Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: 100 Euro Trojaner WIN xp 64 bit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.06.2012, 10:28   #1
Hilf noob
 
100 Euro Trojaner WIN xp 64 bit - Standard

100 Euro Trojaner WIN xp 64 bit



Hallo

Habe OTL PE zum laufen bekommen aber beim scan zeigt er schon Fehler an.

OTLPE:OTLPE:exe -Bad Image

Log file habe ich erstellt nachdem ich die Meldung immer weiter geklickt habe.

INIT:

INITLOG

Date: Sun 06/24/2012
Time: 12:56:20.42

[RAM initialization]
- 12:56:20.43: Start
- ReFormated=true
- Compressed=false
- 12:56:20.45: Starting RAMDRV Data Transfer
- Decompressing 7z SFX: X:\SFX\profiles-7z.exe
- Decompressing 7z SFX: X:\SFX\shortcuts-7z.exe to "B:\Documents and Settings"
- Decompressing 7z SFX: "X:\SFX\commonappdata-7z.exe" to "B:\Documents and Settings\All Users\Application Data"
- 12:56:22.50: RamDrv Data transfer completed

[PnP Hardware Detection]
- 12:56:23.28 Start
Detection : basic
Detection Cmd : bartpe -pnp
- 12:56:24.01 Running "bartpe -pnp "
Found Device: PCI\VEN_10DE&DEV_0568&SUBSYS_82E81043&REV_A1\3&2411E6FE&0&0C
PCI standard RAM Controller
Found Device: PCI\VEN_10DE&DEV_0614&SUBSYS_14661462&REV_A2\4&3117C7BB&0&0080
No DriverNodes found for device.
Found Device: PCI\VEN_10DE&DEV_0751&SUBSYS_82E81043&REV_A1\3&2411E6FE&0&0A
PCI standard RAM Controller
Found Device: PCI\VEN_10DE&DEV_0752&SUBSYS_82E81043&REV_A1\3&2411E6FE&0&09
No DriverNodes found for device.
Found Device: PCI\VEN_10DE&DEV_0753&SUBSYS_82E81043&REV_A2\3&2411E6FE&0&0B
No DriverNodes found for device.
Found Device: PCI\VEN_10DE&DEV_0754&SUBSYS_82E81043&REV_A2\3&2411E6FE&0&00
PCI standard RAM Controller
Found Device: PCI\VEN_10DE&DEV_0760&SUBSYS_82E81043&REV_A2\3&2411E6FE&0&50
NVIDIA nForce Networking Controller
Found Device: PCI\VEN_10DE&DEV_0774&SUBSYS_82FE1043&REV_A1\3&2411E6FE&0&38
No DriverNodes found for device.
Found Device: USB\VID_1395&PID_0002&MI_00\6&39EAA8F8&0&0000
No DriverNodes found for device.
- 12:56:35.18 Completed

[Display Settings]
- Current Settings : [1024x768, 32 bits @ 1 Hz]
- Settings requested : [1024x768, 32 bits @ 85 Hz]
- No matching display mode found.
- Trying: qres.exe /x:1024 /y:768

[Networking]
- 12:56:37.23: Start

Use PENetCFG : false
Use NetConfig : false
Sharing : false
RAS Services : false
Wireless Services : false

- 12:56:37.35: Setting Computer Name (Reatogo, NONE)
- 12:56:37.93: Setting Administrator Pass
The command completed successfully.

- 12:56:38.53: Installing Tcp/Ip protocol
OK
- 12:56:42.04: Installing MSClient protocol
OK
- 12:56:43.82: Starting Tcp/IP service

The TCP/IP Protocol Driver service was started successfully.

OK
- 12:56:44.35: Starting DHCP service
The DHCP Client service is starting.
The DHCP Client service was started successfully.

OK
- 12:56:46.85: Starting NLA service
The Network Location Awareness (NLA) service is starting.
The Network Location Awareness (NLA) service was started successfully.

OK
- 12:56:49.04: Starting LMHOSTS service
The TCP/IP NetBIOS Helper service is starting.
The TCP/IP NetBIOS Helper service was started successfully.

OK
- 12:56:51.15 Network Configuration Completed
Fixing IE path in StartMenuInternet

[Shortcut Creation]
- 12:57:11.92: Begin
- 12:57:12.04: End

OTL:
OTL logfile created on: 6/24/2012 1:01:26 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Microsoft Windows XP Service Pack 2 (Version = 5.2.3790) - Type = SYSTEM
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107.41 Gb Total Space | 20.95 Gb Free Space | 19.51% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 477.42 Gb Free Space | 80.08% Space Free | Partition Type: NTFS
Drive E: | 47.00 Gb Total Space | 25.98 Gb Free Space | 55.28% Space Free | Partition Type: NTFS
Drive F: | 78.46 Gb Total Space | 76.35 Gb Free Space | 97.32% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 2.85 Gb Free Space | 76.46% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/08 09:15:02 | 000,185,856 | ---- | M] () [Auto] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/02/09 23:17:36 | 000,186,176 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\WINDOWS\system32\nvsvc64.exe -- (NVSvc)
SRV:64bit: - [2007/02/18 11:01:10 | 000,659,968 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV:64bit: - [2007/02/17 01:05:28 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV:64bit: - [2007/02/17 00:59:48 | 000,113,152 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2007/02/17 00:56:32 | 000,231,424 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV:64bit: - [2007/02/17 00:55:42 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV:64bit: - [2007/02/17 00:54:26 | 000,224,256 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV:64bit: - [2007/02/17 00:54:26 | 000,224,256 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV:64bit: - [2007/02/17 00:53:58 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV:64bit: - [2007/02/17 00:41:30 | 000,794,112 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV:64bit: - [2007/02/17 00:40:04 | 000,160,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV:64bit: - [2007/02/17 00:40:04 | 000,160,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV:64bit: - [2007/02/17 00:38:26 | 000,057,344 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV:64bit: - [2007/02/17 00:17:20 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV:64bit: - [2007/02/17 00:17:14 | 000,399,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV:64bit: - [2007/02/17 00:03:14 | 000,285,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/02/17 00:03:10 | 001,051,648 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV:64bit: - [2005/03/25 04:00:00 | 000,049,664 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV:64bit: - [2005/03/25 04:00:00 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV:64bit: - [2005/03/25 04:00:00 | 000,031,744 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV:64bit: - [2005/03/25 04:00:00 | 000,029,696 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV:64bit: - [2005/03/25 04:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV:64bit: - [2005/03/25 04:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2012/06/19 13:44:42 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/03 05:42:46 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/28 00:24:54 | 001,148,632 | ---- | M] (Crawler.com) [Auto] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012/02/28 11:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/14 10:49:12 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [Disabled] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/02/10 00:12:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/30 08:49:22 | 000,075,136 | ---- | M] () [Disabled] -- C:\WINDOWS\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/08/23 15:44:00 | 003,983,992 | ---- | M] (INCA Internet Co., Ltd.) [Disabled] -- C:\WINDOWS\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 09:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 08:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/06 08:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Disabled] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/11/06 08:13:20 | 000,276,584 | ---- | M] (NVIDIA) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/07/25 05:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 14:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/03/18 09:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 09:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/02/24 13:21:10 | 006,640,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTKHDA64.SYS -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:64bit: - [2011/02/12 16:02:29 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV:64bit: - [2010/06/23 12:44:41 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/18 02:19:00 | 001,801,304 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambft64.sys -- (Ambfilt64)
DRV:64bit: - [2009/11/18 02:17:00 | 001,861,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monft64.sys -- (Monfilt64)
DRV:64bit: - [2009/09/16 02:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/09/15 08:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/08/07 17:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/01/29 00:38:08 | 000,074,496 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV:64bit: - [2008/01/29 00:38:08 | 000,034,304 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV:64bit: - [2008/01/21 05:45:00 | 000,008,192 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007/08/14 21:00:00 | 000,709,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase)
DRV:64bit: - [2007/08/14 21:00:00 | 000,105,472 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV:64bit: - [2007/02/17 01:00:34 | 000,081,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV:64bit: - [2007/02/17 00:50:28 | 000,106,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV:64bit: - [2007/02/17 00:38:26 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV:64bit: - [2007/02/17 00:31:08 | 000,156,672 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV:64bit: - [2007/02/17 00:30:56 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV:64bit: - [2007/02/17 00:22:26 | 000,240,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV:64bit: - [2007/02/17 00:17:20 | 000,244,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV:64bit: - [2007/02/17 00:17:14 | 000,415,232 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV:64bit: - [2007/02/17 00:03:34 | 000,106,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV:64bit: - [2007/02/16 21:02:16 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV:64bit: - [2007/02/16 20:59:12 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV:64bit: - [2007/02/16 20:55:52 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV:64bit: - [2007/02/16 20:03:24 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV:64bit: - [2006/10/18 23:00:38 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2005/03/25 04:00:00 | 000,123,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV:64bit: - [2005/03/25 04:00:00 | 000,072,704 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (imapi)
DRV:64bit: - [2005/03/25 04:00:00 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV:64bit: - [2005/03/25 04:00:00 | 000,013,312 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\cdad10ba.sys -- (CdaD10BA)
DRV:64bit: - [2005/03/25 04:00:00 | 000,013,312 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\cdac15ba.sys -- (CdaC15BA)
DRV:64bit: - [2005/03/25 04:00:00 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV:64bit: - [2005/03/24 13:25:38 | 000,086,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV:64bit: - [2005/03/24 13:24:04 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV:64bit: - [2005/03/24 13:21:30 | 000,092,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV:64bit: - [2005/03/24 13:20:08 | 000,204,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV:64bit: - [2005/03/24 13:12:02 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV:64bit: - [2005/03/24 13:11:56 | 000,188,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2010/05/26 20:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2005/03/25 04:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2005/03/25 04:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SysWow64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=DE&userid=7116eef5-9d0d-44fa-a0ae-f691a2849749&searchtype=ds&q={searchTerms}
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=DE&userid=7116eef5-9d0d-44fa-a0ae-f691a2849749&searchtype=hp
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=DE&userid=7116eef5-9d0d-44fa-a0ae-f691a2849749&searchtype=ds&q={searchTerms}
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=DE&userid=7116eef5-9d0d-44fa-a0ae-f691a2849749&searchtype=ds&q={searchTerms}
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEPEReOF&&i=26&search="
FF - prefs.js..network.proxy.http: "212.7.210.88"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\SysWOW64\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/13 10:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/17 05:42:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/03 05:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/20 15:46:58 | 000,000,000 | ---D | M]

[2011/01/01 20:26:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/06/14 08:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\amaklac8.default\extensions
[2011/02/12 16:02:19 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\amaklac8.default\searchplugins\daemon-search.xml
[2012/06/13 10:34:41 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\amaklac8.default\searchplugins\MyStart Search.xml
[2012/04/20 16:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/10 11:50:58 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AMAKLAC8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/03 05:42:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 00:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/18 06:50:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/10 11:50:52 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/03/18 06:50:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/18 06:50:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/09 10:53:04 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012/03/18 06:50:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/18 06:50:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/18 06:50:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2005/03/25 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3:64bit: - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MSIAfterburner] C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
O4 - HKU\Administrator_ON_C..\Run: [yrisi.exe] C:\Documents and Settings\Administrator\Application Data\Lukyr\yrisi.exe ()
O4 - HKU\LocalService_ON_C..\RunOnce: [tscuninstall] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [tscuninstall] File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [tscuninstall] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Application Data\Gslqicfa\povyjrvj.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/07 01:00:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{b4ad3687-36a1-11e0-995f-00235482d525}\Shell - "" = AutoRun
O33 - MountPoints2\{b4ad3687-36a1-11e0-995f-00235482d525}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b4ad3687-36a1-11e0-995f-00235482d525}\Shell\AutoRun\command - "" = G:\MLLaunch.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 07:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Gslqicfa
[2012/06/21 09:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashStrike_at
[2012/06/19 18:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2012/06/19 18:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/06/16 17:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lukyr
[2012/06/16 17:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ifsozi
[2012/06/15 10:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\CCGold
[2012/06/15 10:27:17 | 000,000,000 | ---D | C] -- C:\Games
[2012/06/15 10:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Cleaner
[2012/06/15 10:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2012/06/14 07:56:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/13 12:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2012/06/13 12:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FileOpen
[2012/06/13 11:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ABBYY
[2012/06/13 11:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2012/06/13 11:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 6.0
[2012/06/13 10:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ABBYY
[2012/06/13 10:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ABBYY
[2012/06/13 10:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Smartbar
[2012/06/13 10:41:27 | 000,000,000 | ---D | C] -- C:\Temp
[2012/06/13 10:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Scan2PDF
[2012/06/13 10:34:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Scan2PDF
[2012/06/13 10:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Scan2PDF
[2012/06/13 10:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/06/11 17:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Mana 32
[2012/06/11 17:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\BMW Treffen
[2012/06/11 06:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2012/06/07 07:00:02 | 000,044,032 | ---- | C] (Xifon) -- C:\Documents and Settings\Administrator\Desktop\MW3sa Reporting tool.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/24 05:48:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/24 05:48:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/22 07:13:22 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Gslqicfa\povyjrvj.exe
[2012/06/19 18:09:42 | 020,813,862 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Nuddn.bmp
[2012/06/19 18:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2012/06/19 18:04:15 | 000,000,156 | ---- | M] () -- C:\WINDOWS\SysWow64\-1
[2012/06/18 19:32:34 | 000,001,478 | ---- | M] () -- C:\WINDOWS\basscad.ini
[2012/06/18 19:21:36 | 000,189,654 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\12W3_MAN.pdf
[2012/06/18 14:29:04 | 001,094,585 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MW3sa_reporting_tool(1).zip
[2012/06/17 20:00:02 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PRIVAT-MANA-Administrator.job
[2012/06/15 10:16:43 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Eusing Free Registry Cleaner.lnk
[2012/06/13 13:44:30 | 005,977,691 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Unbenannt 1.odt
[2012/06/13 12:57:55 | 001,520,361 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Unbenannt-1.jpg
[2012/06/13 12:54:58 | 021,063,251 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Unbenannt-1.psd
[2012/06/13 12:39:56 | 005,441,090 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Unbenannt 1.odt
[2012/06/13 11:06:36 | 374,873,708 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ABBYY_FR11_PE_TRIAL_ESD.exe
[2012/06/13 10:35:28 | 000,118,916 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\alex.pdf
[2012/06/13 10:34:54 | 000,000,447 | ---- | M] () -- C:\user.js
[2012/06/13 10:34:48 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Scan2PDF.lnk
[2012/06/13 10:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Scan2PDF
[2012/06/11 06:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
[2012/06/09 14:14:31 | 000,022,325 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\uh44337,1289465820,22muffi_schlumpf.jpg
[2012/06/07 06:59:27 | 000,848,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MW3sa_reporting_tool.zip
[2012/06/03 10:57:50 | 000,044,032 | ---- | M] (Xifon) -- C:\Documents and Settings\Administrator\Desktop\MW3sa Reporting tool.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/19 18:09:41 | 020,813,862 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Nuddn.bmp
[2012/06/19 18:04:14 | 000,000,156 | ---- | C] () -- C:\WINDOWS\SysWow64\-1
[2012/06/18 19:21:36 | 000,189,654 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\12W3_MAN.pdf
[2012/06/18 14:45:38 | 001,094,585 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MW3sa_reporting_tool(1).zip
[2012/06/15 10:16:43 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Eusing Free Registry Cleaner.lnk
[2012/06/13 13:44:27 | 005,977,691 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Unbenannt 1.odt
[2012/06/13 12:57:49 | 001,520,361 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Unbenannt-1.jpg
[2012/06/13 12:54:56 | 021,063,251 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Unbenannt-1.psd
[2012/06/13 12:39:51 | 005,441,090 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Unbenannt 1.odt
[2012/06/13 11:01:47 | 374,873,708 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ABBYY_FR11_PE_TRIAL_ESD.exe
[2012/06/13 10:35:28 | 000,118,916 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\alex.pdf
[2012/06/13 10:34:53 | 000,000,447 | ---- | C] () -- C:\user.js
[2012/06/13 10:34:48 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Scan2PDF.lnk
[2012/06/09 14:14:31 | 000,022,325 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\uh44337,1289465820,22muffi_schlumpf.jpg
[2012/06/07 08:52:24 | 000,848,610 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MW3sa_reporting_tool.zip
[2012/03/09 04:41:33 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2012/02/03 16:01:15 | 000,110,592 | ---- | C] () -- C:\WINDOWS\SysWow64\rtvcvfw32.dll
[2011/12/14 11:59:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2011/10/06 15:46:42 | 000,001,478 | ---- | C] () -- C:\WINDOWS\basscad.ini
[2011/09/30 06:43:55 | 000,059,392 | R--- | C] () -- C:\WINDOWS\SysWow64\streamhlp.dll
[2011/09/28 11:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
[2011/09/16 12:18:57 | 000,006,736 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/09/02 05:43:08 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2011/08/28 05:57:34 | 011,165,696 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Sandra.mdb
[2011/08/25 10:00:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\ztvunace26.dll
[2011/08/25 10:00:17 | 000,162,304 | ---- | C] () -- C:\WINDOWS\SysWow64\ztvunrar36.dll
[2011/08/25 10:00:17 | 000,153,088 | ---- | C] () -- C:\WINDOWS\SysWow64\UNRAR3.dll
[2011/08/25 10:00:17 | 000,075,264 | ---- | C] () -- C:\WINDOWS\SysWow64\unacev2.dll
[2011/08/01 03:35:16 | 000,000,030 | ---- | C] () -- C:\Program Files (x86)\Exiferupdate.ini
[2011/07/13 13:15:35 | 000,000,103 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2011/03/08 08:50:45 | 000,044,136 | ---- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2011/02/20 15:51:02 | 000,015,873 | ---- | C] () -- C:\WINDOWS\SysWow64\Inetde.dll
[2011/02/16 08:27:11 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\SysWow64\ezsidmv.dat
[2010/12/01 09:13:04 | 000,008,832 | ---- | C] () -- C:\Program Files (x86)\MainTmp.RPT
[2010/07/17 11:02:38 | 000,000,213 | ---- | C] () -- C:\WINDOWS\SYNOP.INI
[2010/07/17 11:02:37 | 000,000,304 | ---- | C] () -- C:\WINDOWS\WDISPLAY.INI
[2010/06/28 13:57:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\SysWow64\pthreadVC.dll
[2010/06/23 13:58:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\Access.dat
[2010/06/16 15:50:39 | 000,000,307 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/06/08 19:14:10 | 000,024,576 | R--- | C] () -- C:\WINDOWS\SysWow64\AsIO.dll
[2010/06/08 19:14:10 | 000,014,392 | R--- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys
[2010/06/07 10:00:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\chrtmp
[2010/06/07 06:24:13 | 000,271,200 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2010/06/07 06:23:39 | 000,075,136 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2010/06/07 01:11:14 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/07 01:08:23 | 000,024,059 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/07 01:08:23 | 000,010,296 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2010/06/07 01:04:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 17:49:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/06 16:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/07 08:33:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\SysWow64\nview.dll
[2008/10/07 08:33:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\SysWow64\nvwimg.dll
[2007/02/18 11:05:48 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 11:05:46 | 001,274,880 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007/02/18 11:05:46 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 11:05:46 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 11:05:46 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 11:05:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 11:05:40 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 11:05:34 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 11:05:28 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 11:05:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 11:05:20 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2005/03/25 04:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2005/03/25 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2005/03/25 04:00:00 | 000,498,205 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2005/03/25 04:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2005/03/25 04:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2005/03/25 04:00:00 | 000,082,432 | ---- | C] () -- C:\WINDOWS\SysWow64\ieencode.dll
[2005/03/25 04:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2005/03/25 04:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2005/03/25 04:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2005/03/25 04:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2005/03/25 04:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2005/03/25 04:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2005/03/25 04:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe

========== LOP Check ==========

[2011/10/19 19:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.purple
[2010/06/08 09:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ashampoo
[2011/05/07 04:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2011/10/10 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Babylon
[2012/06/17 13:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BOM
[2011/03/20 20:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Command & Conquer 3 Kanes Rache
[2011/03/10 20:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Command & Conquer 3 Tiberium Wars
[2011/10/30 11:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cyad
[2010/06/23 12:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2012/06/13 12:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Downloaded Installations
[2011/09/16 12:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft
[2011/09/16 12:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2011/05/20 17:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EFSoftware
[2011/02/28 16:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\elsterformular
[2012/06/11 06:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2011/03/05 14:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Eumex 2220
[2012/06/13 12:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileOpen
[2011/12/14 14:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GameScanner
[2012/06/22 07:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gslqicfa
[2011/09/02 05:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2011/10/09 19:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ
[2012/06/22 19:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ifsozi
[2011/05/24 10:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\jpg-Illuminator
[2012/06/16 17:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lukyr
[2011/12/18 17:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nitro PDF
[2010/08/04 09:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2012/06/13 10:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Scan2PDF
[2012/04/20 16:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
[2011/09/30 06:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
[2012/04/23 13:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TS3Client
[2012/04/03 10:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tunngle
[2011/10/29 15:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uqelox
[2012/04/03 08:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/06/08 09:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2011/09/30 06:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/10 11:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/02/29 10:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitstream
[2011/07/13 13:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buhl Data Service GmbH
[2010/06/23 12:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/07/11 12:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\elsterformular
[2011/05/24 09:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/03/05 13:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eumex 2220
[2012/06/13 12:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/06/07 05:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameScanner
[2010/06/07 13:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011/05/16 11:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/02/29 12:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/04/20 16:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2011/08/25 10:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/30 06:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrojanHunter
[2010/06/23 13:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2011/12/18 19:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebTemp
[2012/06/15 10:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2012/06/22 19:45:15 | 000,032,540 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========


< End of report >



Hoffe jemand kann mir dabei helfen. Vielen lieben Dank schon mal im vorraus.
MFG Mana

Alt 28.06.2012, 10:10   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
100 Euro Trojaner WIN xp 64 bit - Standard

100 Euro Trojaner WIN xp 64 bit



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Antwort

Themen zu 100 Euro Trojaner WIN xp 64 bit
antivirus, bho, computer, desktop, error, euro, exe, fehler, firefox, google, helper, hotspot, hotspot shield, logfile, mozilla, nvidia update, object, plug-in, port, realtek, registry, scan, services.exe, software, spyware, trojaner, usb, windows, windows xp, winpcap packet driver




Ähnliche Themen: 100 Euro Trojaner WIN xp 64 bit


  1. Windows/Verschluesselungstrojaner WinXP *100 Euro Paysafe / 50 Euro Ucash
    Log-Analyse und Auswertung - 03.05.2012 (11)
  2. 5O euro Trojaner
    Log-Analyse und Auswertung - 22.04.2012 (48)
  3. 50 euro trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (6)
  4. 50 Euro Trojaner
    Log-Analyse und Auswertung - 04.04.2012 (3)
  5. 50 euro trojaner
    Log-Analyse und Auswertung - 03.04.2012 (21)
  6. 50 Euro Trojaner
    Plagegeister aller Art und deren Bekämpfung - 31.03.2012 (4)
  7. 50 Euro Trojaner
    Log-Analyse und Auswertung - 27.03.2012 (10)
  8. 50 Euro Trojaner
    Log-Analyse und Auswertung - 20.03.2012 (21)
  9. AKM Trojaner 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (16)
  10. 50 euro trojaner
    Log-Analyse und Auswertung - 10.03.2012 (1)
  11. 50 Euro Sperre, 50 Euro Virus
    Log-Analyse und Auswertung - 12.02.2012 (14)
  12. 50 euro trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (1)
  13. 50 Euro Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.01.2012 (1)
  14. 50 Euro Trojaner
    Log-Analyse und Auswertung - 04.01.2012 (9)
  15. 50 Euro Trojaner
    Log-Analyse und Auswertung - 03.01.2012 (1)
  16. BKA-Trojaner 100 Euro
    Log-Analyse und Auswertung - 27.07.2011 (5)
  17. BKA Trojaner 100 Euro..
    Log-Analyse und Auswertung - 05.06.2011 (1)

Zum Thema 100 Euro Trojaner WIN xp 64 bit - Hallo Habe OTL PE zum laufen bekommen aber beim scan zeigt er schon Fehler an. OTLPE:OTLPE:exe -Bad Image Log file habe ich erstellt nachdem ich die Meldung immer weiter geklickt - 100 Euro Trojaner WIN xp 64 bit...
Archiv
Du betrachtest: 100 Euro Trojaner WIN xp 64 bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.