| |
| |||||||
Log-Analyse und Auswertung: BKA TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.07.2012, 20:32
| #1 |
 |  BKA Trojaner Hi, hoffe ihr könnt mir helfen habe mir die Österreichische Variante des BKA Trojaners eingefangen. Habe die hier gefundenen Anleitungen mit OTLPE befolgt: Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen. Mache einen Doppelklick auf das OTLPE Icon. Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler! Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK. OTLpe sollte nun starten. Drücke Run Scan, um den Scan zu starten. Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast. Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt. OTL.txt habe ich angefügt, die Extras.txt wurde nicht erstellt. edit: scans mit Malewarbytes haben nichts gefunden. Hoffe ihr könnt mir helfen. Danke & LG Vargo |
|
22.07.2012, 21:16
| #2 |
| /// Helfer-Team  | BKA Trojaner Fixen mit OTLpe
Code:
ATTFilter :OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_K\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Andi_ON_K\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: File not found
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - File not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3:64bit: - HKU\Andi_ON_K\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKU\Andi_ON_K\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] File not found
O4:64bit: - HKLM..\Run: [Launch LCore] File not found
O4:64bit: - HKLM..\Run: [MSC] File not found
O4 - HKLM..\Run: [KiesTrayAgent] File not found
O4 - HKU\Andi_ON_K..\Run: [] File not found
O4 - HKU\Andi_ON_K..\Run: [acSecurityLayer] File not found
O4 - HKU\Andi_ON_K..\Run: [KiesHelper] File not found
O4 - HKU\LocalService_ON_K..\Run: [Sidebar] File not found
O4 - HKU\NetworkService_ON_K..\Run: [Sidebar] File not found
O4 - HKU\UpdatusUser_ON_K..\Run: [Sidebar] File not found
O4 - HKU\Andi_ON_K..\RunOnce: [BrStsW64.exe] File not found
O4 - HKU\LocalService_ON_K..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_K..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_K..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\Administrator_ON_K\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found
O18:64bit: - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - File not found
O30:64bit: - LSA: Security Packages - (livessp) - File not found
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\Shell\AutoRun\command - "" = N:\setup.exe
O33 - MountPoints2\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\Shell - "" = AutoRun
O33 - MountPoints2\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\Shell\AutoRun\command - "" = L:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
__________________ |
|
23.07.2012, 11:00
| #3 |
| | BKA Trojaner Hi,
__________________danke für die schnelle Hilfe, werde es heute abend testen und dann berichten. LG Vargo |
|
23.07.2012, 16:44
| #4 |
| /// Helfer-Team | BKA Trojaner Alles klar!  |
|
23.07.2012, 17:14
| #5 |
| | BKA Trojaner Hallo, hab den Fix gerade laufen lassen, es gab zwar verbesserungen aber hab immer noch Probleme. Konnte mich mit einem anderen User auf dem Rechner anmelden. der Normal User funktioniert aber noch nicht. Hab dann OLT nochmal ausgeführt. und hier das Ergebnis. Das Ergebnis log vom Fix hab ich auch angefügt. Danke im voraus vargo |
|
23.07.2012, 17:23
| #6 |
| /// Helfer-Team | BKA Trojaner Fixen mit OTLpe
Code:
ATTFilter :OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3554233003-3783668125-3926761605-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.at"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=112036&tt=220512_53all&babsrc=KW_ss&mntrId=aa94a86f00000000000000ffc7eea121&q="
FF - prefs.js..network.proxy.type: 0
File not found (No name found) --
O4 - HKU\S-1-5-21-3554233003-3783668125-3926761605-1000..\Run: [] C:\Users\Andi\AppData\Local\Temp\rgnygtgcuex.exe ()
O4 - HKU\S-1-5-21-3554233003-3783668125-3926761605-1000..\Run: [KiesHelper] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\Shell\AutoRun\command - "" = N:\setup.exe
O33 - MountPoints2\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\Shell - "" = AutoRun
O33 - MountPoints2\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\Shell\AutoRun\command - "" = L:\Setup.exe
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
[2012.07.13 15:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CCA90007DE74026EDA02F875EF60
[2012.07.13 15:53:31 | 000,000,000 | ---D | M] -- C:\ProgramData\7531CCA90007DE74026EDA02F875EF60
[2012.05.28 13:12:03 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Babylon
[2012.05.28 13:12:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2012.07.13 15:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CCA90007DE74026EDA02F875EF60
[2012.07.13 15:53:26 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Xyav
[2012.07.13 15:53:26 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Xaecl
[2012.07.13 15:53:26 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Esny
[2012.07.13 15:53:26 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Esny
[2012.07.13 15:53:31 | 000,000,000 | ---D | M] -- C:\ProgramData\7531CCA90007DE74026EDA02F875EF60
[2012.07.13 15:52:18 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\hellomoto
[2012.07.13 15:52:28 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\hellomoto
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.17 18:24:01 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
:Files
C:\Users\Andi\AppData\Local\Temp\rgnygtgcuex.exe
C:\Users\Andi\AppData\Roaming\hellomoto
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
__________________ --> BKA Trojaner |
|
23.07.2012, 18:07
| #7 |
| | BKA Trojaner Hi, hab den fix angewendet, unten der Bericht. Komme nun wieder mit meinem User in das System. Nun ist es so das sich nach der Anmeldung ein Internet Explorer fenster öffnet mit der Meldung Website nicht erreichbar. Jetzt kann ich zwar mittels Taskmanager + ausführen und mittels explorer.exe den explorer starten aber richtung Internet geht nichts. Die Netzwerkeinstellungen sind ok, DNS usw funkt auch (per ping getestet) Malewarebytes findet noch immer keine Schadsoftware. Hast du vieleicht noch Ideen was ich machen könnte? LG Vargo Code:
ATTFilter ========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Administrator_ON_K\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Andi_ON_K\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\Adobe Reader\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_USERS\Andi_ON_K\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\Andi_ON_K\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EvtMgr6 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Launch LCore deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\KiesTrayAgent deleted successfully.
Registry key HKEY_USERS\Andi_ON_K\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Andi_ON_K\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Andi_ON_K\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\LocalService_ON_K\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\NetworkService_ON_K\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\UpdatusUser_ON_K\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Andi_ON_K\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\LocalService_ON_K\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_K\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\UpdatusUser_ON_K\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_USERS\Administrator_ON_K\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Administrator_ON_K\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Andi_ON_K\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\LocalService_ON_K\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\NetworkService_ON_K\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\systemprofile_ON_K\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\UpdatusUser_ON_K\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Administrator_ON_K\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Andi_ON_K\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\LocalService_ON_K\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\NetworkService_ON_K\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\systemprofile_ON_K\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\UpdatusUser_ON_K\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dvd\ scheduled to be deleted on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12D51199-0DB5-46FE-A120-47A3D7D937CC}\ not found.
File {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tv\ scheduled to be deleted on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}\ not found.
File {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\x-owacid\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0215258f-f0a8-49de-bf1b-0ff02eda8807}\ not found.
File {0215258f-f0a8-49de-bf1b-0ff02eda8807} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\\Security Packages:livessp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\\Security Packages:livessp deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\ not found.
N:\setup.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\ not found.
File L:\Setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
D:\cmd.bat deleted successfully.
D:\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: awagner
User: Default
User: Default User
User: Public
User: UpdatusUser
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105096630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
Total Files Cleaned = 100.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: awagner
User: Default
User: Default User
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 07232012_211813
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dvd\ scheduled to be deleted on reboot.
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tv\ scheduled to be deleted on reboot.
|
|
23.07.2012, 18:26
| #8 |
| /// Helfer-Team | BKA Trojaner Falsche Proxy Einstellungen entfernen
  Automatische Suche einstellen. |
|
23.07.2012, 18:56
| #9 |
| | BKA Trojaner das war es leider nicht. Wenn ich den IE oder mozilla starte geht das fenster kurz auf friert dann ein und beendet sich wieder. Irgendwas dürfte auch noch im Autostart sein weil bei jeder Anmeldung mit dem User eben der Internet explorer aufgeht im Fullscreen Modus und mit der Meldung seite nicht gefunden. Also so wie bei dem Trojaner, mit dem unterschied das ich nun eben über den Task Manager auch andere Programme starten kann. Soll ich nochmal mit OLT scannen? edit: Wenn ich einfach etwas abwarte beendet sich der IE im Fullscreen Modus automatisch und ich bekomm ein fenster mit titel Smoni und der Warnung Windows sockets initialization failed. Wenn ich da auf OK klicke ist das fenster weg und das wars. LG Vargo Geändert von vargo (23.07.2012 um 19:05 Uhr) |
|
23.07.2012, 21:39
| #10 |
| /// Helfer-Team | BKA Trojaner CustomScan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
|
|
24.07.2012, 17:29
| #11 |
| | BKA Trojaner Hallo, hier der Report Danke & LG Vargo Code:
ATTFilter OTL logfile created on: 24.07.2012 22:10:21 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = Y:\ 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,40 Gb Available Physical Memory | 80,13% Memory free 15,96 Gb Paging File | 14,32 Gb Available in Paging File | 89,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 176,34 Gb Total Space | 107,49 Gb Free Space | 60,96% Space Free | Partition Type: NTFS Drive D: | 169,24 Gb Total Space | 75,99 Gb Free Space | 44,90% Space Free | Partition Type: NTFS Drive E: | 585,84 Gb Total Space | 340,39 Gb Free Space | 58,10% Space Free | Partition Type: NTFS Drive G: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 232,88 Gb Total Space | 208,24 Gb Free Space | 89,42% Space Free | Partition Type: NTFS Drive I: | 232,88 Gb Total Space | 189,17 Gb Free Space | 81,23% Space Free | Partition Type: NTFS Drive J: | 100,00 Mb Total Space | 71,82 Mb Free Space | 71,82% Space Free | Partition Type: NTFS Drive Y: | 7,42 Gb Total Space | 3,99 Gb Free Space | 53,78% Space Free | Partition Type: NTFS Computer Name: DESKTOP | User Name: Andi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.24 18:08:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- Y:\OTL.exe PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.09.01 16:34:14 | 001,008,800 | ---- | M] (A-Trust GmbH) -- C:\Program Files (x86)\A-Trust GmbH\a.sign Client\acLauncher.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr) SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.11.03 20:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.05.21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.05.21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.23 19:37:48 | 000,029,184 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:64bit: - [2011.11.19 13:18:19 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2011.11.19 13:18:19 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2011.10.13 16:23:04 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.10.13 16:20:08 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.08.15 14:51:40 | 000,079,232 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvdfab.sys -- (dvdfab) DRV:64bit: - [2011.08.15 09:51:09 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.08.15 09:51:09 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.06.02 07:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.06.02 07:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.06.02 07:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.27 10:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.01.27 10:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.06.09 18:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3) DRV:64bit: - [2009.12.12 01:48:04 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2009.08.10 12:07:40 | 000,119,680 | ---- | M] (Gemalto) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GemCCID.sys -- (GemCCID) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.23 01:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2010.12.29 11:26:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/04/11 13:21:56] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2010.11.03 20:09:58 | 000,021,504 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 AE 5C E5 88 36 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112036&tt=220512_53all&babsrc=SP_ss&mntrId=aa94a86f00000000000000ffc7eea121 IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{BFFFD3BD-C7F5-4C52-B12C-571744CBC480}: "URL" = hxxp://www.google.at/search?q={searchTerms}&rlz= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=112036&tt=220512_53all&babsrc=KW_ss&mntrId=aa94a86f00000000000000ffc7eea121&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011.10.27 15:32:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.14 13:59:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.26 20:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Extensions [2012.07.17 15:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\leciblua.default\extensions [2012.07.17 15:42:45 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\leciblua.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.10.23 16:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.23 16:23:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.09.03 08:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.03 02:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.28 13:12:08 | 000,002,355 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.03 02:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.03 02:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.03 02:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.03 02:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [] C:\Users\Andi\AppData\Local\Temp\rgnygtgcuex.exe File not found O4 - HKCU..\Run: [acSecurityLayer] C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKCU..\RunOnce: [BrStsW64.exe] C:\Program Files (x86)\Brownie\BrStsW64.exe (brother) O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - Broken Internet access at catalog 000000000007 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02C2C17D-5D0E-4628-BEB8-60FA4CC8FA6A}: NameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2012.06.02 10:19:54 | 000,000,122 | ---- | M] () - Y:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\Shell - "" = AutoRun O33 - MountPoints2\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\Shell\AutoRun\command - "" = N:\setup.exe O33 - MountPoints2\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\Shell - "" = AutoRun O33 - MountPoints2\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\Shell\AutoRun\command - "" = L:\Setup.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] () O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Andi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - - File not found MsConfig:64bit - StartUpReg: acSecurityLayer - hkey= - key= - C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - File not found MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) MsConfig:64bit - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: BrStsWnd - hkey= - key= - C:\Program Files (x86)\Brownie\BrstsW64.exe (brother) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - D:\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: KeePass 2 PreLoad - hkey= - key= - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - File not found MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: LGODDFU - hkey= - key= - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader) MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RemoteControl10 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig:64bit - StartUpReg: Xvid - hkey= - key= - C:\Program Files (x86)\Xvid\CheckUpdate.exe () MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: vidc.XVID - xvidvfw.dll () Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\PROGRA~2\COMBIN~1\Filters\FFDShow\ff_vfw.dll () Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: VIDC.WMV3 - C:\Windows\SysWow64\wmv9vcm.dll (Microsoft Corporation) Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.23 17:44:11 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.22 18:20:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.07.15 18:50:27 | 000,000,000 | R--D | C] -- C:\Users\Andi\CloudStation [2012.07.15 18:49:24 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology [2012.07.15 18:49:23 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\CloudStation [2012.07.15 17:59:28 | 000,000,000 | ---D | C] -- C:\Log [2012.07.13 19:34:33 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Mikrotik [2012.07.13 15:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CCA90007DE74026EDA02F875EF60 [2012.07.13 15:53:26 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Xyav [2012.07.13 15:53:26 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Xaecl [2012.07.13 15:53:26 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Esny [2012.07.13 15:52:18 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\hellomoto [2012.07.13 14:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Synology [2012.07.12 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\Andi\.pdfsam [2012.07.12 19:22:45 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge [2012.07.12 19:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfsam [2012.07.07 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\SumatraPDF [2012.07.07 20:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SumatraPDF [2012.07.07 14:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAR Password Recovery Magic [2012.07.07 14:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery [2012.07.07 14:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intelore [2012.06.29 19:27:50 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012.06.29 19:27:50 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2012.06.29 19:27:32 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys [2012.06.29 19:27:32 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys [2012.06.29 19:27:32 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys [2012.06.29 19:27:32 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys [2012.06.29 19:27:32 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys ========== Files - Modified Within 30 Days ========== [2012.07.24 22:13:04 | 001,619,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.24 22:13:04 | 000,698,960 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.24 22:13:04 | 000,654,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.24 22:13:04 | 000,149,156 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.24 22:13:04 | 000,122,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.24 22:11:31 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.24 22:11:31 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.24 22:04:30 | 000,000,293 | ---- | M] () -- C:\Windows\Brownie.ini [2012.07.24 22:04:25 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.24 22:04:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.24 22:04:00 | 2132,729,855 | -HS- | M] () -- C:\hiberfil.sys [2012.07.24 02:03:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.17 15:22:49 | 000,007,630 | ---- | M] () -- C:\Users\Andi\AppData\Local\Resmon.ResmonCfg [2012.07.15 12:17:05 | 000,425,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.13 18:14:23 | 000,000,600 | ---- | M] () -- C:\Users\Andi\AppData\Local\PUTTY.RND ========== Files Created - No Company Name ========== [2012.07.13 18:14:23 | 000,000,600 | ---- | C] () -- C:\Users\Andi\AppData\Local\PUTTY.RND [2012.07.07 20:45:40 | 000,001,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk [2012.06.02 13:21:06 | 011,583,488 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\Sandra.mdb [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.04.12 11:28:46 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2012.04.05 17:40:14 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.10.16 20:18:03 | 000,000,608 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\AutoGK.ini [2011.10.14 13:54:24 | 000,037,270 | ---- | C] () -- C:\Windows\SysWow64\OggDSUninst.exe [2011.10.13 11:45:14 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.10.13 11:45:14 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.09.26 20:58:15 | 000,000,041 | ---- | C] () -- C:\Users\Andi\dlmgr_.pro [2011.09.20 18:15:00 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.09.11 12:22:35 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT [2011.07.31 17:33:56 | 000,007,630 | ---- | C] () -- C:\Users\Andi\AppData\Local\Resmon.ResmonCfg [2011.06.29 20:55:59 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.06.29 20:55:59 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.06.29 20:55:58 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2150N.INI [2011.06.29 20:55:58 | 000,000,470 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.06.29 20:55:58 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2011.06.29 20:55:30 | 000,000,052 | ---- | C] () -- C:\Windows\SysWow64\bd2150n.dat [2011.06.29 20:55:10 | 000,000,293 | ---- | C] () -- C:\Windows\Brownie.ini [2011.06.29 20:37:13 | 001,641,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.29 19:52:15 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.06.29 19:52:12 | 000,025,354 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2011.07.26 17:12:34 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\A-Trust GmbH [2012.05.28 13:12:03 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Babylon [2011.12.23 15:43:23 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\calibre [2011.10.20 19:09:23 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Canneverbe Limited [2011.06.29 21:08:39 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DAEMON Tools Lite [2011.06.29 19:59:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DeviceVm [2012.04.01 21:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DVDFab [2012.07.13 15:53:26 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Esny [2011.09.30 16:12:37 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Firefly Studios [2011.10.18 12:29:01 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\FreeFLVConverter [2012.07.13 15:52:28 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\hellomoto [2012.07.15 10:13:56 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Kalypso Media [2011.11.20 16:35:54 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\KeePass [2011.11.23 13:21:38 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Leadertech [2011.06.29 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Lionhead Studios [2012.07.13 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Mikrotik [2011.09.11 11:02:54 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\mkvtoolnix [2011.11.08 20:33:52 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Mp3tag [2011.07.31 16:34:06 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Notepad++ [2012.05.28 13:11:53 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\pdfforge [2011.07.23 09:33:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Red Kawa [2011.10.29 11:38:03 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\RIFT [2011.10.14 13:53:19 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\River Past G5 [2012.05.08 16:30:39 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Samsung [2012.07.07 20:46:09 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\SumatraPDF [2012.07.24 01:42:50 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\TeamViewer [2012.07.01 13:59:02 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Temp [2011.10.02 20:12:00 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Tropico 4 [2011.12.05 22:47:08 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\TS3Client [2011.11.26 09:55:27 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\ts3overlay [2012.04.11 16:00:48 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Ubisoft [2012.07.22 10:52:53 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\UseNeXT [2012.07.14 08:53:31 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Xaecl [2011.10.14 16:58:12 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\XMedia Recode [2012.07.15 12:14:30 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Xyav [2011.09.11 11:36:40 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Yamb [2012.04.29 08:36:03 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.07.26 17:12:34 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\A-Trust GmbH [2012.02.15 00:15:57 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Adobe [2012.01.12 07:41:34 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Apple Computer [2012.05.28 13:12:03 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Babylon [2011.08.14 11:49:27 | 000,000,000 | R--D | M] -- C:\Users\Andi\AppData\Roaming\Brother [2011.12.23 15:43:23 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\calibre [2011.10.20 19:09:23 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Canneverbe Limited [2012.04.11 13:25:42 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\CyberLink [2011.06.29 21:08:39 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DAEMON Tools Lite [2011.06.29 19:59:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DeviceVm [2011.10.14 14:08:29 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DivX [2011.07.31 18:55:25 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Download Manager [2012.05.28 17:16:45 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\dvdcss [2012.04.01 21:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DVDFab [2012.07.13 15:53:26 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Esny [2011.09.30 16:12:37 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Firefly Studios [2011.10.18 12:29:01 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\FreeFLVConverter [2012.07.13 15:52:28 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\hellomoto [2011.06.29 19:45:14 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Identities [2011.06.29 19:56:06 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\InstallShield [2011.06.29 20:04:11 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Intel Corporation [2012.07.15 10:13:56 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Kalypso Media [2011.11.20 16:35:54 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\KeePass [2011.11.23 13:21:38 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Leadertech [2011.06.29 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Lionhead Studios [2012.06.02 12:46:48 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Logishrd [2011.11.23 13:22:32 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Logitech [2011.06.30 18:12:10 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Macromedia [2011.09.25 16:28:38 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Malwarebytes [2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Media Center Programs [2011.10.16 18:37:20 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Media Player Classic [2012.07.13 15:53:35 | 000,000,000 | --SD | M] -- C:\Users\Andi\AppData\Roaming\Microsoft [2012.07.13 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Mikrotik [2011.09.11 11:02:54 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\mkvtoolnix [2011.09.26 20:56:54 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Mozilla [2011.11.08 20:33:52 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Mp3tag [2011.07.31 16:34:06 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Notepad++ [2012.04.12 09:47:05 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\NVIDIA [2012.05.28 13:11:53 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\pdfforge [2011.07.23 09:33:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Red Kawa [2011.10.29 11:38:03 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\RIFT [2011.10.14 13:53:19 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\River Past G5 [2012.05.08 16:30:39 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Samsung [2012.07.07 20:46:09 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\SumatraPDF [2012.07.24 01:42:50 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\TeamViewer [2012.07.01 13:59:02 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Temp [2011.10.02 20:12:00 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Tropico 4 [2011.12.05 22:47:08 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\TS3Client [2011.11.26 09:55:27 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\ts3overlay [2012.04.11 16:00:48 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Ubisoft [2012.07.22 10:52:53 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\UseNeXT [2012.04.14 12:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\vlc [2012.07.14 08:53:31 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Xaecl [2011.10.14 16:58:12 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\XMedia Recode [2012.07.15 12:14:30 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Xyav [2011.09.11 11:36:40 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Yamb < %APPDATA%\*.exe /s > [2012.02.15 00:11:07 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Andi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe [2011.07.14 12:16:25 | 000,029,184 | R--- | M] () -- C:\Users\Andi\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe [2011.11.23 13:21:38 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Andi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2012.06.02 10:17:56 | 000,119,808 | R--- | M] () -- C:\Users\Andi\AppData\Roaming\Microsoft\Installer\{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}\icons.exe [2011.07.12 20:04:20 | 000,010,134 | R--- | M] () -- C:\Users\Andi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2012.05.04 07:36:58 | 000,955,792 | ---- | M] (Samsung) -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe [2012.05.04 07:37:02 | 000,278,928 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2012.05.01 08:03:04 | 000,317,952 | ---- | M] (Samsung) -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe [2012.05.04 07:37:00 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2012.03.28 22:11:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe [2012.03.28 22:11:58 | 000,297,984 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2012.05.01 08:02:14 | 000,695,296 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2012.05.04 07:37:04 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2012.05.02 11:33:38 | 000,106,920 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe [2012.05.02 11:33:38 | 000,101,288 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe [2012.05.04 07:37:08 | 000,183,696 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2012.05.04 07:37:10 | 000,021,392 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2012.05.04 07:37:10 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2012.03.28 22:10:58 | 024,161,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2012.05.04 07:37:12 | 000,371,088 | ---- | M] (ml) -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2012.06.08 13:02:14 | 000,371,128 | ---- | M] (ml) -- C:\Users\Andi\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe [2009.06.29 08:26:54 | 000,235,764 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Yamb\MP4Box.exe [2011.09.11 11:27:31 | 000,128,682 | ---- | M] (hxxp://yamb.unite-video.com) -- C:\Users\Andi\AppData\Roaming\Yamb\Uninstall.exe [2009.06.29 14:15:54 | 002,424,832 | ---- | M] (Kurtnoise) -- C:\Users\Andi\AppData\Roaming\Yamb\Yamb.exe [2009.05.03 20:25:40 | 001,871,360 | ---- | M] (madshi.net) -- C:\Users\Andi\AppData\Roaming\Yamb\eac3to\eac3to.exe [2009.06.07 11:10:40 | 002,282,496 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Yamb\mkvextract\mkvextract.exe < %SYSTEMDRIVE%\*.exe > [2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.11.20 14:21:37 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll < > < End of report > |
|
24.07.2012, 21:52
| #12 |
| /// Helfer-Team | BKA Trojaner Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112036&tt=220512_53all&babsrc=SP_ss&mntrId=aa94a86f00000000000000ffc7eea121
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{BFFFD3BD-C7F5-4C52-B12C-571744CBC480}: "URL" = http://www.google.at/search?q={searchTerms}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.at"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=112036&tt=220512_53all&babsrc=KW_ss&mntrId=aa94a86f00000000000000ffc7eea121&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O4 - HKCU..\Run: [] C:\Users\Andi\AppData\Local\Temp\rgnygtgcuex.exe File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\Shell\AutoRun\command - "" = N:\setup.exe
O33 - MountPoints2\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\Shell - "" = AutoRun
O33 - MountPoints2\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\Shell\AutoRun\command - "" = L:\Setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] ()
MsConfig:64bit - StartUpFolder: C:^Users^Andi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - - File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
:Files
C:\ProgramData\7531CCA90007DE74026EDA02F875EF60
C:\Users\Andi\AppData\Roaming\hellomoto
C:\Users\Andi\AppData\Roaming\Xyav
C:\Users\Andi\AppData\Roaming\Xaecl
C:\Users\Andi\AppData\Roaming\Esny
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Andi\AppData\Roaming\Babylon
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
24.07.2012, 22:13
| #13 |
| | BKA Trojaner Hi, hier das Ergebnis log, nach dem neustarten zeigt der Rechner immer noch die selben Probleme. Glaub ich setzt das ding neu auf. Meine Frage dazu, kann ich die Daten die nicht auf der System partition liegen gefahrloß weiterverwenden oder sollte ich lieber alles formatieren? MFG Vargo Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFFD3BD-C7F5-4C52-B12C-571744CBC480}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFFD3BD-C7F5-4C52-B12C-571744CBC480}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.google.at" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=112036&tt=220512_53all&babsrc=KW_ss&mntrId=aa94a86f00000000000000ffc7eea121&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesHelper deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dd9efc4-b1df-11e0-a440-f46d0429ba42}\ not found.
File N:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5bb346a-f5a6-11e0-915d-f46d0429ba42}\ not found.
File L:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File move failed. G:\reatogoMenu.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\APSDaemon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DivXUpdate\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.XVID deleted successfully.
C:\Windows\SysWOW64\xvidvfw.dll moved successfully.
========== FILES ==========
C:\ProgramData\7531CCA90007DE74026EDA02F875EF60 folder moved successfully.
C:\Users\Andi\AppData\Roaming\hellomoto folder moved successfully.
C:\Users\Andi\AppData\Roaming\Xyav folder moved successfully.
C:\Users\Andi\AppData\Roaming\Xaecl folder moved successfully.
C:\Users\Andi\AppData\Roaming\Esny folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Users\Andi\AppData\Roaming\Babylon folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
Y:\cmd.bat deleted successfully.
Y:\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 50775 bytes
->Temporary Internet Files folder emptied: 22687386 bytes
->Java cache emptied: 11925 bytes
->FireFox cache emptied: 6461099 bytes
->Flash cache emptied: 492 bytes
User: All Users
User: Andi
->Temp folder emptied: 997384227 bytes
->Temporary Internet Files folder emptied: 2169670661 bytes
->Java cache emptied: 23007992 bytes
->FireFox cache emptied: 174011446 bytes
->Flash cache emptied: 215452 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30436 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3.236,00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Andi
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.54.1 log created on 07252012_030321
Files\Folders moved on Reboot...
File\Folder G:\reatogoMenu.exe not found!
C:\Users\Andi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File G:\reatogoMenu.exe not found!
File C:\Users\Andi\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
25.07.2012, 00:05
| #14 | |
| /// Helfer-Team | BKA Trojaner Neuinstallation ist natuerlich hier das einfachere! Zitat:
Bitte noch: 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. |
|
25.07.2012, 07:14
| #15 |
| | BKA Trojaner Hi, hier das log von Malewarebytes, auf die neuste DB Version konnte ich nicht updaten weil eine fehlermeldung dabei kommt. Die DB ist vom 22.07. Gefunden wurde nichts. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.22.08 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Andi :: DESKTOP [Administrator] Schutz: Deaktiviert 25.07.2012 10:59:42 mbam-log-2012-07-25 (10-59-42).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 535334 Laufzeit: 43 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu BKA Trojaner |
| anzeige, dateien, desktop, doppelklick, einfach, erstellt, fehler, fertig, hinweis, installierte, interne, internetverbindung, malewarbytes, minute, minuten, platte, profile, registry, remote, remote user, scan, scanning, system, trojaner, variante, verbindung, windows |
.
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
Linear-Darstellung
