GVU Trojaner - abgesicherter Modus startet nicht

Nasic

Hey! Habe den GVU-Trojaner eingefangen und schon einiges hier im Forum dazu gelesen. Im abgesicherten Modus fährt mein PC leider sofort wieder runter.

Habe, wie in vielen anderen Beiträgen beschrieben, ISOBURN und eine OTLPE CD erstellt. Mit der habe ich bereits gebootet und C:\OTL.Txt bekommen.
Wie geht es nun weiter? Wäre echt nett wenn ihr helfen könntet.

OTL logfile created on: 11/26/2013 4:25:58 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.36 Mb Free Space | 74.37% Space Free | Partition Type: NTFS
Drive D: | 931.41 Gb Total Space | 765.80 Gb Free Space | 82.22% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: Reatogo | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/11/20 17:46:20 | 000,061,540 | ---- | M] (Microsoft Corporation) [Auto] -- D:\ProgramData\j3rjrjhd.pss -- (Winmgmt)
SRV - [2013/10/09 07:57:02 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand] -- D:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslivem) BonanzaDealsLive-Dienst (bonanzadealslivem)
SRV - [2013/10/09 07:57:02 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto] -- D:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslive) BonanzaDealsLive-Dienst (bonanzadealslive)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/17 12:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/07/20 18:04:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/12/20 11:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 11:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/05/04 05:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto] -- D:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/05 15:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/10/17 12:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012/10/17 12:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 04:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/09 06:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/31 12:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/09 23:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/24 03:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/02/24 03:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=3C8714DAE9D63517&affID=125035&tsp=5030
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 68 51 8A 52 93 CC 01 [binary data]
IE - HKU\Benutzer01_ON_D\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_0_1.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3: D:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9: D:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/25 15:39:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 18:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Benutzer01\AppData\Roaming\14001.019 [2012/08/30 10:49:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 18:04:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/25 15:17:42 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Extensions
[2013/10/09 08:01:31 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\extensions
[2013/10/09 08:01:31 | 000,000,000 | ---D | M] (kikin plugin (NO23 Edition)) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2013/07/30 14:05:20 | 000,000,000 | ---D | M] (Delta Toolbar) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\extensions\ffxtlbr@delta.com
[2013/07/30 14:05:05 | 000,006,507 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\babylon.xml
[2013/07/30 14:05:05 | 000,006,507 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\BrowserProtect.xml
[2013/04/05 16:02:25 | 000,001,294 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\delta.xml
[2011/10/25 16:11:47 | 000,002,378 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\search.xml
[2013/10/09 07:57:50 | 000,001,302 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\searchgol.xml
[2012/11/03 13:13:58 | 000,003,915 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\sweetim.xml
[2012/05/03 03:11:26 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2012/09/25 15:39:09 | 000,000,000 | ---D | M] (avast! WebRep) -- D:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/08/30 10:49:54 | 000,000,000 | ---D | M] (Java Link Helper) -- D:\USERS\BENUTZER01\APPDATA\ROAMING\14001.019
[2012/07/20 18:04:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/09 11:15:59 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/04/05 16:02:14 | 000,006,469 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/09 11:15:59 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/09 11:15:59 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/09 11:15:59 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/09 11:15:59 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/09 11:15:59 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - D:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - D:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - D:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - D:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\Benutzer01_ON_D\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] D:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Sweetpacks Communicator] File not found
O4 - HKU\Benutzer01_ON_D..\Run: [iPhone PC Suite] File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ejbeb8z.lnk ()
O4 - Startup: D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j3rjrjhd.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - D:\Users\Benutzer01\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - D:\Users\Benutzer01\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - D:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{55e3a614-fbf6-11e0-ab03-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55e3a614-fbf6-11e0-ab03-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/11/25 17:22:30 | 000,060,528 | ---- | C] (Microsoft Corporation) -- D:\ProgramData\ejbeb8z.pss
[2013/11/25 17:22:27 | 000,188,928 | ---- | C] (Корпорация Майкрософт) -- D:\ProgramData\z8bebje.dss
[2013/11/24 14:51:43 | 000,000,000 | ---D | C] -- D:\Users\Benutzer01\Desktop\Sedcard Fragezeichen
[2013/11/23 11:45:51 | 000,000,000 | ---D | C] -- D:\Users\Benutzer01\Desktop\zz
[2013/11/22 16:25:20 | 000,000,000 | ---D | C] -- D:\Users\Benutzer01\Desktop\gute
[2013/11/20 17:46:20 | 000,061,540 | ---- | C] (Microsoft Corporation) -- D:\ProgramData\j3rjrjhd.pss
[2013/11/13 14:14:25 | 000,526,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/11/13 14:14:25 | 000,391,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/11/13 14:14:25 | 000,136,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2013/11/13 14:14:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2013/11/13 14:14:25 | 000,089,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/13 14:14:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/13 14:14:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2013/11/13 14:14:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2013/11/13 14:14:25 | 000,051,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2013/11/13 14:14:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2013/11/13 14:14:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2013/11/13 14:14:24 | 000,855,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/11/13 14:14:24 | 000,690,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/11/13 14:14:24 | 000,603,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/11/13 14:14:24 | 000,493,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/11/13 14:14:23 | 003,959,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/11/13 14:14:23 | 002,877,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/11/13 13:23:58 | 000,830,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\nshwfp.dll
[2013/11/13 13:23:58 | 000,656,896 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\nshwfp.dll
[2013/11/13 13:23:58 | 000,324,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\FWPUCLNT.DLL
[2013/11/13 13:23:58 | 000,216,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/13 13:23:55 | 001,474,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\crypt32.dll
[2013/11/13 13:23:51 | 001,930,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\authui.dll
[2013/11/13 13:23:51 | 001,796,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\authui.dll
[2013/11/13 13:23:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\credui.dll
[2013/11/13 13:23:51 | 000,190,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/13 13:23:51 | 000,168,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\credui.dll
[2013/11/13 13:23:51 | 000,152,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 13:23:46 | 001,447,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\lsasrv.dll
[2013/11/13 13:23:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ncrypt.dll
[2013/11/13 13:23:46 | 000,220,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ncrypt.dll
[2013/11/13 13:23:46 | 000,135,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspicli.dll
[2013/11/13 13:23:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspisrv.dll
[2013/11/13 13:23:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\secur32.dll
[2013/11/13 13:23:45 | 000,404,480 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\gdi32.dll
[1 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
[1 D:\Users\Benutzer01\AppData\Roaming\*.tmp files -> D:\Users\Benutzer01\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/26 10:02:24 | 095,025,368 | ---- | M] () -- D:\ProgramData\ejbeb8z.bxx
[2013/11/26 10:02:17 | 000,000,934 | ---- | M] () -- D:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013/11/26 10:00:07 | 000,000,000 | ---- | M] () -- D:\ProgramData\ejbeb8z.fvv
[2013/11/26 10:00:00 | 000,001,114 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/26 10:00:00 | 000,000,930 | ---- | M] () -- D:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
[2013/11/26 09:59:44 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/11/26 09:59:41 | 3151,405,056 | -HS- | M] () -- D:\hiberfil.sys
[2013/11/26 09:44:34 | 000,001,118 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/26 09:41:23 | 000,022,064 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 09:41:23 | 000,022,064 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 07:06:07 | 000,000,000 | ---- | M] () -- D:\Users\Benutzer01\AppData\Local\{9178D3F0-A3E0-4B08-BA93-6DBE39D93821}
[2013/11/26 06:58:49 | 000,000,000 | ---- | M] () -- D:\Users\Benutzer01\AppData\Local\{9BCE1748-FD3B-4EC6-A84C-9B2C6E56966E}
[2013/11/26 06:56:39 | 000,000,000 | ---- | M] () -- D:\Users\Benutzer01\AppData\Local\{F40D3051-530A-4347-9270-C3C50CA4356F}
[2013/11/25 17:22:30 | 000,060,528 | ---- | M] (Microsoft Corporation) -- D:\ProgramData\ejbeb8z.pss
[2013/11/25 17:22:29 | 000,001,033 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ejbeb8z.lnk
[2013/11/25 17:22:27 | 000,188,928 | ---- | M] (Корпорация Майкрософт) -- D:\ProgramData\z8bebje.dss
[2013/11/25 16:56:00 | 000,000,308 | ---- | M] () -- D:\Windows\tasks\DigitalSite.job
[2013/11/25 08:26:41 | 000,000,097 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\WB.CFG
[2013/11/25 08:26:41 | 000,000,006 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\WBPU-TTL.DAT
[2013/11/20 18:05:50 | 095,025,368 | ---- | M] () -- D:\ProgramData\j3rjrjhd.bxx
[2013/11/20 17:55:00 | 000,001,011 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j3rjrjhd.lnk
[2013/11/20 17:51:11 | 000,000,000 | ---- | M] () -- D:\ProgramData\j3rjrjhd.fvv
[2013/11/20 17:48:07 | 000,000,285 | ---- | M] () -- D:\ProgramData\j3rjrjhd.reg
[2013/11/20 17:46:20 | 000,061,540 | ---- | M] (Microsoft Corporation) -- D:\ProgramData\j3rjrjhd.pss
[2013/11/20 17:42:31 | 000,664,764 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/11/20 17:42:31 | 000,624,946 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/11/20 17:42:31 | 000,134,932 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/11/20 17:42:31 | 000,110,584 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[1 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
[1 D:\Users\Benutzer01\AppData\Roaming\*.tmp files -> D:\Users\Benutzer01\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/26 07:06:07 | 000,000,000 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\{9178D3F0-A3E0-4B08-BA93-6DBE39D93821}
[2013/11/26 06:58:49 | 000,000,000 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\{9BCE1748-FD3B-4EC6-A84C-9B2C6E56966E}
[2013/11/26 06:56:39 | 000,000,000 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\{F40D3051-530A-4347-9270-C3C50CA4356F}
[2013/11/25 17:22:29 | 000,001,033 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ejbeb8z.lnk
[2013/11/25 17:22:28 | 095,025,368 | ---- | C] () -- D:\ProgramData\ejbeb8z.bxx
[2013/11/25 17:22:28 | 000,000,000 | ---- | C] () -- D:\ProgramData\ejbeb8z.fvv
[2013/11/20 17:47:38 | 000,000,285 | ---- | C] () -- D:\ProgramData\j3rjrjhd.reg
[2013/11/20 17:46:19 | 000,001,011 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j3rjrjhd.lnk
[2013/11/20 17:46:19 | 000,000,000 | ---- | C] () -- D:\ProgramData\j3rjrjhd.fvv
[2013/11/20 17:46:18 | 095,025,368 | ---- | C] () -- D:\ProgramData\j3rjrjhd.bxx
[2013/10/17 16:56:52 | 000,000,268 | RH-- | C] () -- D:\ProgramData\Digital Light
[2013/10/17 16:56:52 | 000,000,268 | RH-- | C] () -- D:\Users\Benutzer01\AppData\Roaming\Devices
[2013/10/17 16:56:20 | 000,000,020 | -H-- | C] () -- D:\ProgramData\PKP_DLbz.DAT
[2013/10/17 16:56:19 | 000,000,098 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\fusioncache.dat
[2013/10/17 16:50:43 | 001,554,702 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 08:56:04 | 000,000,097 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\WB.CFG
[2013/10/09 08:56:04 | 000,000,006 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\WBPU-TTL.DAT
[2013/09/28 12:30:31 | 000,033,289 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\recently-used.xbel
[2013/02/17 06:29:23 | 000,089,092 | ---- | C] () -- D:\Windows\War3Unin.dat
[2012/09/15 19:36:34 | 000,065,536 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\v4gejj7m.default.dat
[2012/08/31 15:47:42 | 000,198,200 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\AcroIEHelpe205.dll
[2012/08/23 09:00:53 | 000,006,400 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\BAcroIEHelpe197.dll
[2012/08/17 11:03:59 | 000,006,400 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\BAcroIEHelpe194.dll
[2012/08/15 12:02:05 | 000,000,047 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\urhtps.dat
[2012/08/03 17:07:26 | 004,503,728 | ---- | C] () -- D:\ProgramData\ras_0oed.pad
[2012/07/04 17:43:13 | 004,503,728 | ---- | C] () -- D:\ProgramData\l_u0_0.pad
[2012/04/24 06:10:45 | 000,005,120 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/12 07:34:43 | 000,000,600 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\winscp.rnd
[2011/10/21 11:07:20 | 000,963,116 | ---- | C] () -- D:\Windows\SysWow64\igkrng600.bin
[2011/10/21 11:07:20 | 000,145,804 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng600.bin
[2011/10/21 11:03:51 | 000,043,765 | ---- | C] () -- D:\Windows\Ascd_log.ini
[2011/10/21 11:02:38 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/10/21 11:02:35 | 000,029,852 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2011/08/31 12:51:16 | 000,216,000 | ---- | C] () -- D:\Windows\SysWow64\igfcg600m.bin
[2011/08/31 12:46:00 | 000,056,832 | ---- | C] () -- D:\Windows\SysWow64\igdde32.dll
[2011/08/31 12:26:20 | 013,903,872 | ---- | C] () -- D:\Windows\SysWow64\ig4icd32.dll
[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/09/06 06:59:27 | 000,017,920 | ---- | C] () -- D:\Windows\SysWow64\Implode.dll

========== LOP Check ==========

[2012/10/13 09:56:42 | 000,000,000 | ---D | M] -- D:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/09/25 15:38:53 | 000,000,000 | ---D | M] -- D:\ProgramData\AVAST Software
[2013/04/05 15:48:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2013/10/09 07:57:03 | 000,000,000 | ---D | M] -- D:\ProgramData\BonanzaDealsLive
[2013/07/29 10:54:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Cisco
[2013/07/30 14:04:10 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2013/10/17 16:56:20 | 000,000,000 | ---D | M] -- D:\ProgramData\EnterNHelp
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/11/12 08:07:32 | 000,000,000 | ---D | M] -- D:\ProgramData\PC SUITE
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012/11/03 13:14:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Tarma Installer
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2013/10/17 16:56:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Track Settings
[2013/07/30 14:04:19 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUp Software
[2011/10/25 15:43:53 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUpMedia
[2013/10/17 16:56:20 | 000,000,000 | ---D | M] -- D:\ProgramData\Ultima_T15
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/03/12 17:43:26 | 000,000,000 | ---D | M] -- D:\ProgramData\WinZip
[2011/10/25 15:39:43 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/07/30 14:04:10 | 000,000,000 | -HSD | M] -- D:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/11/26 10:00:00 | 000,000,930 | ---- | M] () -- D:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
[2013/11/26 10:02:17 | 000,000,934 | ---- | M] () -- D:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013/11/25 16:56:00 | 000,000,308 | ---- | M] () -- D:\Windows\Tasks\DigitalSite.job
[2013/11/03 06:02:06 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/09/28 11:16:07 | 003,418,240 | ---- | C] ()(D:\Users\Benutzer01\Desktop\????? by ????.MP3) -- D:\Users\Benutzer01\Desktop\最炫民族风 by 凤凰传奇.MP3
[2013/08/31 08:09:50 | 003,418,240 | ---- | M] ()(D:\Users\Benutzer01\Desktop\????? by ????.MP3) -- D:\Users\Benutzer01\Desktop\最炫民族风 by 凤凰传奇.MP3
< End of report >