100 Euro Trojaner als .exe Anhang per e-mail

Brummbär · 04.05.2012, 14:32

Ich habe gestern eine e-mail von cmontgomery@wispaninternet.com mit einer Rechnung von elektronikmax.de bekommen.

Im Anhang war eine .zip datei in der genauere Angaben zur Rechnung und Bestellung enthalten sein sollten :-( doch statt dessen hab ich eine .exe Datei geöffnet die mir das schöne Problem bescherte.

Konnte mich bisher gut durch da Forum durch erarbeiten und bin jetzt an der Stelle wo ich die beiden log-files posten soll :-)

Im vorraus bedanke ich mich schon mal für eure Hilfe

da meine OTL-Datei leider zu groß ist um sie als Anhang mitzuschicken poste Ich euch mal den Inhalt so .

OTL logfile created on: 5/4/2012 3:57:56 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 649.00 Mb Available Physical Memory | 68.00% Memory free
859.00 Mb Paging File | 726.00 Mb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.52 Gb Total Space | 32.77 Gb Free Space | 43.98% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 775.40 Gb Free Space | 83.24% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NAV) -- C:\Programme\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe (Symantec Corporation)
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (Capture Device Service) -- C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (UPnPService) -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SymIMMP) -- File not found
DRV - (SymIM) -- File not found
DRV - (smwdm) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MidiSyn) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\VirusDefs\20120314.019\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\VirusDefs\20120314.019\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1306020.00A\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1306020.00A\SymEFA.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1306020.00A\SymDS.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1306020.00A\Ironx86.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20120202.002\IDSxpx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20111201.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NAV\1306020.00A\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1306020.00A\SRTSPX.SYS (Symantec Corporation)
DRV - (ccSet_NAV) -- C:\WINDOWS\system32\drivers\NAV\1306020.00A\ccSetx86.sys (Symantec Corporation)
DRV - (LVUVC) Logitech Webcam 500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
DRV - (Slnt7554) -- C:\WINDOWS\system32\drivers\slnt7554.sys (Smart Link)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
DRV - (RecAgent) -- C:\WINDOWS\system32\drivers\RecAgent.sys (Smart Link)
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
DRV - (ASInsHelp) -- C:\WINDOWS\system32\drivers\AsInsHelp32.sys ()
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Elisabeth_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/?a=1eynQojsgD7
IE - HKU\Elisabeth_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Elisabeth_ON_C\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
IE - HKU\Elisabeth_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Elisabeth_ON_C\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKU\Elisabeth_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Elisabeth_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Leser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\Leser_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Leser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Manfred_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Programme\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/05/15 12:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Programme\AutocompletePro\support@predictad.com [2010/07/04 05:27:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/05/04 06:10:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/12/11 11:36:38 | 000,000,000 | ---D | M]

[2012/03/25 07:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/03/25 07:09:23 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/07/04 05:27:18 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012/05/04 06:10:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2007/08/29 17:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\mozilla firefox\plugins\npbittorrent.dll
[2003/07/09 16:57:40 | 000,061,556 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\NPJava11.dll
[2003/07/09 16:57:40 | 000,061,556 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\NPJava12.dll
[2003/07/09 16:57:40 | 000,061,556 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\NPJava13.dll
[2003/07/09 16:57:40 | 000,061,556 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\NPJava32.dll
[2003/07/09 16:57:40 | 000,061,553 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\NPJPI141_05.dll
[2003/07/09 16:57:40 | 000,061,557 | ---- | M] (JavaSoft / Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\NPOJI610.dll
[2006/07/31 11:07:16 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/01/14 10:53:55 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/14 10:53:55 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/01/14 10:53:55 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/14 10:53:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/14 10:53:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/14 10:53:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\Elisabeth_ON_C\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O3 - HKU\Elisabeth_ON_C\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\Elisabeth_ON_C\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Elisabeth_ON_C\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\Leser_ON_C\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NAV] C:\Programme\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\19.6.2.10\InstStub.exe (Symantec Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4 - HKLM..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\.DEFAULT..\Run: [rundll32.exe] File not found
O4 - HKU\.DEFAULT..\Run: [WAB] File not found
O4 - HKU\Elisabeth_ON_C..\Run: [5C96A3D0] C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\Hfvbnmplf\76E911E25C96A3D060D2.exe ()
O4 - HKU\Elisabeth_ON_C..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\Elisabeth_ON_C..\Run: [WAB] File not found
O4 - HKU\Leser_ON_C..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\Manfred_ON_C..\Run: [5C96A3D0] C:\WINDOWS\system32\586273575C96A3D03EF9.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Elisabeth_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Elisabeth_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Elisabeth_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Leser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Manfred_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4/jinstall-14_05-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin2.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab (FlashXControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\586273575C96A3D03EF9.exe) - C:\WINDOWS\system32\586273575C96A3D03EF9.exe ()
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/25 09:04:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/11 02:30:21 | 000,000,000 | RH-D | M] - D:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 14:56:50 | 000,000,036 | RH-- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/05/04 06:41:51 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Manfred\Eigene Dateien\Eigene Videos
[2012/05/04 06:41:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Manfred\Lokale Einstellungen\Anwendungsdaten\AskToolbar
[2012/05/04 06:41:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Manfred\IETldCache
[2012/05/04 06:33:28 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/05/04 06:33:28 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/05/04 06:33:27 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2012/05/04 06:32:57 | 000,388,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\symtdi.sys
[2012/05/04 06:32:57 | 000,345,208 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\symtdiv.sys
[2012/05/04 06:32:57 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\symnets.sys
[2012/05/04 06:32:56 | 000,905,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\SymEFA.sys
[2012/05/04 06:32:56 | 000,574,584 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\srtsp.sys
[2012/05/04 06:32:56 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\SymDS.sys
[2012/05/04 06:32:56 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\Ironx86.sys
[2012/05/04 06:32:56 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\ccSetx86.sys
[2012/05/04 06:32:56 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\srtspx.sys
[2012/05/04 06:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2012/05/04 06:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1306020.00A
[2012/05/04 06:31:13 | 000,000,000 | ---D | C] -- C:\Programme\Norton AntiVirus
[2012/05/04 06:31:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton AntiVirus
[2012/05/04 06:26:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2012/05/04 06:20:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\Hfvbnmplf
[2012/05/04 06:18:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinRAR
[2012/05/04 06:18:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Elisabeth\Startmenü\Programme\WinRAR
[2012/05/04 06:10:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[2012/05/04 06:10:27 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2012/04/30 03:38:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Elisabeth\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2012/04/21 15:31:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\PriceGong
[2012/04/16 16:51:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Casino Action
[2012/04/15 13:41:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Elisabeth\Lokale Einstellungen\Anwendungsdaten\conduitEngine
[2012/04/15 12:19:15 | 000,000,000 | ---D | C] -- C:\Casino
[2006/04/20 05:44:39 | 002,349,704 | ---- | C] (WEB.DE GmbH) -- C:\Programme\SmartInstall_000000000000070_.exe
[2005/05/11 17:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/04 07:42:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/04 07:41:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/05/04 06:53:05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/05/04 06:33:55 | 000,684,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\Cat.DB
[2012/05/04 06:33:28 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/05/04 06:33:28 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/05/04 06:33:28 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/05/04 06:33:28 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/05/04 06:33:21 | 000,001,849 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton AntiVirus.LNK
[2012/05/04 06:33:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton AntiVirus
[2012/05/04 06:19:53 | 000,102,912 | -H-- | M] () -- C:\WINDOWS\System32\586273575C96A3D03EF9.exe
[2012/05/04 06:18:37 | 000,000,688 | ---- | M] () -- C:\Dokumente und Einstellungen\Elisabeth\Desktop\WinRAR.lnk
[2012/05/04 06:18:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinRAR
[2012/05/03 23:52:20 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325
[2012/05/03 23:41:54 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324
[2012/05/03 23:27:28 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/05/03 23:26:12 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/05/03 23:23:16 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/05/03 23:20:38 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/05/03 14:00:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2012/05/02 13:05:12 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/05/02 11:31:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 08:50:02 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/04/30 03:38:03 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/04/25 11:06:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/16 16:53:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Casino Action
[2012/04/15 12:19:21 | 000,000,667 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Casino Las Vegas.lnk
[2012/04/15 12:19:20 | 000,000,661 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Casino Las Vegas.lnk
[2012/04/14 18:35:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/04 06:33:31 | 000,684,076 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\Cat.DB
[2012/05/04 06:33:28 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/05/04 06:33:28 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/05/04 06:33:21 | 000,001,849 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton AntiVirus.LNK
[2012/05/04 06:32:36 | 000,001,469 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\SymNetV.inf
[2012/05/04 06:32:35 | 000,003,434 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\SymEFA.inf
[2012/05/04 06:32:35 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\SymDS.inf
[2012/05/04 06:32:35 | 000,001,441 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\SymNet.inf
[2012/05/04 06:32:35 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\srtspx.inf
[2012/05/04 06:32:34 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\srtsp.inf
[2012/05/04 06:32:34 | 000,000,827 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\ccSetx86.inf
[2012/05/04 06:32:34 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\Iron.inf
[2012/05/04 06:31:29 | 000,004,782 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\SymVTcer.dat
[2012/05/04 06:31:26 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\symnetv.cat
[2012/05/04 06:31:26 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\SymDS.cat
[2012/05/04 06:31:26 | 000,007,468 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\ccsetx86.cat
[2012/05/04 06:31:26 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\SymNet.cat
[2012/05/04 06:31:26 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\SymEFA.cat
[2012/05/04 06:31:26 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\srtspx.cat
[2012/05/04 06:31:26 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\srtsp.cat
[2012/05/04 06:31:26 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\iron.cat
[2012/05/04 06:31:25 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1306020.00A\isolate.ini
[2012/05/04 06:31:23 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/05/04 06:31:23 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/04 06:31:23 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/04 06:31:23 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/04 06:31:23 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/04 06:31:23 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/04 06:19:53 | 000,102,912 | -H-- | C] () -- C:\WINDOWS\System32\586273575C96A3D03EF9.exe
[2012/05/04 06:19:00 | 000,000,688 | ---- | C] () -- C:\Dokumente und Einstellungen\Elisabeth\Desktop\WinRAR.lnk
[2012/04/30 03:38:03 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/04/30 03:38:03 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/04/15 12:19:20 | 000,000,667 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Casino Las Vegas.lnk
[2012/04/15 12:19:20 | 000,000,661 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Casino Las Vegas.lnk
[2012/02/15 12:15:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/27 15:15:55 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Elisabeth\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/25 05:58:34 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\Elisabeth\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/12/24 17:41:44 | 000,026,286 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/09 22:45:30 | 010,871,128 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 22:45:20 | 000,316,248 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/04/01 10:41:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2010/04/01 10:37:45 | 000,070,720 | ---- | C] () -- C:\Programme\UNWISE.EXE
[2010/03/19 09:49:29 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2010/03/04 16:59:08 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2010/03/04 16:58:43 | 000,032,297 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010/03/04 16:51:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2010/03/04 16:28:40 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2010/03/04 16:28:10 | 000,002,079 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/03/04 16:27:03 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/03/04 16:22:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\bdadll.dll
[2010/01/14 16:47:10 | 000,000,026 | ---- | C] () -- C:\WINDOWS\neosetup.INI
[2009/12/27 11:26:43 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/12/27 11:26:43 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/12/27 11:26:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/12/27 11:26:43 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/12/27 08:25:55 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2009/11/29 09:47:04 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\319A812C0B.sys
[2009/11/29 09:47:03 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/11/29 09:32:53 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2009/11/29 09:32:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mscandc.ini
[2009/11/29 09:22:50 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2009/11/29 09:22:47 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2009/11/29 09:22:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2009/10/06 20:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/06 20:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/12 14:48:32 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2009/09/12 14:48:30 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2009/09/12 14:48:24 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2009/09/11 07:15:31 | 000,070,144 | ---- | C] () -- C:\WINDOWS\msacm32.drv
[2009/09/11 07:15:31 | 000,000,104 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
[2009/06/03 12:06:56 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/06/03 12:06:56 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/06/03 12:06:56 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/06/03 12:06:56 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/06/03 12:06:56 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/06/03 12:06:56 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/05/31 16:58:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/31 16:33:43 | 000,000,081 | RHS- | C] () -- C:\WINDOWS\FFSSET.BIN
[2009/05/31 16:24:27 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/05/31 16:23:09 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/05/30 16:03:56 | 000,005,041 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ypkpiykb.yyr
[2009/05/30 16:03:48 | 000,000,036 | ---- | C] () -- C:\WINDOWS\IniFile1.ini
[2009/01/25 15:09:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/22 16:03:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/06 08:32:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/12/06 08:30:26 | 000,018,442 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2008/12/06 08:30:26 | 000,016,271 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2008/12/06 08:30:26 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008/12/06 08:30:25 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2008/10/29 16:19:38 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\prospeed_bmp2jpg.dll
[2008/10/29 14:22:01 | 000,000,028 | ---- | C] () -- C:\WINDOWS\sbinet.ini
[2008/10/29 14:22:01 | 000,000,026 | ---- | C] () -- C:\WINDOWS\skat24.ini
[2008/10/01 17:01:57 | 000,004,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Elisabeth\.plugin141_05.trace
[2008/09/11 16:54:21 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2008/09/11 15:19:03 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/05/02 01:33:23 | 000,000,074 | ---- | C] () -- C:\Dokumente und Einstellungen\Elisabeth\default.pls
[2008/04/22 15:49:21 | 000,000,929 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/21 14:07:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/07 22:21:15 | 000,003,210 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM1.DLL
[2007/09/23 12:11:51 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Manfred\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/09/23 11:46:28 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Leser\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/06/05 08:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/11/28 17:51:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/01 05:56:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/04/25 05:38:20 | 000,081,268 | ---- | C] () -- C:\WINDOWS\hpfins05.dat.temp
[2006/04/25 05:38:20 | 000,001,547 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat.temp
[2006/04/25 05:38:06 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/04/10 10:22:58 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006/04/10 09:43:17 | 000,081,264 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2006/04/10 09:43:17 | 000,001,547 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2006/03/25 09:29:06 | 000,000,507 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/25 09:23:19 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2006/03/25 09:23:19 | 000,004,962 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2006/03/25 09:23:17 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2006/03/25 09:23:17 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2006/03/25 09:21:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/03/25 09:15:40 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/03/25 09:15:38 | 000,003,866 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/03/25 09:15:37 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/03/25 09:07:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/25 09:01:46 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/25 07:44:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/25 07:42:13 | 000,226,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,541,004 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/04 08:00:00 | 000,516,414 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,102,334 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/04 08:00:00 | 000,086,064 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/19 10:46:20 | 000,039,279 | R--- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 10:43:38 | 000,023,041 | R--- | C] () -- C:\WINDOWS\cmaudio.dat
[1997/08/04 05:17:56 | 001,201,206 | ---- | C] () -- C:\WINDOWS\System32\Kart24gf.dll
[1997/08/04 05:16:44 | 001,201,206 | ---- | C] () -- C:\WINDOWS\System32\Kart24gd.dll

========== LOP Check ==========

[2008/04/21 13:55:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\SmartSurfer
[2010/03/28 16:37:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\AskToolbar
[2011/03/23 14:26:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\Coin
[2008/07/01 16:29:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\congstar WebRadio
[2008/10/29 09:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\DAEMON Tools
[2010/11/14 13:24:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\gemsweeperextractedgfx
[2012/05/04 06:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\Hfvbnmplf
[2009/01/25 15:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\ICQ
[2008/07/24 18:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\ICQ Toolbar
[2009/05/15 18:31:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\IN-MEDIAKG
[2010/12/24 17:42:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\Leadertech
[2009/05/31 16:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\MAGIX
[2011/03/23 14:39:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\Nuok
[2012/04/21 15:31:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\PriceGong
[2010/09/27 07:05:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\QuickStoresToolbar
[2008/09/11 16:54:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\Samsung
[2010/07/04 05:27:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\SchnellSchreiben
[2009/12/27 11:26:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\Simply Super Software
[2008/04/28 08:10:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\SmartSurfer
[2010/11/21 17:37:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\TeamViewer
[2011/11/14 09:49:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\TIPP10
[2011/03/24 13:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\TuneUp Software
[2009/06/03 15:12:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\Ulead Systems
[2009/07/22 12:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\UseNeXT
[2008/04/28 08:10:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\WEBDE
[2008/07/24 10:33:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leser\Anwendungsdaten\BitTorrent
[2008/08/30 07:17:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leser\Anwendungsdaten\DNA
[2008/07/24 12:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leser\Anwendungsdaten\ICQ
[2008/10/10 18:15:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leser\Anwendungsdaten\ICQ Toolbar
[2008/06/25 14:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leser\Anwendungsdaten\LimeWire
[2009/06/04 10:38:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leser\Anwendungsdaten\Ulead Systems
[2008/08/04 10:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leser\Anwendungsdaten\UseNeXT
[2008/04/28 06:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SmartSurfer
[2011/04/01 09:00:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2008/04/26 05:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\SmartSurfer
[2011/05/26 14:55:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\albelli photo book creator Extra
[2009/03/15 14:40:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2009/08/01 12:40:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2008/12/26 19:05:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM
[2008/12/26 19:04:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail
[2009/06/03 12:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo
[2009/05/31 16:32:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010/11/14 13:03:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Meine Spiele
[2008/10/16 15:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MGS
[2008/10/16 14:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microgaming
[2009/06/26 08:04:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2012/05/04 06:26:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2011/02/27 15:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Photo Notifier and Animation Creator
[2010/07/27 15:33:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoMail
[2009/06/05 12:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2009/12/27 11:27:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011/04/12 10:38:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009/06/03 12:11:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2008/04/28 08:10:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEBDE
[2009/05/15 12:59:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009/02/25 18:08:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2011/03/24 13:21:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2009/12/27 11:23:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2012/05/04 06:53:05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2010/03/10 17:16:54 | 000,000,000 | ---D | M] -- C:\83fdfc6d140b5eb9073d4b5c
[2009/08/23 08:47:02 | 000,000,000 | ---D | M] -- C:\ae95c9bb4ae479d69659d81611b0fb
[2012/04/15 12:19:15 | 000,000,000 | ---D | M] -- C:\Casino
[2012/04/22 07:12:50 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2008/11/06 09:20:26 | 000,000,000 | ---D | M] -- C:\ConvertTemp
[2008/09/11 17:07:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010/03/04 16:48:45 | 000,000,000 | ---D | M] -- C:\Hauppauge
[2007/04/16 06:36:59 | 000,000,000 | ---D | M] -- C:\KAV
[2009/11/29 09:22:45 | 000,000,000 | ---D | M] -- C:\Kpcms
[2008/10/16 14:50:41 | 000,000,000 | ---D | M] -- C:\MicroGaming
[2009/05/30 16:06:41 | 000,000,000 | ---D | M] -- C:\Movavi Dateien
[2006/03/25 09:25:37 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010/03/04 16:28:44 | 000,000,000 | ---D | M] -- C:\MyVideos
[2010/01/14 16:47:01 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/05/04 06:33:27 | 000,000,000 | R--D | M] -- C:\Programme
[2008/06/25 08:43:50 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009/06/03 12:09:15 | 000,000,000 | ---D | M] -- C:\SmartSound Software
[2012/05/04 06:30:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/04/30 03:38:03 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >
[2006/04/20 05:44:39 | 002,349,704 | ---- | M] (WEB.DE GmbH) -- C:\Programme\SmartInstall_000000000000070_.exe
[1997/03/07 10:18:26 | 000,070,720 | ---- | M] () -- C:\Programme\UNWISE.EXE

Invalid Environment Variable: %LOCALAPPDATA%\*.exe

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/23 11:23:25 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/23 11:23:25 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/23 11:23:25 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/23 11:23:25 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/04 08:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USER32.DLL >
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/04 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2005/04/27 23:22:40 | 000,060,928 | R--- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/03/25 08:41:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/03/25 08:41:19 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/03/25 08:41:18 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2012/03/02 00:00:10 | 011,082,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/03/01 07:00:08 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

Invalid Environment Variable: %USERPROFILE%\*.*

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll

Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >

markusg · 04.05.2012, 14:46

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - HKU\Manfred_ON_C..\Run: [5C96A3D0] C:\WINDOWS\system32\586273575C96A3D03EF9.exe ()
O4 - HKU\Elisabeth_ON_C..\Run: [5C96A3D0] C:\Dokumente und Einstellungen\Elisabeth\Anwendungsdaten\Hfvbnmplf\76E911E25C96A3D060D2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Elisabeth_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Elisabeth_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\586273575C96A3D03EF9.exe) - C:\WINDOWS\system32\586273575C96A3D03EF9.exe ()
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
:Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

100 Euro Trojaner als .exe Anhang per e-mail

Log-Analyse und Auswertung: 100 Euro Trojaner als .exe Anhang per e-mail

100 Euro Trojaner als .exe Anhang per e-mail

100 Euro Trojaner als .exe Anhang per e-mail

Ähnliche Themen: 100 Euro Trojaner als .exe Anhang per e-mail