Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.06.2013, 11:03   #1
Sniperwurst
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



Hallo alle Miteinander,

Ich habe an meinem Leptop bisschen rumgesurft als dann eine Seite sich öffnete wo steht das ich gegen irgentwas verstossen habe!!
Jetzt ist meine frage ist diese Anzeige wirklich echt oder ist das ein Trojaner der bekämpft werden muss??

Ich sehe das ich nicht der einzige bin!!

http://www.trojaner-board.de/111529-...rrorismus.html

http://www.trojaner-board.de/111495-...ard-100-a.html

Wie bei denn anderen soll ich 100€ über Paysafecard bezahlen sonst wird das nach 72 stunden an die ganz große glocke gehängt!!

Ich bitte um schnelle Hilfe!!

Mit freundlichen Grüßen
Sniperwurst

Alt 06.06.2013, 11:05   #2
markusg
/// Malware-holic
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



Hi,
kommst du an nen pc mit brenner?
download:
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die
Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
         
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs
__________________

__________________

Alt 06.06.2013, 11:15   #3
Sniperwurst
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



Okee alles kalr werde ich machen aber nochmal für dumme!

Also ist das ein Trojaner und nix echtes worauf ich diese 100€ zahlen muss????

Und wenn das ein Trojaner ist was hat der für Auswirkungen??

Lg Sniperwurst
__________________

Alt 06.06.2013, 11:18   #4
markusg
/// Malware-holic
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



was er für auswirkungen hast, siehst du auf deinem Bildschirm :-)
was sonst noch auf dem pc ist, sehe ich nach dem log
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.06.2013, 12:25   #5
Sniperwurst
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



So also die gebrannte CD kann ich aus irgendeinem Grund nicht booten! Kann aber auch daran liegen das ich es nicht kann!
Und wenn ich versuche im abgesicherten Modus zu starten! Fährt er denn leptop gleich wieder runter!
Scheint das der etwas böser ist oder?


Alt 06.06.2013, 12:28   #6
markusg
/// Malware-holic
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



hast du die Bootreihenfolge geändert? lässt sich die cd an nem andern pc starten? wenn du das nicht hinbekommst, solltest du dir evtl. jemand suchen der dir beim brennen hilft.
und ich kann nur sagen, finger weg von seiten wie kinox.to., pornoseiten etc, ist ja deine zweite infektion in nicht mal einem Monat, du solltest dein Surfverhalten mal überdenken :-)
__________________
--> 100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung

Alt 06.06.2013, 12:55   #7
Sniperwurst
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



Jap! Ich gebe dann Bescheid wenn ich die log Datei habe!

So ich bin jetzt so weit das ich OTLPE geöffnet habe aber jetzt stehts da "choose windows directory"!!

Was muss ich jetzt nehmen?
RAMDisk (B
System-reserviert (C
Local Disk (E
Daten(F

Alt 07.06.2013, 14:01   #8
Sniperwurst
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



So hier ist die log datei von OTLPE

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/7/2013 5:35:20 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.28 Mb Free Space | 74.28% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 481.25 Gb Free Space | 51.66% Space Free | Partition Type: NTFS
Drive F: | 48.73 Gb Total Space | 3.74 Gb Free Space | 7.68% Space Free | Partition Type: NTFS
Drive G: | 249.26 Gb Total Space | 21.31 Gb Free Space | 8.55% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/23 14:30:43 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/15 09:43:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 07:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto] -- F:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/30 11:19:30 | 000,296,448 | ---- | M] () [Auto] -- F:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2013/01/09 12:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto] -- F:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013/01/09 12:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto] -- F:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/11/29 09:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) [Auto] -- F:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/07/27 07:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 13:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- F:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/25 07:59:44 | 000,075,136 | ---- | M] () [Auto] -- F:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/07/25 12:41:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/01 17:34:38 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto] -- F:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 17:38:00 | 000,071,096 | ---- | M] () [Auto] -- F:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/05 10:02:16 | 003,453,440 | ---- | M] (Egis Technology Inc.) [Auto] -- F:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 13:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/04/29 20:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto] -- F:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- F:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004/06/13 18:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto] -- F:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/08/03 20:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/07/25 12:41:36 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/25 12:41:36 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- F:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/07 11:27:00 | 000,053,080 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvnusbaudio.sys -- (NvnUsbAudio)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/15 02:46:14 | 000,060,288 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand] -- F:\Windows\System32\drivers\MHIKEY10x64.sys -- (MHIKEY10)
DRV:64bit: - [2010/03/11 05:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand] -- F:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009/09/19 00:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009/09/19 00:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2009/09/19 00:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2009/09/15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/08/22 23:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/08/10 05:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/07 19:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/30 15:43:34 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/04/29 20:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- F:\Windows\System32\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 07:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 07:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 07:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/03/28 01:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- F:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/09/09 11:38:48 | 000,015,656 | ---- | M] () [Kernel | Auto] -- F:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2008/07/26 17:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand] -- F:\Program Files (x86)\BatteryCare\WinRing0x64.sys -- (WinRing0_1_2_0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://www.google.de/
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1368292697806&tguid=43169-3580-1368292697806-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q=
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1368292697806&tguid=43169-3580-1368292697806-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q=
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 77 46 F9 20 1C CC 01  [binary data]
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1368292697806&tguid=43169-3580-1368292697806-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q=
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1368292697806&tguid=43169-3580-1368292697806-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q=
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1368292697806&tguid=43169-3580-1368292697806-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q=
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=fb9c5ef6-ae1c-446f-ba3e-c6393e9d6741&searchtype=ds&q={searchTerms}
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKU\*****_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..backup.old.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..backup.old.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultenginenameS: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.order.1S: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngineS: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1368292697806&tguid=43169-3580-1368292697806-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: F:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.122.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: F:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: F:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: F:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: F:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Users\*****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Users\*****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/02 10:56:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/01/20 16:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/23 14:30:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/09/02 10:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/05/15 14:26:58 | 000,000,000 | ---D | M] (No name found) -- F:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2010/12/18 12:36:01 | 000,000,000 | ---D | M] (No name found) -- F:\Users\*****\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/15 14:26:58 | 000,000,000 | ---D | M] (No name found) -- F:\Users\*****\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013/05/27 09:50:48 | 000,000,000 | ---D | M] (No name found) -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\extensions
[2013/05/21 15:04:17 | 000,000,000 | ---D | M] (Flagfox) -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/10/11 08:07:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/05/27 09:55:11 | 000,000,000 | ---D | M] (HomeTab) -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}
[2013/01/05 15:16:37 | 000,000,000 | ---D | M] (FoxTab) -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\extensions\addon@foxtab.com
[2012/07/04 14:35:08 | 000,000,000 | ---D | M] (Yontoo) -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\extensions\plugin@yontoo.com
[2013/06/02 01:19:55 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-1.xml
[2012/07/04 14:35:42 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-10.xml
[2012/06/29 06:39:27 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-11.xml
[2012/02/23 13:00:43 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-12.xml
[2012/07/30 12:11:22 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-13.xml
[2012/09/02 05:05:32 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-14.xml
[2012/09/07 07:15:25 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-15.xml
[2012/01/18 14:25:39 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-2.xml
[2011/08/18 06:36:05 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-3.xml
[2011/08/25 06:23:11 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-4.xml
[2011/09/06 23:52:38 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-5.xml
[2011/09/09 03:33:22 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-6.xml
[2011/10/07 12:39:10 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-7.xml
[2011/11/08 11:26:48 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-8.xml
[2012/02/03 11:32:11 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-9.xml
[2011/06/26 13:16:41 | 000,001,056 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin.xml
[2012/07/04 14:35:43 | 000,002,305 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\Search.xml
[2013/05/27 09:50:42 | 000,003,307 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\Web Search.xml
[2013/05/23 14:30:44 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/24 01:58:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/23 14:30:44 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/24 01:58:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/23 14:30:44 | 000,000,000 | ---D | M] (Default) -- F:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- 
() (No name found) -- F:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZTHDCB2.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011/10/03 00:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[1999/12/31 11:00:00 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- F:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/09/02 10:56:17 | 000,129,176 | ---- | M] (RealPlayer) -- F:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013/05/27 09:50:42 | 000,003,307 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - No CLSID value found.
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - F:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (FoxTab) - {4DF4AC8C-FFA8-40FF-91F0-EB8389314B78} - F:\Users\*****\AppData\LocalLow\FoxTab\IE\FoxTab.dll (The FoxTab Team)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (HomeTab) - {96edaac7-6183-4cb5-8823-b8b12d94f967} - F:\Users\*****\AppData\Roaming\HomeTab\HomeTab.dll (Simplytech Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - F:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - F:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (HomeTab) - {96edaac7-6183-4cb5-8823-b8b12d94f967} - F:\Users\*****\AppData\Roaming\HomeTab\HomeTab.dll (Simplytech Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] F:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] F:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TkBellExe] F:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\*****_ON_F..\Run: [BatteryCare] F:\Program Files (x86)\BatteryCare\BatteryCare.exe (Filipe Lourenço)
O4 - HKU\*****_ON_F..\Run: [ctfmon32.exe] F:\ProgramData\glot.dat (Microsoft Corporation)
O4 - HKU\*****_ON_F..\Run: [LeechGet]  File not found
O4 - HKU\*****_ON_F..\Run: [SpybotSD TeaTimer] F:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - Startup: F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\*****_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\*****_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O8:64bit: - Extra context menu item: Mit dem LeechGet Wizard laden - F:\Program Files (x86)\LeechGet 2009\Wizard.html ()
O8:64bit: - Extra context menu item: Mit LeechGet herunterladen - F:\Program Files (x86)\LeechGet 2009\AddUrl.html ()
O8:64bit: - Extra context menu item: Mit LeechGet parsen - F:\Program Files (x86)\LeechGet 2009\Parser.html ()
O8 - Extra context menu item: Mit dem LeechGet Wizard laden - F:\Program Files (x86)\LeechGet 2009\Wizard.html ()
O8 - Extra context menu item: Mit LeechGet herunterladen - F:\Program Files (x86)\LeechGet 2009\AddUrl.html ()
O8 - Extra context menu item: Mit LeechGet parsen - F:\Program Files (x86)\LeechGet 2009\Parser.html ()
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - F:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - F:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - F:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - F:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - *****_ON_F\..Trusted Domains: fritz.repeater ([]* in Local intranet)
O15:64bit: - *****_ON_F\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\tolg.bat) - F:\ProgramData\tolg.bat ()
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\*****_ON_F Winlogon: Shell - (Explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - F:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O20 - Winlogon\Notify\spba: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{05e61786-45e8-11e1-a405-00238b163375}\Shell - "" = AutoRun
O33 - MountPoints2\{05e61786-45e8-11e1-a405-00238b163375}\Shell\AutoRun\command - "" = F:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs:64bit: AppMgmt - F:\Windows\System32\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - F:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: C: - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: Dvdtwain - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EADM - hkey= - key= - F:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LManager - hkey= - key= - F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig:64bit - StartUpReg: PLFSetI - hkey= - key= - F:\Windows\PLFSetI.exe ()
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - F:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - F:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - F:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig:64bit - StartUpReg: VitaKeyPdtWzd - hkey= - key= - F:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
MsConfig:64bit - State: "startup" - 2
MsConfig:64bit - State: "bootini" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/06 14:08:41 | 000,000,000 | ---D | C] -- F:\Kaspersky Rescue Disk 10.0
[2013/06/06 05:34:16 | 000,124,928 | ---- | C] (Microsoft Corporation) -- F:\ProgramData\glot.dat
[2013/06/06 05:34:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- F:\ProgramData\rundll32.exe
[2013/06/05 15:05:31 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{CF6D5BD2-79D0-40D1-84A1-FBD43B7A7BEE}
[2013/06/04 14:53:33 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{C7376CE6-6F79-4341-8C98-C5A745249372}
[2013/06/04 01:34:57 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{FB75E28D-8EB2-4350-A185-EDB60366246C}
[2013/06/03 13:19:29 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{EFD980F8-8498-4DF7-9DBB-9999EB894DAD}
[2013/06/03 01:19:06 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{93F77A7B-8DE3-4F5E-90EE-0662394E53A0}
[2013/06/02 12:36:34 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{313F8450-29E4-4C5A-AB43-7F17EF5002B9}
[2013/06/01 18:27:52 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{9CC9522F-4F8D-4A01-A2C1-3AF99219C923}
[2013/06/01 06:10:48 | 000,000,000 | ---D | C] -- F:\Users\*****\Desktop\DVD-R
[2013/05/31 16:47:49 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{5D48A486-E199-4191-A978-A03FCACAFEC0}
[2013/05/30 03:33:34 | 001,054,720 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\MsSpellCheckingFacility.exe
[2013/05/30 03:33:34 | 000,226,304 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\elshyph.dll
[2013/05/30 03:33:34 | 000,185,344 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\elshyph.dll
[2013/05/30 03:33:34 | 000,158,720 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msls31.dll
[2013/05/30 03:33:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/30 03:33:33 | 002,877,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript9.dll
[2013/05/30 03:33:33 | 000,719,360 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/30 03:33:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript.dll
[2013/05/30 03:33:33 | 000,493,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeeds.dll
[2013/05/30 03:33:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieui.dll
[2013/05/30 03:33:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msrating.dll
[2013/05/30 03:33:33 | 000,150,528 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iexpress.exe
[2013/05/30 03:33:33 | 000,138,752 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\wextract.exe
[2013/05/30 03:33:33 | 000,137,216 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieUnatt.exe
[2013/05/30 03:33:33 | 000,125,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\occache.dll
[2013/05/30 03:33:33 | 000,117,248 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iepeers.dll
[2013/05/30 03:33:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\IEAdvpack.dll
[2013/05/30 03:33:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iesysprep.dll
[2013/05/30 03:33:33 | 000,082,432 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\inseng.dll
[2013/05/30 03:33:33 | 000,079,872 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmled.dll
[2013/05/30 03:33:33 | 000,073,728 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/30 03:33:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\pngfilt.dll
[2013/05/30 03:33:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmler.dll
[2013/05/30 03:33:33 | 000,038,400 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\imgutil.dll
[2013/05/30 03:33:33 | 000,011,776 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeedssync.exe
[2013/05/30 03:33:32 | 001,441,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\inetcpl.cpl
[2013/05/30 03:33:32 | 001,400,416 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieapfltr.dat
[2013/05/30 03:33:32 | 001,400,416 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieapfltr.dat
[2013/05/30 03:33:32 | 000,905,728 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtmlmedia.dll
[2013/05/30 03:33:32 | 000,762,368 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieapfltr.dll
[2013/05/30 03:33:32 | 000,629,248 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieapfltr.dll
[2013/05/30 03:33:32 | 000,452,096 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\dxtmsft.dll
[2013/05/30 03:33:32 | 000,441,856 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\html.iec
[2013/05/30 03:33:32 | 000,361,984 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\html.iec
[2013/05/30 03:33:32 | 000,357,888 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\dxtmsft.dll
[2013/05/30 03:33:32 | 000,281,600 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\dxtrans.dll
[2013/05/30 03:33:32 | 000,235,008 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\url.dll
[2013/05/30 03:33:32 | 000,232,960 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\url.dll
[2013/05/30 03:33:32 | 000,226,816 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\dxtrans.dll
[2013/05/30 03:33:32 | 000,216,064 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msls31.dll
[2013/05/30 03:33:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msrating.dll
[2013/05/30 03:33:32 | 000,089,600 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/30 03:33:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\icardie.dll
[2013/05/30 03:33:32 | 000,069,120 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\icardie.dll
[2013/05/30 03:33:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesetup.dll
[2013/05/30 03:33:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\tdc.ocx
[2013/05/30 03:33:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iesetup.dll
[2013/05/30 03:33:32 | 000,051,712 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ie4uinit.exe
[2013/05/30 03:33:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iernonce.dll
[2013/05/30 03:33:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iernonce.dll
[2013/05/30 03:33:32 | 000,023,040 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\licmgr10.dll
[2013/05/30 03:33:31 | 003,958,784 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2013/05/30 03:33:31 | 001,509,376 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\inetcpl.cpl
[2013/05/30 03:33:31 | 000,855,552 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2013/05/30 03:33:31 | 000,603,136 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeeds.dll
[2013/05/30 03:33:31 | 000,599,552 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\vbscript.dll
[2013/05/30 03:33:31 | 000,526,336 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2013/05/30 03:33:31 | 000,173,568 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieUnatt.exe
[2013/05/30 03:33:31 | 000,167,424 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iexpress.exe
[2013/05/30 03:33:31 | 000,149,504 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\occache.dll
[2013/05/30 03:33:31 | 000,144,896 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wextract.exe
[2013/05/30 03:33:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesysprep.dll
[2013/05/30 03:33:31 | 000,136,192 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iepeers.dll
[2013/05/30 03:33:31 | 000,135,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\IEAdvpack.dll
[2013/05/30 03:33:31 | 000,102,912 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\inseng.dll
[2013/05/30 03:33:31 | 000,097,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtmled.dll
[2013/05/30 03:33:31 | 000,092,160 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\SetIEInstalledDate.exe
[2013/05/30 03:33:31 | 000,077,312 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\tdc.ocx
[2013/05/30 03:33:31 | 000,062,976 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\pngfilt.dll
[2013/05/30 03:33:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\imgutil.dll
[2013/05/30 03:33:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtmler.dll
[2013/05/30 03:33:31 | 000,027,648 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\licmgr10.dll
[2013/05/30 03:33:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshta.exe
[2013/05/30 03:33:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeedssync.exe
[2013/05/28 01:23:12 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{00843B58-8D0D-4E4C-9F42-0BF228FCB07C}
[2013/05/26 07:56:15 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{19E09898-F62E-42D4-A70F-1BB5964EDEB3}
[2013/05/24 14:57:49 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{A2200BC2-173F-4321-87B8-A9D941E9F7E9}
[2013/05/24 01:58:34 | 000,000,000 | -HSD | C] -- F:\Config.Msi
[2013/05/23 14:30:36 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Mozilla Firefox
[2013/05/23 01:45:34 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{0F67ABEF-8B1F-4C97-B9AF-77C4CB53794B}
[2013/05/19 05:46:58 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{AB07E5C9-0756-4E1E-ADA6-9B6C3F556BEA}
[2013/05/18 09:34:02 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{4EB15B87-D09F-46A4-9D6A-6D6D06AD9255}
[2013/05/17 14:09:12 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{51F7C562-0ED0-46D1-8D52-5552CE1F4771}
[2013/05/16 16:20:17 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{6B8EC0F1-6758-448B-9C02-5BEAD7003D54}
[2013/05/15 09:44:32 | 000,265,064 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 09:44:32 | 000,144,384 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\cdd.dll
[2013/05/15 09:44:13 | 001,930,752 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\authui.dll
[2013/05/15 09:44:13 | 000,197,120 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\shdocvw.dll
[2013/05/15 09:44:12 | 001,796,096 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\authui.dll
[2013/05/15 09:44:12 | 000,111,448 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\consent.exe
[2013/05/15 09:44:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wwanprotdim.dll
[2013/05/14 01:06:38 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{F93FD928-D108-49A1-86ED-A39CA8893ED9}
[2013/05/13 18:15:19 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{2768ABBB-5A41-42AE-A5C0-AE1135D418E9}
[2013/05/12 14:14:17 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{9DF15C58-DAAB-41F3-8B11-E5A0B8F10E19}
[2013/05/09 07:47:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- F:\Users\*****\Desktop\OTL.exe
[2 F:\Users\*****\Desktop\*.tmp files -> F:\Users\*****\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/06 13:09:55 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2013/06/06 13:09:31 | 095,023,320 | ---- | M] () -- F:\ProgramData\tolg.pad
[2013/06/06 13:09:18 | 000,002,621 | ---- | M] () -- F:\ProgramData\tolg.js
[2013/06/06 13:09:07 | 000,001,104 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/06 13:08:39 | 000,000,388 | -H-- | M] () -- F:\Windows\tasks\{C6688CF8-E8EC-479A-B410-D0D5CAC32B21}.job
[2013/06/06 13:06:45 | 3217,182,720 | -HS- | M] () -- F:\hiberfil.sys
[2013/06/06 07:09:21 | 000,000,000 | ---- | M] () -- F:\Users\*****\AppData\Roaming\skype.ini
[2013/06/06 05:47:20 | 000,013,568 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/06 05:47:20 | 000,013,568 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/06 05:43:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/06 05:34:34 | 000,001,023 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/06 05:34:24 | 000,000,150 | ---- | M] () -- F:\ProgramData\tolg.reg
[2013/06/06 05:34:24 | 000,000,055 | ---- | M] () -- F:\ProgramData\tolg.bat
[2013/06/06 05:34:16 | 000,124,928 | ---- | M] (Microsoft Corporation) -- F:\ProgramData\glot.dat
[2013/06/06 05:34:16 | 000,044,544 | ---- | M] (Microsoft Corporation) -- F:\ProgramData\rundll32.exe
[2013/06/06 05:24:00 | 000,001,120 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4142259043-113316378-2562792309-1000UA.job
[2013/06/06 05:24:00 | 000,001,068 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4142259043-113316378-2562792309-1000Core.job
[2013/06/06 05:10:00 | 000,001,108 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/06 04:00:18 | 000,343,557 | ---- | M] () -- F:\Users\*****\Desktop\43364[1].jpg
[2013/06/06 03:43:59 | 000,328,675 | ---- | M] () -- F:\Users\*****\Desktop\43358[1].jpg
[2013/06/06 03:42:21 | 000,179,081 | ---- | M] () -- F:\Users\*****\Desktop\43356[1].jpg
[2013/06/05 15:03:58 | 000,001,049 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/05/30 03:33:34 | 001,054,720 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\MsSpellCheckingFacility.exe
[2013/05/30 03:33:34 | 000,226,304 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\elshyph.dll
[2013/05/30 03:33:34 | 000,185,344 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\elshyph.dll
[2013/05/30 03:33:34 | 000,158,720 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\msls31.dll
[2013/05/30 03:33:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/30 03:33:33 | 002,877,440 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript9.dll
[2013/05/30 03:33:33 | 000,719,360 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/30 03:33:33 | 000,690,688 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript.dll
[2013/05/30 03:33:33 | 000,493,056 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeeds.dll
[2013/05/30 03:33:33 | 000,391,168 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\ieui.dll
[2013/05/30 03:33:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\msrating.dll
[2013/05/30 03:33:33 | 000,150,528 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\iexpress.exe
[2013/05/30 03:33:33 | 000,138,752 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\wextract.exe
[2013/05/30 03:33:33 | 000,137,216 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\ieUnatt.exe
[2013/05/30 03:33:33 | 000,125,440 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\occache.dll
[2013/05/30 03:33:33 | 000,117,248 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\iepeers.dll
[2013/05/30 03:33:33 | 000,110,592 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\IEAdvpack.dll
[2013/05/30 03:33:33 | 000,109,056 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\iesysprep.dll
[2013/05/30 03:33:33 | 000,082,432 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\inseng.dll
[2013/05/30 03:33:33 | 000,079,872 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmled.dll
[2013/05/30 03:33:33 | 000,073,728 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/30 03:33:33 | 000,057,344 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\pngfilt.dll
[2013/05/30 03:33:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmler.dll
[2013/05/30 03:33:33 | 000,038,400 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\imgutil.dll
[2013/05/30 03:33:33 | 000,011,776 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeedssync.exe
[2013/05/30 03:33:32 | 001,441,280 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\inetcpl.cpl
[2013/05/30 03:33:32 | 001,400,416 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\ieapfltr.dat
[2013/05/30 03:33:32 | 001,400,416 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ieapfltr.dat
[2013/05/30 03:33:32 | 000,905,728 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\mshtmlmedia.dll
[2013/05/30 03:33:32 | 000,762,368 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ieapfltr.dll
[2013/05/30 03:33:32 | 000,629,248 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\ieapfltr.dll
[2013/05/30 03:33:32 | 000,452,096 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\dxtmsft.dll
[2013/05/30 03:33:32 | 000,441,856 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\html.iec
[2013/05/30 03:33:32 | 000,361,984 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\html.iec
[2013/05/30 03:33:32 | 000,357,888 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\dxtmsft.dll
[2013/05/30 03:33:32 | 000,281,600 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\dxtrans.dll
[2013/05/30 03:33:32 | 000,235,008 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\url.dll
[2013/05/30 03:33:32 | 000,232,960 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\url.dll
[2013/05/30 03:33:32 | 000,226,816 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\dxtrans.dll
[2013/05/30 03:33:32 | 000,216,064 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msls31.dll
[2013/05/30 03:33:32 | 000,197,120 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msrating.dll
[2013/05/30 03:33:32 | 000,089,600 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/30 03:33:32 | 000,081,408 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\icardie.dll
[2013/05/30 03:33:32 | 000,069,120 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\icardie.dll
[2013/05/30 03:33:32 | 000,067,072 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iesetup.dll
[2013/05/30 03:33:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\tdc.ocx
[2013/05/30 03:33:32 | 000,061,440 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\iesetup.dll
[2013/05/30 03:33:32 | 000,051,712 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ie4uinit.exe
[2013/05/30 03:33:32 | 000,039,936 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iernonce.dll
[2013/05/30 03:33:32 | 000,033,280 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\iernonce.dll
[2013/05/30 03:33:32 | 000,025,185 | ---- | M] () -- F:\Windows\SysWow64\ieuinit.inf
[2013/05/30 03:33:32 | 000,025,185 | ---- | M] () -- F:\Windows\System32\ieuinit.inf
[2013/05/30 03:33:32 | 000,023,040 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\licmgr10.dll
[2013/05/30 03:33:31 | 003,958,784 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2013/05/30 03:33:31 | 001,509,376 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\inetcpl.cpl
[2013/05/30 03:33:31 | 000,855,552 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2013/05/30 03:33:31 | 000,603,136 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msfeeds.dll
[2013/05/30 03:33:31 | 000,599,552 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\vbscript.dll
[2013/05/30 03:33:31 | 000,526,336 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2013/05/30 03:33:31 | 000,173,568 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ieUnatt.exe
[2013/05/30 03:33:31 | 000,167,424 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iexpress.exe
[2013/05/30 03:33:31 | 000,149,504 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\occache.dll
[2013/05/30 03:33:31 | 000,144,896 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\wextract.exe
[2013/05/30 03:33:31 | 000,136,704 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iesysprep.dll
[2013/05/30 03:33:31 | 000,136,192 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iepeers.dll
[2013/05/30 03:33:31 | 000,135,680 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\IEAdvpack.dll
[2013/05/30 03:33:31 | 000,102,912 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\inseng.dll
[2013/05/30 03:33:31 | 000,097,280 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\mshtmled.dll
[2013/05/30 03:33:31 | 000,092,160 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\SetIEInstalledDate.exe
[2013/05/30 03:33:31 | 000,077,312 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\tdc.ocx
[2013/05/30 03:33:31 | 000,062,976 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\pngfilt.dll
[2013/05/30 03:33:31 | 000,051,200 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\imgutil.dll
[2013/05/30 03:33:31 | 000,048,640 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\mshtmler.dll
[2013/05/30 03:33:31 | 000,027,648 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\licmgr10.dll
[2013/05/30 03:33:31 | 000,013,824 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\mshta.exe
[2013/05/30 03:33:31 | 000,012,800 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msfeedssync.exe
[2013/05/28 09:20:53 | 000,660,032 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2013/05/28 09:20:53 | 000,621,278 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2013/05/28 09:20:53 | 000,132,144 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2013/05/28 09:20:53 | 000,108,352 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2013/05/18 12:10:11 | 001,386,191 | ---- | M] () -- F:\Users\*****\Desktop\claas_trainee_broschuere_de.pdf
[2013/05/16 13:19:26 | 000,418,816 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2013/05/15 09:43:59 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 09:43:59 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/12 23:52:48 | 000,023,624 | ---- | M] () -- F:\Windows\Launcher.exe
[2013/05/09 10:27:38 | 001,269,060 | ---- | M] () -- F:\Users\*****\Desktop\zoek (1).exe
[2013/05/09 07:46:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Users\*****\Desktop\OTL.exe
[2013/05/09 07:43:23 | 000,816,128 | ---- | M] () -- F:\Users\*****\Desktop\RogueKiller_8.5.4.exe
[2 F:\Users\*****\Desktop\*.tmp files -> F:\Users\*****\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/06 13:09:18 | 000,002,621 | ---- | C] () -- F:\ProgramData\tolg.js
[2013/06/06 05:37:59 | 000,000,000 | ---- | C] () -- F:\Users\*****\AppData\Roaming\skype.ini
[2013/06/06 05:34:34 | 000,001,023 | ---- | C] () -- F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/06 05:34:24 | 000,000,150 | ---- | C] () -- F:\ProgramData\tolg.reg
[2013/06/06 05:34:24 | 000,000,055 | ---- | C] () -- F:\ProgramData\tolg.bat
[2013/06/06 05:34:22 | 095,023,320 | ---- | C] () -- F:\ProgramData\tolg.pad
[2013/06/06 04:00:24 | 000,343,557 | ---- | C] () -- F:\Users\*****\Desktop\43364[1].jpg
[2013/06/06 03:44:04 | 000,328,675 | ---- | C] () -- F:\Users\*****\Desktop\43358[1].jpg
[2013/06/06 03:43:35 | 000,179,081 | ---- | C] () -- F:\Users\*****\Desktop\43356[1].jpg
[2013/05/30 03:33:32 | 000,025,185 | ---- | C] () -- F:\Windows\SysWow64\ieuinit.inf
[2013/05/30 03:33:32 | 000,025,185 | ---- | C] () -- F:\Windows\System32\ieuinit.inf
[2013/05/18 12:10:10 | 001,386,191 | ---- | C] () -- F:\Users\*****\Desktop\claas_trainee_broschuere_de.pdf
[2013/05/09 12:42:22 | 001,269,060 | ---- | C] () -- F:\Users\*****\Desktop\zoek (1).exe
[2013/05/09 07:43:35 | 000,816,128 | ---- | C] () -- F:\Users\*****\Desktop\RogueKiller_8.5.4.exe
[2013/04/30 13:49:43 | 000,023,624 | ---- | C] () -- F:\Windows\Launcher.exe
[2013/02/08 09:20:51 | 000,007,605 | ---- | C] () -- F:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2012/07/04 14:35:11 | 000,302,425 | ---- | C] () -- F:\Users\*****\AppData\Local\funmoods-speeddial.crx
[2012/07/04 14:35:11 | 000,031,470 | ---- | C] () -- F:\Users\*****\AppData\Local\funmoods.crx
[2012/06/10 05:19:19 | 000,004,096 | -H-- | C] () -- F:\Users\*****\AppData\Local\keyfile3.drm
[2012/01/11 14:22:38 | 000,143,360 | ---- | C] () -- F:\Users\*****\AppData\Roaming\skype.dat
[2011/09/10 08:30:40 | 000,192,512 | ---- | C] () -- F:\Windows\SysWow64\srkey.exe
[2011/08/19 08:53:40 | 000,280,904 | ---- | C] () -- F:\Windows\SysWow64\PnkBstrB.exe
[2011/08/19 08:50:54 | 000,075,136 | ---- | C] () -- F:\Windows\SysWow64\PnkBstrA.exe
[2011/07/12 14:54:04 | 000,000,000 | ---- | C] () -- F:\Users\*****\AppData\Local\{90B918B1-3257-4DFA-A46C-9192F8DC42DE}
[2011/02/25 10:13:29 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2010/11/30 12:54:04 | 000,015,872 | ---- | C] () -- F:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/18 12:56:00 | 000,000,030 | ---- | C] () -- F:\Windows\SysWow64\brss01a.ini
[2010/10/18 12:55:59 | 000,000,463 | ---- | C] () -- F:\Windows\BRWMARK.INI
[2010/10/18 12:55:59 | 000,000,053 | ---- | C] () -- F:\Windows\BRPP2KA.INI
[2010/10/11 11:07:07 | 000,626,688 | ---- | C] () -- F:\Windows\Image.dll
[2010/10/11 11:07:07 | 000,200,704 | ---- | C] () -- F:\Windows\PLFSetI.exe
[2010/10/11 11:07:07 | 000,020,480 | ---- | C] () -- F:\Windows\USB_VIDEO_REG.exe
[2010/10/11 11:07:07 | 000,000,323 | ---- | C] () -- F:\Windows\PidList.ini
[2010/10/11 09:54:02 | 001,536,510 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/11 09:06:43 | 000,000,056 | -H-- | C] () -- F:\Windows\SysWow64\ezsidmv.dat
[2010/10/11 08:15:27 | 000,000,400 | ---- | C] () -- F:\Windows\ODBC.INI
[2010/10/11 08:11:15 | 000,001,171 | ---- | C] () -- F:\Windows\unins000.dat
[2010/10/11 08:04:57 | 000,000,000 | ---- | C] () -- F:\Windows\nsreg.dat
[2010/10/11 08:03:18 | 000,007,168 | ---- | C] () -- F:\Windows\SysWow64\drivers\StarOpen.sys
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/19 14:06:22 | 000,197,912 | ---- | C] () -- F:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelFrench.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
[2008/09/11 14:01:00 | 000,081,920 | ---- | C] () -- F:\Windows\SysWow64\INT15.dll
[2008/09/09 11:38:48 | 000,097,792 | ---- | C] () -- F:\Windows\SysWow64\INT15_64.dll
[2008/09/09 11:38:48 | 000,015,656 | ---- | C] () -- F:\Windows\SysWow64\drivers\int15_64.sys
[2008/03/12 13:52:34 | 000,069,632 | ---- | C] () -- F:\Windows\SysWow64\drivers\int15.sys
 
========== LOP Check ==========
 
[2012/02/14 14:17:31 | 000,000,000 | ---D | M] -- F:\ProgramData\Ableton
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2013/01/20 16:49:49 | 000,000,000 | ---D | M] -- F:\ProgramData\BetterSoft
[2010/10/11 08:03:30 | 000,000,000 | ---D | M] -- F:\ProgramData\Canneverbe Limited
[2013/01/20 16:50:13 | 000,000,000 | ---D | M] -- F:\ProgramData\CLSoft LTD
[2012/05/29 14:39:47 | 000,000,000 | -H-D | M] -- F:\ProgramData\Common Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2013/01/20 16:50:14 | 000,000,000 | ---D | M] -- F:\ProgramData\InstallMate
[2013/04/30 13:49:12 | 000,000,000 | ---D | M] -- F:\ProgramData\Package Cache
[2011/08/30 10:11:25 | 000,000,000 | ---D | M] -- F:\ProgramData\RapidSolution
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2012/07/04 14:35:07 | 000,000,000 | ---D | M] -- F:\ProgramData\Tarma Installer
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2011/05/15 14:28:12 | 000,000,000 | ---D | M] -- F:\ProgramData\TomTom
[2012/05/29 14:40:26 | 000,000,000 | ---D | M] -- F:\ProgramData\TuneUp Software
[2012/05/29 14:39:47 | 000,000,000 | -HSD | M] -- F:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/01/06 10:25:28 | 000,000,000 | -H-D | M] -- F:\ProgramData\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A}
[2013/05/16 13:19:16 | 000,032,640 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
[2013/06/06 13:08:39 | 000,000,388 | -H-- | M] () -- F:\Windows\Tasks\{C6688CF8-E8EC-479A-B410-D0D5CAC32B21}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/10/11 07:33:18 | 000,000,000 | -HSD | M] -- F:\$Recycle.Bin
[2013/05/24 04:23:27 | 000,000,000 | -HSD | M] -- F:\Config.Msi
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\Documents and Settings
[2013/01/22 16:04:23 | 000,000,000 | ---D | M] -- F:\Fraps
[2013/06/06 15:02:58 | 000,000,000 | ---D | M] -- F:\Kaspersky Rescue Disk 10.0
[2012/05/31 11:58:46 | 000,000,000 | RH-D | M] -- F:\MSOCache
[2013/01/06 10:24:23 | 000,000,000 | R--D | M] -- F:\Program Files
[2013/05/24 01:57:06 | 000,000,000 | R--D | M] -- F:\Program Files (x86)
[2013/06/06 13:09:18 | 000,000,000 | -H-D | M] -- F:\ProgramData
[2010/10/11 07:32:44 | 000,000,000 | -HSD | M] -- F:\Recovery
[2013/06/06 04:55:57 | 000,000,000 | -HSD | M] -- F:\System Volume Information
[2012/06/13 18:08:35 | 000,000,000 | R--D | M] -- F:\Users
[2013/06/06 07:12:44 | 000,000,000 | ---D | M] -- F:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/06/04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- F:\Windows\System32\drivers\iaStor.sys
[2009/06/04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- F:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         
--- --- ---

Alt 08.06.2013, 15:06   #9
Sniperwurst
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



Eine Frage, kann ein anderer Profi als Vertretung mein Fall weiter behandeln oder geht das nicht?
Es ist nur so das der Laptop viel in Benutzung ist, von daher wäre es hammer wenn dieser Fall schnell vom Tisch wäre!!
Entschuldigung für meine ungeduld!!

Mit freundlichen Grüßen

Sniperwurst

Alt 08.06.2013, 16:35   #10
markusg
/// Malware-holic
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



wir haben auch wochenende, wenns nicht schnell genug geht, musst du eben in ein PC Fachgeschäft gehen und für geleistete Arbeit zahlen.
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - HKU\*****_ON_F..\Run: [ctfmon32.exe] F:\ProgramData\glot.dat (Microsoft Corporation)
O4 - HKU\*****_ON_F..\Run: [ctfmon32.exe] F:\ProgramData\glot.dat (Microsoft Corporation)
[2013/06/06 05:34:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- F:
\ProgramData\rundll32.exe
[2013/06/06 13:09:31 | 095,023,320 | ---- | M] () -- F:\ProgramData\tolg.pad
[2013/06/06 13:09:18 | 000,002,621 | ---- | M] () -- F:\ProgramData\tolg.js
[2013/06/06 05:34:34 | 000,001,023 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/06 05:34:24 | 000,000,150 | ---- | M] () -- F:\ProgramData\tolg.reg
[2013/06/06 05:34:24 | 000,000,055 | ---- | M] () -- F:\ProgramData\tolg.bat
O4 - Startup: F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ()
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.06.2013, 16:40   #11
Sniperwurst
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



Okee ich danke dir vielmals!
Ich werde es gleich in Angriff nehmen!!

Mit freundlichen Grüßen

Sniperwurst

Alt 08.06.2013, 16:41   #12
markusg
/// Malware-holic
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



bitte solche zwischenposts weg lassen, da sonst neue an den angehangen werden und ich hier dann immer reingucken muss
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.06.2013, 17:20   #13
Sniperwurst
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



Code:
ATTFilter
========== OTL ==========
Registry key HKEY_USERS\*****_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
File F:\ProgramData\glot.dat not found.
Registry key HKEY_USERS\*****_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
File F:\ProgramData\glot.dat not found.
File F: not found.
File F:\ProgramData\tolg.pad not found.
File F:\ProgramData\tolg.js not found.
File F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk not found.
File F:\ProgramData\tolg.reg not found.
File F:\ProgramData\tolg.bat not found.
File F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Deeke
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Deeke
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06082013_231726
         

Alt 08.06.2013, 17:25   #14
markusg
/// Malware-holic
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



normaler Modus geht? dann:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.06.2013, 17:41   #15
Sniperwurst
 
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Standard

100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung



so der pc startet wieder normal und der TDSSKiller hat nix gefunden!!

Antwort

Themen zu 100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung
100€ paysafecard, andere, anderen, anzeige, bekämpft, bezahlen, einzige, hijack.searchpage, hilfe!, miteinander, paysafecard, pup.funmoods, riskware.crk, schnelle, schnelle hilfe, troja, trojan.agent.rf, trojan.backdoor, trojan.fakems, trojaner, urheberrechtsverletzung, wirklich, zahlung




Ähnliche Themen: 100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung


  1. WINDOWS 7 - Sperrbildschirm und Aufforderung zur Zahlung per PaySafeCard
    Log-Analyse und Auswertung - 10.11.2014 (1)
  2. Windows 7 Angebliches BSI sperrt Rechner wg Urheberrechtsverletzung paysafecard
    Log-Analyse und Auswertung - 13.04.2014 (14)
  3. Urheberrechtsverletzung Suisa
    Log-Analyse und Auswertung - 28.12.2013 (1)
  4. Gesellschaft für Urheberrechtsverletzung Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.11.2013 (18)
  5. Gesellschaft für Urheberrechtsverletzung
    Plagegeister aller Art und deren Bekämpfung - 11.10.2013 (7)
  6. Trojaner windows7 64bit, 100€Mahnung wegen angeblicher Urheberrechtsverletzung, sperrbildschirm
    Log-Analyse und Auswertung - 09.10.2013 (3)
  7. Gesellschaft für Urheberrechtsverletzung - zwei Trojaner
    Log-Analyse und Auswertung - 05.07.2013 (1)
  8. GVU Trojaner Urheberrechtsverletzung Webcam
    Log-Analyse und Auswertung - 21.06.2013 (12)
  9. Trojaner - GVU (Urheberrechtsverletzung ohne Webcam)
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (53)
  10. Trojaner - GVU (Urheberrechtsverletzung mit Webcam)
    Log-Analyse und Auswertung - 08.05.2013 (9)
  11. Virus GVU - Urheberrechtsverletzung
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (26)
  12. Trojan.FakeMS, Rechner gesperrt, GVU Trojaner (BSI) Webcam-Fake, Zahlung: PaysafeCard, UKash
    Log-Analyse und Auswertung - 30.11.2012 (1)
  13. PC wird gesperrt wegen Verstoß - gegen Zahlung von 100 € wird die Sperrung aufgehoben
    Log-Analyse und Auswertung - 06.09.2012 (11)
  14. Virus Urheberrechtsverletzung mit Webcam
    Log-Analyse und Auswertung - 13.07.2012 (17)
  15. Virus Urheberrechtsverletzung mit Webcam
    Mülltonne - 11.07.2012 (1)
  16. Urheberrechtsverletzung Trojaner Bild freeze
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (11)
  17. Trojaner 100 Euro mit Paysafecard bezahlen (wegen terroristischer Aktivität usw)
    Log-Analyse und Auswertung - 22.03.2012 (3)

Zum Thema 100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung - Hallo alle Miteinander, Ich habe an meinem Leptop bisschen rumgesurft als dann eine Seite sich öffnete wo steht das ich gegen irgentwas verstossen habe!! Jetzt ist meine frage ist diese - 100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung...

Alle Zeitangaben in WEZ +1. Es ist jetzt 02:10 Uhr.


Copyright ©2000-2024, Trojaner-Board
Archiv
Du betrachtest: 100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.