,085,096 | ---- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/07/24 06:12:48 | 003,517,440 | ---- | M] () [Auto] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008/03/21 07:22:52 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 15:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/04 17:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/10 11:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007/12/06 10:15:28 | 000,110,592 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/12/19 13:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (TuneUpUtilitiesDrv)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2013/03/27 06:35:22 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/03/27 06:35:22 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/03/27 06:35:22 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/02/27 18:54:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/30 05:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/06/26 16:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/06/18 13:28:29 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/06/18 13:28:28 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/04/11 01:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008/09/07 17:08:18 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/24 06:12:44 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/05/30 17:44:42 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/04/28 10:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/04/11 21:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/04/03 16:56:00 | 007,444,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/29 19:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/08/16 22:00:00 | 000,355,840 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\alesis2u.sys -- (ALESIS_USB2)
DRV - [2007/08/16 22:00:00 | 000,032,256 | ---- | M] (Numark) [Kernel | On_Demand] -- C:\Windows\System32\drivers\alesis2a.sys -- (ALESIS_USB2_A)
DRV - [2007/07/17 11:40:20 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/07/17 11:40:14 | 000,034,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/26 02:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006/11/23 12:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2005/02/23 09:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.web.de/runonce
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\Mcx1_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Mcx1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=97fd7da1-bd65-4aba-acd2-691d10144f65&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://web.de/ [binary data]
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=97fd7da1-bd65-4aba-acd2-691d10144f65&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Rico_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=97fd7da1-bd65-4aba-acd2-691d10144f65&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Rico_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Rico_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Rico_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 04:40:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/05 16:47:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/18 07:24:00 | 000,000,000 | ---D | M]
 
[2013/05/18 07:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/18 07:24:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/05 16:46:59 | 000,150,736 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2012/10/05 16:47:31 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2012/10/05 16:46:37 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
O1 HOSTS File: ([2013/06/15 20:18:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (WEB.DE Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\Rico_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\Rico_ON_C\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\Administrator_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Mcx1_ON_C..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\Mcx1_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Mcx1_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Rico_ON_C..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\Rico_ON_C..\Run: [EPSON BX320FW Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Rico_ON_C..\Run: [EPSON Stylus Photo PX700W (Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Rico_ON_C..\Run: [EPSON41B354 (Epson Stylus Office BX320FW)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Rico_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\Rico_ON_C..\Run: [Spotify] C:\Users\Rico\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\Rico_ON_C..\Run: [Spotify Web Helper] C:\Users\Rico\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\Mcx1_ON_C..\RunOnce: [AcerScrSav] C:\Windows\ACER\run_NB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -  File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/15 02:50:39 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013/06/14 19:46:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/13 15:26:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/13 06:07:42 | 000,000,000 | ---D | C] -- C:\Temp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rico\AppData\Roaming\*.tmp files -> C:\Users\Rico\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/15 20:18:30 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/06/15 14:33:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/06/15 14:33:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/15 14:33:29 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/12 19:33:04 | 000,245,436 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/06/12 19:33:04 | 000,245,436 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/12 18:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/12 18:51:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 18:51:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 15:15:32 | 000,002,513 | ---- | M] () -- C:\Users\Rico\Desktop\Excel 2003.lnk
[2013/06/12 10:41:47 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/06/12 10:41:47 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/12 10:41:47 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/06/12 10:41:47 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/11 20:57:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/11 16:52:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/11 16:52:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/11 09:49:16 | 000,002,481 | ---- | M] () -- C:\Users\Rico\Desktop\Word 2003.lnk
[2013/06/02 14:49:09 | 000,000,664 | ---- | M] () -- C:\Users\Rico\Desktop\FSCapture.lnk
[2013/05/26 15:06:44 | 000,172,544 | ---- | M] () -- C:\Users\Rico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rico\AppData\Roaming\*.tmp files -> C:\Users\Rico\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/15 14:33:29 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/02 14:49:31 | 000,000,664 | ---- | C] () -- C:\Users\Rico\Desktop\FSCapture.lnk
[2013/03/27 06:49:15 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/05/17 05:20:36 | 000,000,079 | ---- | C] () -- C:\Users\Rico\AppData\Local\CrystalDiskMark30.ini
[2012/01/01 09:55:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/01/01 09:55:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/05 16:46:23 | 000,000,013 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\urhtps.dat
[2010/09/26 07:06:18 | 000,000,996 | ---- | C] () -- C:\Windows\wiso.ini
[2009/11/20 17:16:33 | 000,004,096 | -H-- | C] () -- C:\Users\Rico\AppData\Local\keyfile3.drm
[2009/06/18 13:28:29 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/06/18 13:28:28 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/06/13 16:09:20 | 000,000,760 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\setup_ldm.iss
[2009/03/11 18:28:09 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2009/02/04 14:30:17 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT
[2009/02/04 13:11:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/02/04 13:11:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/02/04 13:11:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/02/04 13:11:22 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/02/04 13:11:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/02/04 13:11:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/02/04 13:11:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/02/04 13:11:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/02/04 13:11:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/02/04 13:11:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/02/04 13:11:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/02/04 13:11:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/02/04 13:11:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/02/04 13:11:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/02/04 13:11:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/02/04 13:11:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/02/04 13:11:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/02/04 13:11:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/02/04 13:11:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/01/16 13:39:45 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/12/15 13:12:29 | 000,000,995 | ---- | C] () -- C:\Windows\eReg.dat
[2008/12/08 09:36:21 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/12/08 09:36:21 | 000,022,328 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\PnkBstrK.sys
[2008/12/08 09:36:06 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008/12/08 09:36:04 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2008/12/08 09:36:04 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008/10/22 00:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/09/17 09:11:06 | 000,000,043 | ---- | C] () -- C:\Windows\festo.ini
[2008/09/07 16:37:07 | 000,012,583 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\UserTile.png
[2008/09/07 08:58:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/07 06:35:00 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/31 13:00:34 | 000,000,680 | ---- | C] () -- C:\Users\Rico\AppData\Local\d3d9caps.dat
[2008/08/31 07:03:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/29 18:00:21 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LAME_MP3.dll
[2008/08/29 15:32:42 | 000,065,024 | ---- | C] () -- C:\Windows\IFinst26.exe
[2008/08/28 15:51:26 | 000,172,544 | ---- | C] () -- C:\Users\Rico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/28 13:19:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/24 15:52:43 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2008/07/24 06:15:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/07/24 06:13:09 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008/07/24 06:11:28 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/07/24 06:11:28 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/07/24 06:11:28 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe
[2008/07/24 06:11:28 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/07/24 06:08:01 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/07/24 06:08:01 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/07/24 06:08:01 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/07/24 06:08:01 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/07/24 06:03:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/07/24 06:01:50 | 000,245,436 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/07/24 06:01:48 | 000,245,436 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/05/07 23:32:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/05/07 23:32:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/05/07 23:32:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/05/07 23:32:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/05/07 14:06:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/07 14:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/07 14:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/30 04:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/30 04:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/04/30 04:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/04/30 04:09:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/01/26 02:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,392,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/12/20 05:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/20 05:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2013/03/27 06:45:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Epson
[2009/03/11 18:36:21 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Ableton
[2008/08/28 15:32:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Acer
[2008/05/07 14:02:23 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Acer GameZone Console
[2013/01/25 11:26:32 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Amazon
[2008/11/06 12:53:41 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Autodesk
[2012/10/27 16:58:02 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\avidemux
[2010/09/26 07:06:22 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Buhl Data Service
[2011/01/30 07:35:28 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Cakewalk
[2012/05/07 10:32:54 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2008/12/24 16:47:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2009/01/07 10:45:41 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/05/09 10:38:30 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DataCast
[2012/09/10 15:04:28 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Dropbox
[2012/10/29 20:57:19 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DVDVideoSoft
[2012/01/01 09:16:38 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\elsterformular
[2009/02/07 12:26:51 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Epson
[2013/04/22 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\ICQ
[2008/09/21 16:18:26 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\InfraRecorder
[2008/08/30 10:54:43 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Leadertech
[2012/05/17 05:15:42 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\OpenCandy
[2008/09/07 16:37:07 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\PeerNetworking
[2012/02/25 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Smart PDF Converter
[2009/01/04 16:38:33 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\SPORE
[2013/06/12 19:31:27 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Spotify
[2009/03/11 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Steinberg
[2012/04/15 08:37:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\TeamViewer
[2011/12/29 19:46:14 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\TuneUp Software
[2009/06/25 17:58:41 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Ubisoft
[2012/02/25 12:44:46 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\UDC Profiles
[2008/09/08 11:09:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Age of Empires 3
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/11/06 12:53:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2011/10/02 21:49:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest
[2010/12/02 12:41:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest Bluetooth SDK
[2013/03/31 08:09:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2010/03/11 14:39:15 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2011/01/30 07:33:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Cakewalk
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/10/26 12:51:42 | 000,000,000 | ---D | M] -- C:\ProgramData\dvdfab
[2009/02/23 10:41:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2012/04/04 11:00:34 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2011/02/06 15:40:13 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2008/07/24 06:18:29 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/05/07 13:52:27 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames
[2011/05/19 08:50:19 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009/04/13 16:33:49 | 000,000,000 | ---D | M] -- C:\ProgramData\IEConfiguration1und1
[2008/11/19 06:33:30 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2012/10/27 21:28:18 | 000,000,000 | ---D | M] -- C:\ProgramData\NtiDvdCopy
[2008/08/28 11:37:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games
[2009/07/12 18:14:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Screentime
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/03/11 18:32:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Steinberg
[2009/03/11 18:28:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Syncrosoft
[2009/06/25 17:58:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2008/08/28 11:39:07 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/29 19:47:10 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2009/02/04 13:24:36 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2008/08/28 10:33:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/12/25 22:08:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Windows
[2012/02/22 16:08:03 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/05/07 13:51:35 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/12/29 19:42:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/06/11 20:57:50 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Extras2:
Code:
OTL Extras logfile created on: 6/17/2013 9:01:09 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.65 Gb Total Space | 22.83 Gb Free Space | 16.01% Space Free | Partition Type: NTFS
Drive D: | 465.70 Gb Total Space | 465.70 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive E: | 142.67 Gb Total Space | 110.04 Gb Free Space | 77.13% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Anwendungen\Microsoft Office 2003\OFFICE11\msohtmed.exe" %1
htmlfile [print] -- "D:\Anwendungen\Microsoft Office 2003\OFFICE11\msohtmed.exe" /p %1
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- D:\Anwendungen\VLC-Player\vlc.exe --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- D:\Anwendungen\VLC-Player\vlc.exe --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = er100LT
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{481C4C27-7A05-47D8-BACB-A3FDD3162D1B}" = Acer Crystal Eye Webcam 3.0.3.1
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{5783F2D7-7001-0407-0002-0060B0CE6BBA}" = AutoCAD 2009 - Deutsch
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.3.1
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A9FC434F-9950-487C-82F1-E1515FA70DA4}" = ArcSoft ShowBiz DVD 2
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}" = FlatOut2
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Acer Acer Bio Protection 6.0.00.15" = Acer Bio Protection

AAA 6.0.00.15
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AutoCAD 2009 - Deutsch" = AutoCAD 2009 - Deutsch
"Avira AntiVir Desktop" = Avira Free Antivirus
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.6.2a
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"DVD Shrink_is1" = DVD Shrink 3.2
"ElsterFormular 11.5.1.4843" = ElsterFormular-Upgrade
"ElsterFormular 13.1.1.8531k" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"EPSON BX320FW Series" = EPSON BX320FW Series Printer Uninstall
"EPSON PX700W Series" = EPSON PX700W Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Benutzerhandbuch" = EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Handbuch
"Festo Fluidsim_is1" = Festo FluidSim 3.6
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Left 4 Dead_is1" = Left 4 Dead v1.0.0.5
"Live Lite Alesis Edition" = Live Lite Alesis Edition
"LManager" = Launch Manager
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFreeCodec" = MyFreeCodec
"NAVIGON Fresh" = NAVIGON Fresh 1.4.9
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SeriousSam2" = Serious Sam 2
"SONARLE_is1" = SONAR 6 LE
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"USB_AUDIO_DEusb-audio.deAlesis" = Alesis USB Audio driver
"VLC media player" = VLC media player 0.9.6
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.0.7.0
"XviD_is1" = XviD MPEG-4 Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Rico_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Spotify" = Spotify
 
< End of report >

cosinus 17.06.2013 13:05
Funktioniert der abgesicherte Modus?

guitarplayer 17.06.2013 13:28
nein.
(es werden lediglich die Dateien geladen und dann bekomme ich einen schwarzen screen mit weißem mauszeiger).

cosinus 17.06.2013 13:34
Das gleiche im normalen Modus?
Wenn ja, versuch da mal über STRG+ALT+ENTF den Taskmanager zu öffnen. Wenn er offen ist, bitte über Datei => neuer Task => explorer.exe => ok den Explorer starten, der ist dafür zuständig, dass dein Desktop wie gewohnt angezeigt wird. Funktioniert das?

guitarplayer 17.06.2013 13:39
auch im normalen modus bekomme ich den schw. screen mit der maus und nach drücken der tastenkombi STRG+ALT+ENTF passiert nichts. kein taskmanager. alles weiterhin schwarz...

cosinus 17.06.2013 13:56
Mach nochmal bitte einen Fix über OTLPE:

Code:
:OTL
O31 - SafeBoot: AlternateShell - cmd.exe
:Files
C:\Users\Rico\AppData\Roaming\skype.ini
C:\Users\Rico\AppData\Roaming\skype.dat
C:\ProgramData\vciwbphvqrcnodj
C:\Users\Rico\AppData\Roaming\.#
C:\Users\Rico\AppData\Roaming\5012
C:\Users\Rico\AppData\Roaming\5015
C:\Users\Rico\AppData\Roaming\kock
C:\Users\Rico\AppData\Roaming\UAs
C:\Users\Rico\AppData\Roaming\xmldm
C:\ProgramData\quqvouzquchmbyv

guitarplayer 17.06.2013 14:17
das hier hat mir der fix ausgegeben:

Code:
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\\AlternateShell deleted successfully.
========== FILES ==========
File\Folder C:\Users\Rico\AppData\Roaming\skype.ini not found.
File\Folder C:\Users\Rico\AppData\Roaming\skype.dat not found.
File\Folder C:\ProgramData\vciwbphvqrcnodj not found.
File\Folder C:\Users\Rico\AppData\Roaming\.# not found.
File\Folder C:\Users\Rico\AppData\Roaming\5012 not found.
File\Folder C:\Users\Rico\AppData\Roaming\5015 not found.
File\Folder C:\Users\Rico\AppData\Roaming\kock not found.
File\Folder C:\Users\Rico\AppData\Roaming\UAs not found.
File\Folder C:\Users\Rico\AppData\Roaming\xmldm not found.
File\Folder C:\ProgramData\quqvouzquchmbyv not found.
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06182013_001020
nach versuchtem neustart im abgesicherten modus, bekomme ich wieder nur den schwarzen screen und Strg+Alt+Entf funktioniert auch nicht.

cosinus 17.06.2013 14:33
Vllt sehen wir was mit einem anderen Tool:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

guitarplayer 17.06.2013 14:59

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-06-2013 01
Ran by SYSTEM on 18-06-2013 00:56:04
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-02-22] (Synaptics, Inc.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13535776 2008-04-03] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-04-03] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show [3667968 2008-07-24] (Arachnoid Biometrics Identification Group Corp.)
HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe [793096 2008-03-31] (Dritek System Inc.)
HKLM\...\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [544768 2008-03-06] (Acer Incorporated)
HKLM\...\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)
HKLM\...\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-30] (Acer Inc.)
HKLM\...\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-28] (Acer Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [591696 2008-05-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [413696 2008-09-06] (Apple Inc.)
HKLM\...\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [34040 2008-04-06] ()
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot [296096 2012-10-05] (RealNetworks, Inc.)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f\n. ATTENTION! ====> ZeroAccess
HKU\Default\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Mcx1\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Rico\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Rico\...\Run: [EPSON Stylus Photo PX700W (Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE /FU "C:\Windows\TEMP\E_S9A46.tmp" /EF "HKCU" [x]
HKU\Rico\...\Run: [EPSON BX320FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGIE.EXE /FU "C:\Windows\TEMP\E_SB9FB.tmp" /EF "HKCU" [x]
HKU\Rico\...\Run: [Spotify Web Helper] "C:\Users\Rico\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [x]
HKU\Rico\...\Run: [EPSON41B354 (Epson Stylus Office BX320FW)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGIE.EXE /FU "C:\Windows\TEMP\E_SBD68.tmp" /EF "HKCU" [ 2012-12-25] ()
HKU\Rico\...\Run: [Spotify] "C:\Users\Rico\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [ 2013-05-13] (Spotify Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
ShortcutTarget: Logitech Desktop Messenger.lnk -> C:\Program Files\Logitech Setpoint 5.0\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (No File)
Startup: C:\ProgramData\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech Setpoint 5.0\SetPoint II\SetpointII.exe (Logitech Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe ()

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-03-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-27] (Avira Operations GmbH & Co. KG)
S2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.)
S2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [247608 2010-11-21] ()
S2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3517440 2008-07-24] ()
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-03] ()
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-12-08] ()
S2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2008-12-08] ()
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)
S2 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [662416 2009-04-13] (mquadr.at softwareengineering und consulting gmbh)
S3 msiserver; %systemroot%\system32\msiexec /V [x]
S2 TuneUp.UtilitiesSvc; "C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
S3 ALESIS_USB2; C:\Windows\System32\Drivers\alesis2u.sys [355840 2007-08-16] (Ploytec GmbH)
S3 ALESIS_USB2_A; C:\Windows\System32\drivers\alesis2a.sys [32256 2007-08-16] (Numark)
S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-07-24] (Alfa Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-18] ()
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2008-05-30] (AuthenTec, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-27] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-27] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-27] (Avira Operations GmbH & Co. KG)
S2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-25] ()
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-18] ()
S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [36240 2007-07-17] (Logitech, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [685816 2008-09-07] (Duplex Secure Ltd.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-27] (Avira GmbH)
S3 SynasUSB; C:\Windows\System32\drivers\SynasUSB.sys [18432 2006-11-23] (SIA Syncrosoft)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S4 Mstnkf32; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-18 00:56 - 2013-06-18 00:56 - 00000000 ____D C:\FRST
2013-06-14 22:50 - 2011-07-12 18:55 - 02237440 ___RA (OldTimer Tools) C:\OTLPE.exe
2013-06-14 15:46 - 2013-06-14 15:46 - 00000000 ____D C:\_OTL
2013-06-13 13:44 - 2013-06-17 17:04 - 00033760 ____A C:\Extras.Txt
2013-06-13 11:08 - 2013-06-17 17:05 - 00110076 ____A C:\OTL.Txt
2013-06-02 10:49 - 2013-06-02 10:49 - 00000664 ____A C:\Users\Rico\Desktop\FSCapture.lnk

==================== One Month Modified Files and Folders ========

2013-06-18 00:56 - 2013-06-18 00:56 - 00000000 ____D C:\FRST
2013-06-17 17:05 - 2013-06-13 11:08 - 00110076 ____A C:\OTL.Txt
2013-06-17 17:04 - 2013-06-13 13:44 - 00033760 ____A C:\Extras.Txt
2013-06-17 12:36 - 2008-07-24 02:16 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2013-06-17 12:36 - 2008-05-07 10:04 - 00000147 ____A C:\Windows\System32\agent.log
2013-06-14 15:46 - 2013-06-14 15:46 - 00000000 ____D C:\_OTL
2013-06-13 11:03 - 2013-03-27 02:43 - 00000000 ____D C:\users\Administrator
2013-06-13 11:03 - 2012-01-01 08:40 - 00000000 ____D C:\users\Mcx1
2013-06-13 11:03 - 2008-08-28 06:37 - 00000000 ____D C:\users\Rico
2013-06-13 02:00 - 2008-01-20 18:47 - 06773340 ____A C:\Windows\PFRO.log
2013-06-12 15:40 - 2008-07-24 01:56 - 01361581 ____A C:\Windows\WindowsUpdate.log
2013-06-12 15:33 - 2008-07-24 02:01 - 00245436 ____A C:\ProgramData\nvModes.dat
2013-06-12 15:33 - 2008-07-24 02:01 - 00245436 ____A C:\ProgramData\nvModes.001
2013-06-12 15:33 - 2008-07-24 02:01 - 00245436 ____A C:\ProgramData\Application Data\nvModes.dat
2013-06-12 15:33 - 2008-07-24 02:01 - 00245436 ____A C:\ProgramData\Application Data\nvModes.001
2013-06-12 15:31 - 2012-10-07 04:42 - 00000000 ____D C:\Users\Rico\AppData\Local\Spotify
2013-06-12 15:31 - 2012-10-07 04:40 - 00000000 ____D C:\Users\Rico\AppData\Roaming\Spotify
2013-06-12 14:52 - 2012-04-10 05:58 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-12 14:51 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-12 14:51 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-12 11:15 - 2008-09-07 05:00 - 00002513 ____A C:\Users\Rico\Desktop\Excel 2003.lnk
2013-06-12 06:41 - 2006-11-02 02:33 - 01445310 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 01:36 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-11 16:57 - 2008-07-24 02:03 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-06-11 16:57 - 2006-11-02 05:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-11 12:52 - 2012-04-10 05:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 12:52 - 2011-06-21 01:54 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 05:49 - 2008-09-07 05:01 - 00002481 ____A C:\Users\Rico\Desktop\Word 2003.lnk
2013-06-10 13:27 - 2008-08-28 08:15 - 00000000 ____D C:\Users\Rico\Documents\Bluetooth-Exchange-Ordner
2013-06-02 10:49 - 2013-06-02 10:49 - 00000664 ____A C:\Users\Rico\Desktop\FSCapture.lnk
2013-05-30 09:57 - 2006-11-02 04:52 - 00176429 ____A C:\Windows\setupact.log
2013-05-28 11:20 - 2010-10-18 04:13 - 00000000 ____D C:\Program Files\ElsterFormular
2013-05-26 11:06 - 2008-08-28 11:51 - 00172544 ____A C:\Users\Rico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f\@
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f\L
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f\@
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f\L
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3820418087-2374231721-3807486426-1000\$cced714b348e29baf6a11cacf2a4ea0f
C:\$Recycle.Bin\S-1-5-21-3820418087-2374231721-3807486426-1000\$cced714b348e29baf6a11cacf2a4ea0f\@
C:\$Recycle.Bin\S-1-5-21-3820418087-2374231721-3807486426-1000\$cced714b348e29baf6a11cacf2a4ea0f\L
C:\$Recycle.Bin\S-1-5-21-3820418087-2374231721-3807486426-1000\$cced714b348e29baf6a11cacf2a4ea0f\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f\@
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f\L
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f\U

Files to move or delete:
====================
C:\ProgramData\nvModes.dat

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-26 06:59:28
Restore point made on: 2013-05-27 06:39:42
Restore point made on: 2013-05-31 06:33:39
Restore point made on: 2013-06-01 16:52:48
Restore point made on: 2013-06-02 07:49:39
Restore point made on: 2013-06-03 05:03:13
Restore point made on: 2013-06-05 07:40:10
Restore point made on: 2013-06-06 04:09:26
Restore point made on: 2013-06-10 07:14:11
Restore point made on: 2013-06-10 08:01:51
Restore point made on: 2013-06-12 09:54:22
Restore point made on: 2013-06-12 15:33:00
Restore point made on: 2013-06-12 15:40:21

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4089.95 MB
Available physical RAM: 3560.52 MB
Total Pagefile: 3777.97 MB
Available Pagefile: 3623.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.02 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:142.65 GB) (Free:25.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:142.67 GB) (Free:110.03 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:0.71 GB) FAT32
Drive g: () (Removable) (Total:7.6 GB) (Free:7.6 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 13124F9D)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=143 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=143 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 00BA3724)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2013-06-12 13:50

==================== End Of Log ============================
--- --- ---

cosinus 17.06.2013 15:02
Ganz schlechte Nachrichten:

Zitat:
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f\@
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f\L
C:\$Recycle.Bin\S-1-5-18\$cced714b348e29baf6a11cacf2a4ea0f\U
Dein System startet nicht nur, es ist auch mit einem fiesen Rookit infiziert; ich empfehle dir eine Neuinstallation

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.

  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.

  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.
Teile mir also mit, wie du dich entschieden hast.

guitarplayer 17.06.2013 15:02
bin jetzt erstmal unterwegs, heut abend bin ich wieder am rechner.
nur das du bescheid weißt.

danke dir für deine mühen bis jetzt ;)

hmm, klingt ja gar nicht gut :(

Wäre es denn wenigstens möglich, meine daten von den ordnern zuretten (c:/user/rico..)
bevor eine neuinstallation ansteht? wäre mir sehr wichtig.

[bis auf statistische finanztabellen, habe ich keine kontodaten bzw. online-banking auf dem laptop gemacht]

Und wie schaut das mit meinem Datenschutz aus? Sind meine Passwörter auch 'offen' irgendwo im System sichtbar?

[18.06.2013 - 15:01Uhr]

Hallo,

ich konnte jetzt mit Hilfe meines Bruders (dipl. Informatiker) meine Daten über
das Betriebssytem 'ubuntu', was ich von cd aus gebootet habe, noch retten.

Ich werde Windows-Vista demnächst neu installieren.
Gibt es noch wichtige Hinweise nach dem neu aufsetzen des Betriebssystems, bezüglich der Vorsorge und Sicherheit, die ihr mir mit auf den Weg geben könnt?


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131