Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung (https://www.trojaner-board.de/136114-100-paysafecard-zahlung-wegen-urheberrechtsverletzung.html)

Sniperwurst 06.06.2013 11:03
100€ PaysafeCard Zahlung wegen Urheberrechtsverletzung
 
Hallo alle Miteinander,

Ich habe an meinem Leptop bisschen rumgesurft als dann eine Seite sich öffnete wo steht das ich gegen irgentwas verstossen habe!!
Jetzt ist meine frage ist diese Anzeige wirklich echt oder ist das ein Trojaner der bekämpft werden muss??

Ich sehe das ich nicht der einzige bin!!

http://www.trojaner-board.de/111529-...rrorismus.html

http://www.trojaner-board.de/111495-...ard-100-a.html

Wie bei denn anderen soll ich 100€ über Paysafecard bezahlen sonst wird das nach 72 stunden an die ganz große glocke gehängt!!

Ich bitte um schnelle Hilfe!!

Mit freundlichen Grüßen
Sniperwurst

markusg 06.06.2013 11:05
Hi,
kommst du an nen pc mit brenner?
download:
http://filepony.de/download-otlpe/
und brenne es mit ISOBurner auf eine CD.
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

Sniperwurst 06.06.2013 11:15
Okee alles kalr werde ich machen aber nochmal für dumme!

Also ist das ein Trojaner und nix echtes worauf ich diese 100€ zahlen muss????

Und wenn das ein Trojaner ist was hat der für Auswirkungen??

Lg Sniperwurst

markusg 06.06.2013 11:18
was er für auswirkungen hast, siehst du auf deinem Bildschirm :-)
was sonst noch auf dem pc ist, sehe ich nach dem log

Sniperwurst 06.06.2013 12:25
So also die gebrannte CD kann ich aus irgendeinem Grund nicht booten! Kann aber auch daran liegen das ich es nicht kann!
Und wenn ich versuche im abgesicherten Modus zu starten! Fährt er denn leptop gleich wieder runter!
Scheint das der etwas böser ist oder?

markusg 06.06.2013 12:28
hast du die Bootreihenfolge geändert? lässt sich die cd an nem andern pc starten? wenn du das nicht hinbekommst, solltest du dir evtl. jemand suchen der dir beim brennen hilft.
und ich kann nur sagen, finger weg von seiten wie kinox.to., pornoseiten etc, ist ja deine zweite infektion in nicht mal einem Monat, du solltest dein Surfverhalten mal überdenken :-)

Sniperwurst 06.06.2013 12:55
Jap! Ich gebe dann Bescheid wenn ich die log Datei habe!

So ich bin jetzt so weit das ich OTLPE geöffnet habe aber jetzt stehts da "choose windows directory"!!

Was muss ich jetzt nehmen?
RAMDisk (B:)
System-reserviert (C:)
Local Disk (E:)
Daten(F:)

Sniperwurst 07.06.2013 14:01
So hier ist die log datei von OTLPE

OTL Logfile:
Code:
OTL logfile created on: 6/7/2013 5:35:20 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.28 Mb Free Space | 74.28% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 481.25 Gb Free Space | 51.66% Space Free | Partition Type: NTFS
Drive F: | 48.73 Gb Total Space | 3.74 Gb Free Space | 7.68% Space Free | Partition Type: NTFS
Drive G: | 249.26 Gb Total Space | 21.31 Gb Free Space | 8.55% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/23 14:30:43 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/15 09:43:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 07:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto] -- F:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/30 11:19:30 | 000,296,448 | ---- | M] () [Auto] -- F:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2013/01/09 12:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto] -- F:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013/01/09 12:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto] -- F:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/11/29 09:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) [Auto] -- F:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/07/27 07:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 13:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- F:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/25 07:59:44 | 000,075,136 | ---- | M] () [Auto] -- F:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/07/25 12:41:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/01 17:34:38 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto] -- F:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 17:38:00 | 000,071,096 | ---- | M] () [Auto] -- F:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/05 10:02:16 | 003,453,440 | ---- | M] (Egis Technology Inc.) [Auto] -- F:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 13:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/04/29 20:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto] -- F:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- F:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004/06/13 18:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto] -- F:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/08/03 20:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/07/25 12:41:36 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/25 12:41:36 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- F:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/07 11:27:00 | 000,053,080 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvnusbaudio.sys -- (NvnUsbAudio)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/15 02:46:14 | 000,060,288 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand] -- F:\Windows\System32\drivers\MHIKEY10x64.sys -- (MHIKEY10)
DRV:64bit: - [2010/03/11 05:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand] -- F:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009/09/19 00:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009/09/19 00:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2009/09/19 00:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2009/09/15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/08/22 23:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/08/10 05:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/07 19:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/30 15:43:34 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/04/29 20:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- F:\Windows\System32\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 07:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 07:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 07:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/03/28 01:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- F:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/09/09 11:38:48 | 000,015,656 | ---- | M] () [Kernel | Auto] -- F:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2008/07/26 17:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand] -- F:\Program Files (x86)\BatteryCare\WinRing0x64.sys -- (WinRing0_1_2_0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://www.google.de/
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1368292697806&tguid=43169-3580-1368292697806-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q=
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1368292697806&tguid=43169-3580-1368292697806-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q=
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 77 46 F9 20 1C CC 01  [binary data]
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1368292697806&tguid=43169-3580-1368292697806-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q=
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1368292697806&tguid=43169-3580-1368292697806-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q=
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1368292697806&tguid=43169-3580-1368292697806-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q=
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=fb9c5ef6-ae1c-446f-ba3e-c6393e9d6741&searchtype=ds&q={searchTerms}
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKU\*****_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..backup.old.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..backup.old.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultenginenameS: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.order.1S: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngineS: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1368292697806&tguid=43169-3580-1368292697806-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: F:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.122.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: F:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: F:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: F:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: F:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Users\*****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Users\*****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/02 10:56:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/01/20 16:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/23 14:30:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/09/02 10:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/05/15 14:26:58 | 000,000,000 | ---D | M] (No name found) -- F:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2010/12/18 12:36:01 | 000,000,000 | ---D | M] (No name found) -- F:\Users\*****\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/15 14:26:58 | 000,000,000 | ---D | M] (No name found) -- F:\Users\*****\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013/05/27 09:50:48 | 000,000,000 | ---D | M] (No name found) -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\extensions
[2013/05/21 15:04:17 | 000,000,000 | ---D | M] (Flagfox) -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/10/11 08:07:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/05/27 09:55:11 | 000,000,000 | ---D | M] (HomeTab) -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}
[2013/01/05 15:16:37 | 000,000,000 | ---D | M] (FoxTab) -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\extensions\addon@foxtab.com
[2012/07/04 14:35:08 | 000,000,000 | ---D | M] (Yontoo) -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\extensions\plugin@yontoo.com
[2013/06/02 01:19:55 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-1.xml
[2012/07/04 14:35:42 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-10.xml
[2012/06/29 06:39:27 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-11.xml
[2012/02/23 13:00:43 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-12.xml
[2012/07/30 12:11:22 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-13.xml
[2012/09/02 05:05:32 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-14.xml
[2012/09/07 07:15:25 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-15.xml
[2012/01/18 14:25:39 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-2.xml
[2011/08/18 06:36:05 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-3.xml
[2011/08/25 06:23:11 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-4.xml
[2011/09/06 23:52:38 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-5.xml
[2011/09/09 03:33:22 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-6.xml
[2011/10/07 12:39:10 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-7.xml
[2011/11/08 11:26:48 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-8.xml
[2012/02/03 11:32:11 | 000,000,950 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin-9.xml
[2011/06/26 13:16:41 | 000,001,056 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\icqplugin.xml
[2012/07/04 14:35:43 | 000,002,305 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\Search.xml
[2013/05/27 09:50:42 | 000,003,307 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\qzthdcb2.default\searchplugins\Web Search.xml
[2013/05/23 14:30:44 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/24 01:58:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/23 14:30:44 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/24 01:58:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/23 14:30:44 | 000,000,000 | ---D | M] (Default) -- F:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
() (No name found) -- F:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZTHDCB2.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011/10/03 00:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[1999/12/31 11:00:00 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- F:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/09/02 10:56:17 | 000,129,176 | ---- | M] (RealPlayer) -- F:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013/05/27 09:50:42 | 000,003,307 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - No CLSID value found.
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - F:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (FoxTab) - {4DF4AC8C-FFA8-40FF-91F0-EB8389314B78} - F:\Users\*****\AppData\LocalLow\FoxTab\IE\FoxTab.dll (The FoxTab Team)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (HomeTab) - {96edaac7-6183-4cb5-8823-b8b12d94f967} - F:\Users\*****\AppData\Roaming\HomeTab\HomeTab.dll (Simplytech Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - F:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - F:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (HomeTab) - {96edaac7-6183-4cb5-8823-b8b12d94f967} - F:\Users\*****\AppData\Roaming\HomeTab\HomeTab.dll (Simplytech Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] F:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] F:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TkBellExe] F:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\*****_ON_F..\Run: [BatteryCare] F:\Program Files (x86)\BatteryCare\BatteryCare.exe (Filipe Lourenço)
O4 - HKU\*****_ON_F..\Run: [ctfmon32.exe] F:\ProgramData\glot.dat (Microsoft Corporation)
O4 - HKU\*****_ON_F..\Run: [LeechGet]  File not found
O4 - HKU\*****_ON_F..\Run: [SpybotSD TeaTimer] F:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - Startup: F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\*****_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\*****_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O8:64bit: - Extra context menu item: Mit dem LeechGet Wizard laden - F:\Program Files (x86)\LeechGet 2009\Wizard.html ()
O8:64bit: - Extra context menu item: Mit LeechGet herunterladen - F:\Program Files (x86)\LeechGet 2009\AddUrl.html ()
O8:64bit: - Extra context menu item: Mit LeechGet parsen - F:\Program Files (x86)\LeechGet 2009\Parser.html ()
O8 - Extra context menu item: Mit dem LeechGet Wizard laden - F:\Program Files (x86)\LeechGet 2009\Wizard.html ()
O8 - Extra context menu item: Mit LeechGet herunterladen - F:\Program Files (x86)\LeechGet 2009\AddUrl.html ()
O8 - Extra context menu item: Mit LeechGet parsen - F:\Program Files (x86)\LeechGet 2009\Parser.html ()
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - F:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - F:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - F:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - F:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - *****_ON_F\..Trusted Domains: fritz.repeater ([]* in Local intranet)
O15:64bit: - *****_ON_F\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\tolg.bat) - F:\ProgramData\tolg.bat ()
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\*****_ON_F Winlogon: Shell - (Explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - F:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O20 - Winlogon\Notify\spba: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{05e61786-45e8-11e1-a405-00238b163375}\Shell - "" = AutoRun
O33 - MountPoints2\{05e61786-45e8-11e1-a405-00238b163375}\Shell\AutoRun\command - "" = F:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs:64bit: AppMgmt - F:\Windows\System32\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - F:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: C: - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: Dvdtwain - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EADM - hkey= - key= - F:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LManager - hkey= - key= - F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig:64bit - StartUpReg: PLFSetI - hkey= - key= - F:\Windows\PLFSetI.exe ()
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - F:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - F:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - F:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig:64bit - StartUpReg: VitaKeyPdtWzd - hkey= - key= - F:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
MsConfig:64bit - State: "startup" - 2
MsConfig:64bit - State: "bootini" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/06 14:08:41 | 000,000,000 | ---D | C] -- F:\Kaspersky Rescue Disk 10.0
[2013/06/06 05:34:16 | 000,124,928 | ---- | C] (Microsoft Corporation) -- F:\ProgramData\glot.dat
[2013/06/06 05:34:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- F:\ProgramData\rundll32.exe
[2013/06/05 15:05:31 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{CF6D5BD2-79D0-40D1-84A1-FBD43B7A7BEE}
[2013/06/04 14:53:33 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{C7376CE6-6F79-4341-8C98-C5A745249372}
[2013/06/04 01:34:57 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{FB75E28D-8EB2-4350-A185-EDB60366246C}
[2013/06/03 13:19:29 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{EFD980F8-8498-4DF7-9DBB-9999EB894DAD}
[2013/06/03 01:19:06 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{93F77A7B-8DE3-4F5E-90EE-0662394E53A0}
[2013/06/02 12:36:34 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{313F8450-29E4-4C5A-AB43-7F17EF5002B9}
[2013/06/01 18:27:52 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{9CC9522F-4F8D-4A01-A2C1-3AF99219C923}
[2013/06/01 06:10:48 | 000,000,000 | ---D | C] -- F:\Users\*****\Desktop\DVD-R
[2013/05/31 16:47:49 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{5D48A486-E199-4191-A978-A03FCACAFEC0}
[2013/05/30 03:33:34 | 001,054,720 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\MsSpellCheckingFacility.exe
[2013/05/30 03:33:34 | 000,226,304 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\elshyph.dll
[2013/05/30 03:33:34 | 000,185,344 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\elshyph.dll
[2013/05/30 03:33:34 | 000,158,720 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msls31.dll
[2013/05/30 03:33:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/30 03:33:33 | 002,877,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript9.dll
[2013/05/30 03:33:33 | 000,719,360 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/30 03:33:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript.dll
[2013/05/30 03:33:33 | 000,493,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeeds.dll
[2013/05/30 03:33:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieui.dll
[2013/05/30 03:33:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msrating.dll
[2013/05/30 03:33:33 | 000,150,528 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iexpress.exe
[2013/05/30 03:33:33 | 000,138,752 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\wextract.exe
[2013/05/30 03:33:33 | 000,137,216 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieUnatt.exe
[2013/05/30 03:33:33 | 000,125,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\occache.dll
[2013/05/30 03:33:33 | 000,117,248 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iepeers.dll
[2013/05/30 03:33:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\IEAdvpack.dll
[2013/05/30 03:33:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iesysprep.dll
[2013/05/30 03:33:33 | 000,082,432 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\inseng.dll
[2013/05/30 03:33:33 | 000,079,872 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmled.dll
[2013/05/30 03:33:33 | 000,073,728 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/30 03:33:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\pngfilt.dll
[2013/05/30 03:33:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmler.dll
[2013/05/30 03:33:33 | 000,038,400 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\imgutil.dll
[2013/05/30 03:33:33 | 000,011,776 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeedssync.exe
[2013/05/30 03:33:32 | 001,441,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\inetcpl.cpl
[2013/05/30 03:33:32 | 001,400,416 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieapfltr.dat
[2013/05/30 03:33:32 | 001,400,416 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieapfltr.dat
[2013/05/30 03:33:32 | 000,905,728 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtmlmedia.dll
[2013/05/30 03:33:32 | 000,762,368 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieapfltr.dll
[2013/05/30 03:33:32 | 000,629,248 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieapfltr.dll
[2013/05/30 03:33:32 | 000,452,096 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\dxtmsft.dll
[2013/05/30 03:33:32 | 000,441,856 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\html.iec
[2013/05/30 03:33:32 | 000,361,984 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\html.iec
[2013/05/30 03:33:32 | 000,357,888 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\dxtmsft.dll
[2013/05/30 03:33:32 | 000,281,600 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\dxtrans.dll
[2013/05/30 03:33:32 | 000,235,008 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\url.dll
[2013/05/30 03:33:32 | 000,232,960 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\url.dll
[2013/05/30 03:33:32 | 000,226,816 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\dxtrans.dll
[2013/05/30 03:33:32 | 000,216,064 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msls31.dll
[2013/05/30 03:33:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msrating.dll
[2013/05/30 03:33:32 | 000,089,600 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/30 03:33:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\icardie.dll
[2013/05/30 03:33:32 | 000,069,120 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\icardie.dll
[2013/05/30 03:33:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesetup.dll
[2013/05/30 03:33:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\tdc.ocx
[2013/05/30 03:33:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iesetup.dll
[2013/05/30 03:33:32 | 000,051,712 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ie4uinit.exe
[2013/05/30 03:33:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iernonce.dll
[2013/05/30 03:33:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iernonce.dll
[2013/05/30 03:33:32 | 000,023,040 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\licmgr10.dll
[2013/05/30 03:33:31 | 003,958,784 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2013/05/30 03:33:31 | 001,509,376 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\inetcpl.cpl
[2013/05/30 03:33:31 | 000,855,552 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2013/05/30 03:33:31 | 000,603,136 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeeds.dll
[2013/05/30 03:33:31 | 000,599,552 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\vbscript.dll
[2013/05/30 03:33:31 | 000,526,336 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2013/05/30 03:33:31 | 000,173,568 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieUnatt.exe
[2013/05/30 03:33:31 | 000,167,424 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iexpress.exe
[2013/05/30 03:33:31 | 000,149,504 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\occache.dll
[2013/05/30 03:33:31 | 000,144,896 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wextract.exe
[2013/05/30 03:33:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesysprep.dll
[2013/05/30 03:33:31 | 000,136,192 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iepeers.dll
[2013/05/30 03:33:31 | 000,135,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\IEAdvpack.dll
[2013/05/30 03:33:31 | 000,102,912 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\inseng.dll
[2013/05/30 03:33:31 | 000,097,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtmled.dll
[2013/05/30 03:33:31 | 000,092,160 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\SetIEInstalledDate.exe
[2013/05/30 03:33:31 | 000,077,312 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\tdc.ocx
[2013/05/30 03:33:31 | 000,062,976 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\pngfilt.dll
[2013/05/30 03:33:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\imgutil.dll
[2013/05/30 03:33:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtmler.dll
[2013/05/30 03:33:31 | 000,027,648 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\licmgr10.dll
[2013/05/30 03:33:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshta.exe
[2013/05/30 03:33:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeedssync.exe
[2013/05/28 01:23:12 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{00843B58-8D0D-4E4C-9F42-0BF228FCB07C}
[2013/05/26 07:56:15 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{19E09898-F62E-42D4-A70F-1BB5964EDEB3}
[2013/05/24 14:57:49 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{A2200BC2-173F-4321-87B8-A9D941E9F7E9}
[2013/05/24 01:58:34 | 000,000,000 | -HSD | C] -- F:\Config.Msi
[2013/05/23 14:30:36 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Mozilla Firefox
[2013/05/23 01:45:34 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{0F67ABEF-8B1F-4C97-B9AF-77C4CB53794B}
[2013/05/19 05:46:58 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{AB07E5C9-0756-4E1E-ADA6-9B6C3F556BEA}
[2013/05/18 09:34:02 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{4EB15B87-D09F-46A4-9D6A-6D6D06AD9255}
[2013/05/17 14:09:12 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{51F7C562-0ED0-46D1-8D52-5552CE1F4771}
[2013/05/16 16:20:17 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{6B8EC0F1-6758-448B-9C02-5BEAD7003D54}
[2013/05/15 09:44:32 | 000,265,064 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 09:44:32 | 000,144,384 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\cdd.dll
[2013/05/15 09:44:13 | 001,930,752 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\authui.dll
[2013/05/15 09:44:13 | 000,197,120 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\shdocvw.dll
[2013/05/15 09:44:12 | 001,796,096 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\authui.dll
[2013/05/15 09:44:12 | 000,111,448 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\consent.exe
[2013/05/15 09:44:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wwanprotdim.dll
[2013/05/14 01:06:38 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{F93FD928-D108-49A1-86ED-A39CA8893ED9}
[2013/05/13 18:15:19 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{2768ABBB-5A41-42AE-A5C0-AE1135D418E9}
[2013/05/12 14:14:17 | 000,000,000 | ---D | C] -- F:\Users\*****\AppData\Local\{9DF15C58-DAAB-41F3-8B11-E5A0B8F10E19}
[2013/05/09 07:47:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- F:\Users\*****\Desktop\OTL.exe
[2 F:\Users\*****\Desktop\*.tmp files -> F:\Users\*****\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/06 13:09:55 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2013/06/06 13:09:31 | 095,023,320 | ---- | M] () -- F:\ProgramData\tolg.pad
[2013/06/06 13:09:18 | 000,002,621 | ---- | M] () -- F:\ProgramData\tolg.js
[2013/06/06 13:09:07 | 000,001,104 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/06 13:08:39 | 000,000,388 | -H-- | M] () -- F:\Windows\tasks\{C6688CF8-E8EC-479A-B410-D0D5CAC32B21}.job
[2013/06/06 13:06:45 | 3217,182,720 | -HS- | M] () -- F:\hiberfil.sys
[2013/06/06 07:09:21 | 000,000,000 | ---- | M] () -- F:\Users\*****\AppData\Roaming\skype.ini
[2013/06/06 05:47:20 | 000,013,568 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/06 05:47:20 | 000,013,568 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/06 05:43:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/06 05:34:34 | 000,001,023 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/06 05:34:24 | 000,000,150 | ---- | M] () -- F:\ProgramData\tolg.reg
[2013/06/06 05:34:24 | 000,000,055 | ---- | M] () -- F:\ProgramData\tolg.bat
[2013/06/06 05:34:16 | 000,124,928 | ---- | M] (Microsoft Corporation) -- F:\ProgramData\glot.dat
[2013/06/06 05:34:16 | 000,044,544 | ---- | M] (Microsoft Corporation) -- F:\ProgramData\rundll32.exe
[2013/06/06 05:24:00 | 000,001,120 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4142259043-113316378-2562792309-1000UA.job
[2013/06/06 05:24:00 | 000,001,068 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4142259043-113316378-2562792309-1000Core.job
[2013/06/06 05:10:00 | 000,001,108 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/06 04:00:18 | 000,343,557 | ---- | M] () -- F:\Users\*****\Desktop\43364[1].jpg
[2013/06/06 03:43:59 | 000,328,675 | ---- | M] () -- F:\Users\*****\Desktop\43358[1].jpg
[2013/06/06 03:42:21 | 000,179,081 | ---- | M] () -- F:\Users\*****\Desktop\43356[1].jpg
[2013/06/05 15:03:58 | 000,001,049 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/05/30 03:33:34 | 001,054,720 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\MsSpellCheckingFacility.exe
[2013/05/30 03:33:34 | 000,226,304 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\elshyph.dll
[2013/05/30 03:33:34 | 000,185,344 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\elshyph.dll
[2013/05/30 03:33:34 | 000,158,720 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\msls31.dll
[2013/05/30 03:33:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/30 03:33:33 | 002,877,440 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript9.dll
[2013/05/30 03:33:33 | 000,719,360 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/30 03:33:33 | 000,690,688 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript.dll
[2013/05/30 03:33:33 | 000,493,056 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeeds.dll
[2013/05/30 03:33:33 | 000,391,168 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\ieui.dll
[2013/05/30 03:33:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\msrating.dll
[2013/05/30 03:33:33 | 000,150,528 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\iexpress.exe
[2013/05/30 03:33:33 | 000,138,752 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\wextract.exe
[2013/05/30 03:33:33 | 000,137,216 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\ieUnatt.exe
[2013/05/30 03:33:33 | 000,125,440 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\occache.dll
[2013/05/30 03:33:33 | 000,117,248 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\iepeers.dll
[2013/05/30 03:33:33 | 000,110,592 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\IEAdvpack.dll
[2013/05/30 03:33:33 | 000,109,056 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\iesysprep.dll
[2013/05/30 03:33:33 | 000,082,432 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\inseng.dll
[2013/05/30 03:33:33 | 000,079,872 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmled.dll
[2013/05/30 03:33:33 | 000,073,728 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/30 03:33:33 | 000,057,344 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\pngfilt.dll
[2013/05/30 03:33:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmler.dll
[2013/05/30 03:33:33 | 000,038,400 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\imgutil.dll
[2013/05/30 03:33:33 | 000,011,776 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeedssync.exe
[2013/05/30 03:33:32 | 001,441,280 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\inetcpl.cpl
[2013/05/30 03:33:32 | 001,400,416 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\ieapfltr.dat
[2013/05/30 03:33:32 | 001,400,416 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ieapfltr.dat
[2013/05/30 03:33:32 | 000,905,728 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\mshtmlmedia.dll
[2013/05/30 03:33:32 | 000,762,368 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ieapfltr.dll
[2013/05/30 03:33:32 | 000,629,248 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\ieapfltr.dll
[2013/05/30 03:33:32 | 000,452,096 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\dxtmsft.dll
[2013/05/30 03:33:32 | 000,441,856 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\html.iec
[2013/05/30 03:33:32 | 000,361,984 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\html.iec
[2013/05/30 03:33:32 | 000,357,888 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\dxtmsft.dll
[2013/05/30 03:33:32 | 000,281,600 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\dxtrans.dll
[2013/05/30 03:33:32 | 000,235,008 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\url.dll
[2013/05/30 03:33:32 | 000,232,960 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\url.dll
[2013/05/30 03:33:32 | 000,226,816 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\dxtrans.dll
[2013/05/30 03:33:32 | 000,216,064 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msls31.dll
[2013/05/30 03:33:32 | 000,197,120 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msrating.dll
[2013/05/30 03:33:32 | 000,089,600 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/30 03:33:32 | 000,081,408 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\icardie.dll
[2013/05/30 03:33:32 | 000,069,120 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\icardie.dll
[2013/05/30 03:33:32 | 000,067,072 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iesetup.dll
[2013/05/30 03:33:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\tdc.ocx
[2013/05/30 03:33:32 | 000,061,440 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\iesetup.dll
[2013/05/30 03:33:32 | 000,051,712 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ie4uinit.exe
[2013/05/30 03:33:32 | 000,039,936 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iernonce.dll
[2013/05/30 03:33:32 | 000,033,280 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\iernonce.dll
[2013/05/30 03:33:32 | 000,025,185 | ---- | M] () -- F:\Windows\SysWow64\ieuinit.inf
[2013/05/30 03:33:32 | 000,025,185 | ---- | M] () -- F:\Windows\System32\ieuinit.inf
[2013/05/30 03:33:32 | 000,023,040 | ---- | M] (Microsoft Corporation) -- F:\Windows\SysWow64\licmgr10.dll
[2013/05/30 03:33:31 | 003,958,784 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2013/05/30 03:33:31 | 001,509,376 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\inetcpl.cpl
[2013/05/30 03:33:31 | 000,855,552 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2013/05/30 03:33:31 | 000,603,136 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msfeeds.dll
[2013/05/30 03:33:31 | 000,599,552 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\vbscript.dll
[2013/05/30 03:33:31 | 000,526,336 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2013/05/30 03:33:31 | 000,173,568 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\ieUnatt.exe
[2013/05/30 03:33:31 | 000,167,424 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iexpress.exe
[2013/05/30 03:33:31 | 000,149,504 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\occache.dll
[2013/05/30 03:33:31 | 000,144,896 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\wextract.exe
[2013/05/30 03:33:31 | 000,136,704 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iesysprep.dll
[2013/05/30 03:33:31 | 000,136,192 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\iepeers.dll
[2013/05/30 03:33:31 | 000,135,680 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\IEAdvpack.dll
[2013/05/30 03:33:31 | 000,102,912 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\inseng.dll
[2013/05/30 03:33:31 | 000,097,280 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\mshtmled.dll
[2013/05/30 03:33:31 | 000,092,160 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\SetIEInstalledDate.exe
[2013/05/30 03:33:31 | 000,077,312 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\tdc.ocx
[2013/05/30 03:33:31 | 000,062,976 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\pngfilt.dll
[2013/05/30 03:33:31 | 000,051,200 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\imgutil.dll
[2013/05/30 03:33:31 | 000,048,640 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\mshtmler.dll
[2013/05/30 03:33:31 | 000,027,648 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\licmgr10.dll
[2013/05/30 03:33:31 | 000,013,824 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\mshta.exe
[2013/05/30 03:33:31 | 000,012,800 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msfeedssync.exe
[2013/05/28 09:20:53 | 000,660,032 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2013/05/28 09:20:53 | 000,621,278 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2013/05/28 09:20:53 | 000,132,144 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2013/05/28 09:20:53 | 000,108,352 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2013/05/18 12:10:11 | 001,386,191 | ---- | M] () -- F:\Users\*****\Desktop\claas_trainee_broschuere_de.pdf
[2013/05/16 13:19:26 | 000,418,816 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2013/05/15 09:43:59 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 09:43:59 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/12 23:52:48 | 000,023,624 | ---- | M] () -- F:\Windows\Launcher.exe
[2013/05/09 10:27:38 | 001,269,060 | ---- | M] () -- F:\Users\*****\Desktop\zoek (1).exe
[2013/05/09 07:46:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Users\*****\Desktop\OTL.exe
[2013/05/09 07:43:23 | 000,816,128 | ---- | M] () -- F:\Users\*****\Desktop\RogueKiller_8.5.4.exe
[2 F:\Users\*****\Desktop\*.tmp files -> F:\Users\*****\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/06 13:09:18 | 000,002,621 | ---- | C] () -- F:\ProgramData\tolg.js
[2013/06/06 05:37:59 | 000,000,000 | ---- | C] () -- F:\Users\*****\AppData\Roaming\skype.ini
[2013/06/06 05:34:34 | 000,001,023 | ---- | C] () -- F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/06 05:34:24 | 000,000,150 | ---- | C] () -- F:\ProgramData\tolg.reg
[2013/06/06 05:34:24 | 000,000,055 | ---- | C] () -- F:\ProgramData\tolg.bat
[2013/06/06 05:34:22 | 095,023,320 | ---- | C] () -- F:\ProgramData\tolg.pad
[2013/06/06 04:00:24 | 000,343,557 | ---- | C] () -- F:\Users\*****\Desktop\43364[1].jpg
[2013/06/06 03:44:04 | 000,328,675 | ---- | C] () -- F:\Users\*****\Desktop\43358[1].jpg
[2013/06/06 03:43:35 | 000,179,081 | ---- | C] () -- F:\Users\*****\Desktop\43356[1].jpg
[2013/05/30 03:33:32 | 000,025,185 | ---- | C] () -- F:\Windows\SysWow64\ieuinit.inf
[2013/05/30 03:33:32 | 000,025,185 | ---- | C] () -- F:\Windows\System32\ieuinit.inf
[2013/05/18 12:10:10 | 001,386,191 | ---- | C] () -- F:\Users\*****\Desktop\claas_trainee_broschuere_de.pdf
[2013/05/09 12:42:22 | 001,269,060 | ---- | C] () -- F:\Users\*****\Desktop\zoek (1).exe
[2013/05/09 07:43:35 | 000,816,128 | ---- | C] () -- F:\Users\*****\Desktop\RogueKiller_8.5.4.exe
[2013/04/30 13:49:43 | 000,023,624 | ---- | C] () -- F:\Windows\Launcher.exe
[2013/02/08 09:20:51 | 000,007,605 | ---- | C] () -- F:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2012/07/04 14:35:11 | 000,302,425 | ---- | C] () -- F:\Users\*****\AppData\Local\funmoods-speeddial.crx
[2012/07/04 14:35:11 | 000,031,470 | ---- | C] () -- F:\Users\*****\AppData\Local\funmoods.crx
[2012/06/10 05:19:19 | 000,004,096 | -H-- | C] () -- F:\Users\*****\AppData\Local\keyfile3.drm
[2012/01/11 14:22:38 | 000,143,360 | ---- | C] () -- F:\Users\*****\AppData\Roaming\skype.dat
[2011/09/10 08:30:40 | 000,192,512 | ---- | C] () -- F:\Windows\SysWow64\srkey.exe
[2011/08/19 08:53:40 | 000,280,904 | ---- | C] () -- F:\Windows\SysWow64\PnkBstrB.exe
[2011/08/19 08:50:54 | 000,075,136 | ---- | C] () -- F:\Windows\SysWow64\PnkBstrA.exe
[2011/07/12 14:54:04 | 000,000,000 | ---- | C] () -- F:\Users\*****\AppData\Local\{90B918B1-3257-4DFA-A46C-9192F8DC42DE}
[2011/02/25 10:13:29 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2010/11/30 12:54:04 | 000,015,872 | ---- | C] () -- F:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/18 12:56:00 | 000,000,030 | ---- | C] () -- F:\Windows\SysWow64\brss01a.ini
[2010/10/18 12:55:59 | 000,000,463 | ---- | C] () -- F:\Windows\BRWMARK.INI
[2010/10/18 12:55:59 | 000,000,053 | ---- | C] () -- F:\Windows\BRPP2KA.INI
[2010/10/11 11:07:07 | 000,626,688 | ---- | C] () -- F:\Windows\Image.dll
[2010/10/11 11:07:07 | 000,200,704 | ---- | C] () -- F:\Windows\PLFSetI.exe
[2010/10/11 11:07:07 | 000,020,480 | ---- | C] () -- F:\Windows\USB_VIDEO_REG.exe
[2010/10/11 11:07:07 | 000,000,323 | ---- | C] () -- F:\Windows\PidList.ini
[2010/10/11 09:54:02 | 001,536,510 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/11 09:06:43 | 000,000,056 | -H-- | C] () -- F:\Windows\SysWow64\ezsidmv.dat
[2010/10/11 08:15:27 | 000,000,400 | ---- | C] () -- F:\Windows\ODBC.INI
[2010/10/11 08:11:15 | 000,001,171 | ---- | C] () -- F:\Windows\unins000.dat
[2010/10/11 08:04:57 | 000,000,000 | ---- | C] () -- F:\Windows\nsreg.dat
[2010/10/11 08:03:18 | 000,007,168 | ---- | C] () -- F:\Windows\SysWow64\drivers\StarOpen.sys
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/19 14:06:22 | 000,197,912 | ---- | C] () -- F:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelFrench.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
[2008/09/11 14:01:00 | 000,081,920 | ---- | C] () -- F:\Windows\SysWow64\INT15.dll
[2008/09/09 11:38:48 | 000,097,792 | ---- | C] () -- F:\Windows\SysWow64\INT15_64.dll
[2008/09/09 11:38:48 | 000,015,656 | ---- | C] () -- F:\Windows\SysWow64\drivers\int15_64.sys
[2008/03/12 13:52:34 | 000,069,632 | ---- | C] () -- F:\Windows\SysWow64\drivers\int15.sys
 
========== LOP Check ==========
 
[2012/02/14 14:17:31 | 000,000,000 | ---D | M] -- F:\ProgramData\Ableton
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2013/01/20 16:49:49 | 000,000,000 | ---D | M] -- F:\ProgramData\BetterSoft
[2010/10/11 08:03:30 | 000,000,000 | ---D | M] -- F:\ProgramData\Canneverbe Limited
[2013/01/20 16:50:13 | 000,000,000 | ---D | M] -- F:\ProgramData\CLSoft LTD
[2012/05/29 14:39:47 | 000,000,000 | -H-D | M] -- F:\ProgramData\Common Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2013/01/20 16:50:14 | 000,000,000 | ---D | M] -- F:\ProgramData\InstallMate
[2013/04/30 13:49:12 | 000,000,000 | ---D | M] -- F:\ProgramData\Package Cache
[2011/08/30 10:11:25 | 000,000,000 | ---D | M] -- F:\ProgramData\RapidSolution
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2012/07/04 14:35:07 | 000,000,000 | ---D | M] -- F:\ProgramData\Tarma Installer
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2011/05/15 14:28:12 | 000,000,000 | ---D | M] -- F:\ProgramData\TomTom
[2012/05/29 14:40:26 | 000,000,000 | ---D | M] -- F:\ProgramData\TuneUp Software
[2012/05/29 14:39:47 | 000,000,000 | -HSD | M] -- F:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/01/06 10:25:28 | 000,000,000 | -H-D | M] -- F:\ProgramData\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A}
[2013/05/16 13:19:16 | 000,032,640 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
[2013/06/06 13:08:39 | 000,000,388 | -H-- | M] () -- F:\Windows\Tasks\{C6688CF8-E8EC-479A-B410-D0D5CAC32B21}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/10/11 07:33:18 | 000,000,000 | -HSD | M] -- F:\$Recycle.Bin
[2013/05/24 04:23:27 | 000,000,000 | -HSD | M] -- F:\Config.Msi
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\Documents and Settings
[2013/01/22 16:04:23 | 000,000,000 | ---D | M] -- F:\Fraps
[2013/06/06 15:02:58 | 000,000,000 | ---D | M] -- F:\Kaspersky Rescue Disk 10.0
[2012/05/31 11:58:46 | 000,000,000 | RH-D | M] -- F:\MSOCache
[2013/01/06 10:24:23 | 000,000,000 | R--D | M] -- F:\Program Files
[2013/05/24 01:57:06 | 000,000,000 | R--D | M] -- F:\Program Files (x86)
[2013/06/06 13:09:18 | 000,000,000 | -H-D | M] -- F:\ProgramData
[2010/10/11 07:32:44 | 000,000,000 | -HSD | M] -- F:\Recovery
[2013/06/06 04:55:57 | 000,000,000 | -HSD | M] -- F:\System Volume Information
[2012/06/13 18:08:35 | 000,000,000 | R--D | M] -- F:\Users
[2013/06/06 07:12:44 | 000,000,000 | ---D | M] -- F:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/06/04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- F:\Windows\System32\drivers\iaStor.sys
[2009/06/04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- F:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
--- --- ---

Sniperwurst 08.06.2013 15:06
Eine Frage, kann ein anderer Profi als Vertretung mein Fall weiter behandeln oder geht das nicht?
Es ist nur so das der Laptop viel in Benutzung ist, von daher wäre es hammer wenn dieser Fall schnell vom Tisch wäre!!
Entschuldigung für meine ungeduld!!

Mit freundlichen Grüßen

Sniperwurst

markusg 08.06.2013 16:35
wir haben auch wochenende, wenns nicht schnell genug geht, musst du eben in ein PC Fachgeschäft gehen und für geleistete Arbeit zahlen.
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O4 - HKU\*****_ON_F..\Run: [ctfmon32.exe] F:\ProgramData\glot.dat (Microsoft Corporation)
O4 - HKU\*****_ON_F..\Run: [ctfmon32.exe] F:\ProgramData\glot.dat (Microsoft Corporation)
[2013/06/06 05:34:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- F:
\ProgramData\rundll32.exe
[2013/06/06 13:09:31 | 095,023,320 | ---- | M] () -- F:\ProgramData\tolg.pad
[2013/06/06 13:09:18 | 000,002,621 | ---- | M] () -- F:\ProgramData\tolg.js
[2013/06/06 05:34:34 | 000,001,023 | ---- | M] () -- F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/06 05:34:24 | 000,000,150 | ---- | M] () -- F:\ProgramData\tolg.reg
[2013/06/06 05:34:24 | 000,000,055 | ---- | M] () -- F:\ProgramData\tolg.bat
O4 - Startup: F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ()
:Files
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

Sniperwurst 08.06.2013 16:40
Okee ich danke dir vielmals!
Ich werde es gleich in Angriff nehmen!!

Mit freundlichen Grüßen

Sniperwurst

markusg 08.06.2013 16:41
bitte solche zwischenposts weg lassen, da sonst neue an den angehangen werden und ich hier dann immer reingucken muss

Sniperwurst 08.06.2013 17:20
Code:
========== OTL ==========
Registry key HKEY_USERS\*****_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
File F:\ProgramData\glot.dat not found.
Registry key HKEY_USERS\*****_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
File F:\ProgramData\glot.dat not found.
File F: not found.
File F:\ProgramData\tolg.pad not found.
File F:\ProgramData\tolg.js not found.
File F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk not found.
File F:\ProgramData\tolg.reg not found.
File F:\ProgramData\tolg.bat not found.
File F:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Deeke
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Deeke
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06082013_231726

markusg 08.06.2013 17:25
normaler Modus geht? dann:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Sniperwurst 08.06.2013 17:41
so der pc startet wieder normal und der TDSSKiller hat nix gefunden!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:07 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131