| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.07.2012, 23:06
| #1 |
 |  BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) Hallo, habe gestern abend, kurz nachdem ein popup aufging, den Sperrbildschirm des Trojaners bekommen. Habe dann erstmal neu gestartet, nach kurzem Laden des Desktops, kam sofort wieder der Sperrbildschirm. Habe den Laptop dann ausgeschaltet und komplett vom Netz genommen. Bin dann an einem anderen Rechner zur Internetrecherche zum Thema übergegangen. Habe dann schnell herausgefunden, dass es ja ein weit verbreitetes Problem ist. Laut der Übersicht auf bka-trojaner.de handelt es sich um Version 1.03, da mir genau dieses Bild angezeigt wurde (allerdings nicht in einem Browserfenster mit der rot umrandeten IP-Adresse, sondern als Vollbild). Ich habe dann auf dem zweiten Rechner Malwarebytes heruntergeladen und auf einen USB-Stick kopiert. Den Laptop dann im abgesicherten Modus gestartet, in der Eingabeaufforderung 'msconfig' aufgerufen und im Reiter Systemstart nach einem unbekannten, mir verdächtigen Programm gesucht (wie es auf botfrei.de von einigen empfohlen und wohl gemacht worden war). Habe dort dann dies gefunden: C:\Users\XXXXXX\AppData\Roaming\Ozzey\somu.exe Nachdem ich das Häkchen entfernt und die Einstellungen übernommen hatte, kam ich nach dem Neustart wieder ganz normal auf meinen Desktop. Ich habe dann vom USB-Stick Malwarebytes kopiert und installiert. Habe die externe Festplatte, die zum Zeitpunkt des Auftretens des Sperrbildschirmes angeschlossen war, wieder angeschlossen und mit Malwarebytes einen vollständigen Suchlauf der Festplatte des Laptops und der externen Festplatte gestartet: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.26.14 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 XXXXXX :: XXXXXX-PC [Administrator] Schutz: Aktiviert 26.07.2012 23:22:01 mbam-log-2012-07-26 (23-22-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 376493 Laufzeit: 1 Stunde(n), 27 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Fabian\AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) -> Löschen bei Neustart. (Ende) Code:
ATTFilter ADWARE/Adware.Gen
JS/Dldr.Expack.AY.3 (den sogar zweimal)
Als ich heute abend nach Hause kam, habe ich nochmal einen Quick Scan mit Malwarebytes durchgeführt: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.27.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 XXXXXX :: XXXXXX-PC [Administrator] Schutz: Aktiviert 27.07.2012 22:33:54 mbam-log-2012-07-27 (22-33-54).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 200057 Laufzeit: 4 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 1.) Kann ich feststellen, ob ich diesen Trojaner wirklich los bin? Besteht dafür überhaupt die Chance? Die Dinger sind ja meiner Recherche zufolge extrem schwer zu beseitigen und letztlich bringt nur eine Neuinstallation Gewissheit. 2.) Wenn ich Windows nun schon früher neu aufsetzen muss (ich wollte das eigentlich erst gegen Ende des Jahres wieder machen), kann ich sicherstellen, dass Dateien, die ich nun auf eine externe Festplatte sichere nicht auch bereits infiziert sind? Sonst würde ich den Trojaner ja nur wieder mit aufs neu aufgesetzte System bringen. Von den meisten wichtigen Dateien habe ich bereits Back-ups, es sind aber einige aktuellere Videoaufnahmen vom Sport und neuere Fotos auf dem Laptop, die ich noch nicht gesichert hatte. Vielen lieben Dank schonmal vorab für Eure Hilfe! Geändert von FJ1 (27.07.2012 um 23:11 Uhr) Grund: Rechtschreibung, Vollständigkeit |
|
28.07.2012, 14:37
| #2 |
| /// Helfer-Team  | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
28.07.2012, 19:17
| #3 |
| | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) Hallo t'John,
__________________zunächst einmal danke für die schnelle Antwort! Hier der Log von Mawarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.28.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 XXXXXX :: XXXXXX-PC [Administrator] Schutz: Aktiviert 28.07.2012 18:01:33 mbam-log-2012-07-28 (18-01-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 375035 Laufzeit: 1 Stunde(n), 27 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter List index out of bounds (21)
Code:
ATTFilter Application Event Log record 34796...
Es wurde jedenfalls nur ein OTL-Log erstellt: Code:
ATTFilter OTL logfile created on: 28.07.2012 20:35:30 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\XXXXXX\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,12% Memory free 9,66 Gb Paging File | 7,52 Gb Available in Paging File | 77,91% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453,94 Gb Total Space | 153,72 Gb Free Space | 33,86% Space Free | Partition Type: NTFS Drive F: | 465,76 Gb Total Space | 245,29 Gb Free Space | 52,66% Space Free | Partition Type: NTFS Drive H: | 3,68 Gb Total Space | 3,04 Gb Free Space | 82,64% Space Free | Partition Type: FAT32 Computer Name: XXXXXX-PC | User Name: XXXXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XXXXXX\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (SndTAudio) -- C:\Windows\SysNative\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h7b6l0480z1k5f4531y221 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h7b6l0480z1k5f4531y221 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h7b6l0480z1k5f4531y221 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h7b6l0480z1k5f4531y221 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h7b6l0480z1k5f4531y221 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h7b6l0480z1k5f4531y221 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE392 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:38580 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 4 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 11:47:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 08:41:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 11:47:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 08:41:58 | 000,000,000 | ---D | M] [2010.08.10 17:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Extensions [2012.06.28 23:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\cilpf5h6.default\extensions [2012.03.11 04:09:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\cilpf5h6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.28 22:50:10 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\cilpf5h6.default\extensions\battlefieldheroespatcher@ea.com [2012.03.17 21:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.19 11:47:57 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.11 19:57:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKCU..\Run: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000 -m File not found O4 - HKCU..\Run: [SpeedUpMyPC] "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000 File not found O4 - Startup: C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4523D4B-5B1C-46B0-BCB4-DADC90C2FB42}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk F:\ O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.28 19:48:25 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\XXXXXX\Desktop\OTL.exe [2012.07.28 17:56:35 | 000,000,000 | R--D | C] -- C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.07.28 17:53:53 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\XXXXXX\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.28 13:24:34 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{4BBED1E0-B70B-46F1-9552-DA352D769631} [2012.07.28 13:24:31 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{DB7AC883-CC7D-4FC7-88F0-6D8210AE9FF1} [2012.07.28 01:19:01 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{F80B78E6-E6E5-47EC-91AA-3D8AEF2A490E} [2012.07.28 01:19:00 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{8D57A475-5162-4BE8-93BF-0D17178BADF4} [2012.07.27 13:18:44 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{7C4AA882-5BC8-4145-86C1-3A5582BDF930} [2012.07.27 13:18:43 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{B13F20F2-9F40-40F7-AFA8-AD21EE1800AC} [2012.07.27 01:18:28 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{7A05451A-DCA2-473E-BF6C-1049EDE5DA18} [2012.07.27 01:18:27 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{40264782-6182-4BE7-8588-9A270FBC35D7} [2012.07.26 23:17:20 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Malwarebytes [2012.07.26 23:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.26 23:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.26 23:14:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.26 23:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.26 21:28:29 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Uhmon [2012.07.26 21:28:29 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Ozzey [2012.07.26 13:18:02 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{F6F0E131-B697-441C-B46D-8C2C1E2DF5FD} [2012.07.26 13:17:52 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{28E29578-86A1-4989-9AA7-C626933E2486} [2012.07.26 01:17:27 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{354EDBDC-FCA2-411A-A29B-D5EB7053D2EF} [2012.07.25 13:17:06 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{0003F6E7-1FC6-4113-834D-593BF2DD480A} [2012.07.25 13:16:56 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{CBF8D7F3-7D26-4BFD-9194-B2392B028CD7} [2012.07.25 01:16:32 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{DD36A816-AEE4-45D5-BD2E-EC4DE4517404} [2012.07.25 01:16:21 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{52A2EBB8-F4B6-4417-B06D-089E91EFA4B9} [2012.07.24 13:15:57 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{E2F8605E-3151-4E6C-A9F1-82568E7E4F68} [2012.07.24 13:15:45 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{4AAE2E5A-9CD1-468B-8F23-1CC5C3DB1866} [2012.07.24 01:15:21 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{178C7E79-FFCF-43D9-A330-5FF7FAC42CE5} [2012.07.24 01:15:11 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{87754487-EC2C-43D0-A07D-C01EDF76215C} [2012.07.23 09:55:55 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{797DDEF5-13F5-43FC-AD27-EBD1D66A102D} [2012.07.23 09:55:44 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{3EF3B728-0C19-41F0-8381-3880B3AC79DB} [2012.07.22 23:44:28 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\Desktop\Youtubevideos [2012.07.22 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{B088944A-39F5-43A2-AB99-818F10106461} [2012.07.22 14:57:11 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{8BB71888-EFC3-4AE7-823E-CF9A089ABE0B} [2012.07.22 02:56:45 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{983779AB-E250-4F62-A62B-60B32C4D88DB} [2012.07.21 21:14:16 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.07.21 21:10:56 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\Desktop\Youtube [2012.07.21 14:56:17 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{EA240C48-F345-448C-92EE-9ED2A1D35E62} [2012.07.21 14:56:07 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{C0179C63-94F5-429C-BAFD-1ECEA3478FF6} [2012.07.21 01:35:19 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{7133F436-4BE8-4F22-9290-07045029DDB2} [2012.07.21 01:35:09 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{4A4177D6-BCFD-4305-9BB0-D18F5D16B7E6} [2012.07.20 13:34:44 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{D7B205DA-0788-4DB7-894B-B7CC1A0F126A} [2012.07.20 13:34:34 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{9BE7DE50-B035-487E-8076-DC68C1B5520E} [2012.07.20 03:22:25 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Amazon [2012.07.20 03:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012.07.20 03:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2012.07.20 01:34:09 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{CDBA09E3-6C27-47AC-AE79-093E3ED3013F} [2012.07.20 01:33:59 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{270F12C5-6B0A-4F89-8A83-8BAFEB89A163} [2012.07.19 13:33:35 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{85E51522-23CF-44CF-B529-8A7A2170783C} [2012.07.19 13:33:25 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{870343A4-8AC1-4CDD-A846-FE9D7F21916F} [2012.07.19 01:32:59 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{830BF0A7-EF65-4920-9CCE-9DB3017FBE22} [2012.07.19 01:32:49 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{508AB302-CBA9-42B3-87FA-ED7DF08AC653} [2012.07.18 13:31:53 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{126471D7-9F4A-4F97-BE62-30F0C4457445} [2012.07.18 13:31:42 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{B3584E33-A705-48C2-BE0E-C11F72231A43} [2012.07.17 23:22:34 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{72A4A0E3-F1EF-4D2C-BAE9-8BF2B3F9D758} [2012.07.17 11:22:12 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{202F0EC1-5A87-4377-94E7-916D34AD85AD} [2012.07.17 11:22:01 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{20C9528D-EF6F-4366-BEA4-97837BEC1B06} [2012.07.16 23:21:37 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{A3CC4432-59D5-40DE-AF2F-5FBBC524B1E1} [2012.07.16 11:21:15 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{18FD41F6-F81F-4F6F-B6CE-19365140C607} [2012.07.16 11:21:06 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{EB89F5B6-D731-471E-AE5C-74EB5DFD076D} [2012.07.16 11:20:56 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{808C6DE3-0FA8-4DDF-AB11-AEB6494437F5} [2012.07.16 11:20:46 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{4C11E1C9-07DB-4D60-AAA3-0032A2EC9ADF} [2012.07.15 23:20:18 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{E4F766C3-A630-4666-9159-C8EEA0DC4E1D} [2012.07.15 11:19:17 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{B0FCE714-52B8-4EAC-8599-679FF510FCED} [2012.07.15 11:19:06 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{13565041-1B0A-46C5-8626-8F701A4D86B6} [2012.07.14 21:34:11 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{4D4EE030-B998-4247-97EB-CB56F6C0DFBC} [2012.07.14 21:34:01 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{EE85CCF0-9598-4E3C-B038-4585D8B98684} [2012.07.14 09:33:32 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{E952BFA2-AEF6-4F75-9CE3-3547FB4E888A} [2012.07.14 09:33:21 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{76E94A47-42B4-421C-93BD-0E315DC35F51} [2012.07.13 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{E2D7F5F7-0E95-4B4C-92B4-8D75E3A5CBAA} [2012.07.13 20:38:36 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{06922B18-C60C-42CA-9EE4-DD803C040706} [2012.07.13 08:38:03 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{D6CBAEB0-75E5-4BF3-80FA-E589A8923E45} [2012.07.13 08:37:53 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{BDD8304E-90AF-4B83-945D-D11773E26B29} [2012.07.12 13:44:41 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{56E085BB-7C29-45AF-9D4C-67F2988E78E6} [2012.07.12 13:44:30 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{24D1BABC-30FB-4632-B0C6-8023762C1A20} [2012.07.12 00:59:20 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{22ED7A1F-4D88-4B7D-A1EC-705F50A07190} [2012.07.12 00:59:10 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{B6E1B059-A421-4EB3-9338-2CB366F35732} [2012.07.12 00:55:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.12 00:55:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.12 00:55:24 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.12 00:55:22 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.12 00:55:22 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 12:58:43 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{EC2E2C81-75A2-47F1-9C07-DF1D6CE878F4} [2012.07.11 12:58:33 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{A661BAEF-DCD9-42A1-878B-581B370CDA90} [2012.07.10 18:39:53 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{4D3CFE13-4460-4021-AE34-80A0973B5CCB} [2012.07.10 18:39:43 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{4FA4BA6C-5321-49FF-A343-1CFF0E3D9064} [2012.07.10 00:54:26 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{4D3213CC-B25B-4CC2-ABB6-3F77BA8FBA5A} [2012.07.09 12:54:03 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{53380625-2039-4336-9F03-A78CBB6D457E} [2012.07.09 12:53:53 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{506C2F9C-DF2C-4F7C-B3F3-0ECD17E20EEE} [2012.07.09 00:53:27 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{225C0C50-2952-4000-BEF4-AAE9FFF971C8} [2012.07.08 12:53:03 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{375714FF-79A7-4F1C-B911-002E70AFB642} [2012.07.08 12:52:52 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{0F240991-250B-4FD4-86AA-2153584F617D} [2012.07.08 12:35:03 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\Desktop\UFC 148 [2012.07.08 00:52:28 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{EFFA3843-FE8C-4629-9E79-17F44366483D} [2012.07.08 00:52:17 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{0B7508FA-D4B9-4B37-9ED9-5A336B4800C7} [2012.07.07 12:51:50 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{4815CFDD-26DC-4213-AF31-8D0DE7DB9439} [2012.07.07 12:51:39 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{04FD2925-1027-424D-B3FD-E5A88202F3D8} [2012.07.06 21:20:09 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{19135967-34D3-47DD-AC04-0C6C205A6F3F} [2012.07.06 21:19:59 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{1F6BD598-1D40-4949-A186-AB969BC7C321} [2012.07.06 09:19:25 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{5A032971-85AF-4B52-A470-6335A655F8B2} [2012.07.06 09:19:14 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{46B31B05-14BB-4093-8AEA-0ADC38237962} [2012.07.05 16:13:13 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{F7A02ED1-3CB1-4D1C-A8DC-3889766D199B} [2012.07.05 16:13:01 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{5AEDAEF3-0D08-4523-B688-48A7E0BFF63A} [2012.07.05 00:40:46 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{40A6E160-030E-465D-B261-336C78F37034} [2012.07.04 12:40:13 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{0B6E1BBB-BE19-4FA8-9963-53C30F7BADC9} [2012.07.04 12:40:00 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{83D71785-010F-49D4-935D-53EB0886E192} [2012.07.04 00:31:59 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{98225549-DFB0-4DBA-B0A0-84A268087B46} [2012.07.03 12:31:16 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{1161508C-D45C-46E3-8E3F-4D1D86D3DC03} [2012.07.03 12:31:05 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{CAD85856-552A-438B-BD5C-DB45AE72340A} [2012.07.03 00:16:11 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{AAA48B1E-19D8-4886-9C63-60BFACCA7844} [2012.07.03 00:16:00 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{9DD8C333-436A-474D-89C3-520DF1120DFC} [2012.07.02 12:15:34 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{9CDA92E3-018F-456A-B770-D2DE10D149F6} [2012.07.02 12:15:24 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{26D17928-C3B9-4875-B109-E17A27402CF6} [2012.07.01 13:06:41 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{3103609E-D29C-4C49-9914-95F942DEF3BE} [2012.07.01 13:06:29 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{F94DA06B-13ED-4798-B0EA-0631C88F12E0} [2012.06.30 14:42:43 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{14EC77E1-3FB5-4561-98BC-C2EFA26E5D3C} [2012.06.30 14:42:32 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{2BC7C4ED-B278-4883-B24E-39006553A0FD} [2012.06.29 17:11:52 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{7AFA251A-F6C2-46E8-B372-EDBB77ADDB89} [2012.06.29 17:11:42 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{952A0AEF-B184-4628-AF2D-C4402FF44ADA} [2012.06.29 02:19:54 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{6A1E47E8-8644-4C7F-9944-D424B4414597} [2012.06.29 02:19:43 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{DE81DB72-A3FD-481F-9AC1-83083426614B} [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.28 19:48:32 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\XXXXXX\Desktop\OTL.exe [2012.07.28 18:03:25 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.28 18:03:25 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.28 17:56:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.28 17:55:56 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys [2012.07.28 17:55:15 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.28 17:54:01 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\XXXXXX\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.27 20:06:12 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.27 20:06:12 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.27 20:06:12 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.27 20:06:12 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.27 20:06:12 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.27 19:05:50 | 000,001,410 | ---- | M] () -- C:\Users\XXXXXX\Desktop\Free YouTube to MP3 Converter.lnk [2012.07.24 20:02:38 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1342421813-2012-07-24 20_02_38.399082.dmp [2012.07.24 19:38:41 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1342421813-2012-07-24 19_38_41.164357.dmp [2012.07.24 15:26:41 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1342421813-2012-07-24 15_26_41.337733.dmp [2012.07.24 15:25:30 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1342421813-2012-07-24 15_25_30.281669.dmp [2012.07.24 01:23:43 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1342421813-2012-07-24 01_23_43.293023.dmp [2012.07.22 22:21:44 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1342421813-2012-07-22 22_21_44.159250.dmp [2012.07.21 21:14:17 | 000,001,314 | ---- | M] () -- C:\Users\XXXXXX\Desktop\Free YouTube Download.lnk [2012.07.20 03:20:27 | 001,008,736 | ---- | M] () -- C:\Users\XXXXXX\Desktop\AmazonMP3DownloaderInstall.exe [2012.07.17 09:48:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.17 09:48:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.15 12:55:16 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1340260499-2012-07-15 12_55_16.040210.dmp [2012.07.12 08:33:01 | 000,366,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.11 20:25:55 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1340260499-2012-07-11 20_25_55.498569.dmp [2012.07.06 11:59:21 | 000,002,604 | ---- | M] () -- C:\Windows\tasks\hpwebreg_xxxxxxxxxx.job [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.02 15:50:16 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1340260499-2012-07-02 15_50_16.761074.dmp [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.28 17:55:15 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.24 20:02:38 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1342421813-2012-07-24 20_02_38.399082.dmp [2012.07.24 19:38:41 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1342421813-2012-07-24 19_38_41.164357.dmp [2012.07.24 15:26:41 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1342421813-2012-07-24 15_26_41.337733.dmp [2012.07.24 15:25:30 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1342421813-2012-07-24 15_25_30.281669.dmp [2012.07.24 01:23:43 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1342421813-2012-07-24 01_23_43.293023.dmp [2012.07.22 22:21:44 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1342421813-2012-07-22 22_21_44.159250.dmp [2012.07.21 21:14:17 | 000,001,314 | ---- | C] () -- C:\Users\XXXXXX\Desktop\Free YouTube Download.lnk [2012.07.20 03:20:25 | 001,008,736 | ---- | C] () -- C:\Users\XXXXXX\Desktop\AmazonMP3DownloaderInstall.exe [2012.07.15 12:55:16 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1340260499-2012-07-15 12_55_16.040210.dmp [2012.07.11 20:25:55 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1340260499-2012-07-11 20_25_55.498569.dmp [2012.07.02 15:50:16 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\Documents\ts3_clientui-win32-1340260499-2012-07-02 15_50_16.761074.dmp [2012.04.28 23:17:05 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.04.28 23:16:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.01.02 14:48:54 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2011.07.31 20:39:36 | 000,000,222 | ---- | C] () -- C:\Windows\wininit.ini [2011.04.04 13:28:09 | 000,008,192 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.06 03:07:22 | 000,000,815 | ---- | C] () -- C:\Windows\lightworks.ini [2010.10.02 20:41:09 | 000,000,012 | ---- | C] () -- C:\Windows\Recorder.dat [2010.10.02 20:26:47 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2010.08.12 16:20:39 | 000,084,962 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.08.10 17:09:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.11.06 02:41:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:5079DADB < End of report > Geändert von FJ1 (28.07.2012 um 20:00 Uhr) Grund: Vollständigkeit |
|
28.07.2012, 20:53
| #4 |
| /// Helfer-Team | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE392
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:38580
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 4
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
[2012.03.11 04:09:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\cilpf5h6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.28 22:50:10 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\cilpf5h6.default\extensions\battlefieldheroespatcher@ea.com
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000 -m File not found
O4 - HKCU..\Run: [SpeedUpMyPC] "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000 File not found
O4 - Startup: C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
[2012.07.26 21:28:29 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Uhmon
[2012.07.26 21:28:29 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Ozzey
[2012.07.20 03:22:25 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Amazon
[2012.07.20 03:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:5079DADB
[2012.07.28 17:55:15 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.06 11:59:21 | 000,002,604 | ---- | M] () -- C:\Windows\tasks\hpwebreg_xxxxxxxxxx.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
28.07.2012, 21:49
| #5 |
| | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) Hallo t'John, nochmals danke für die rasche Antwort! Hier der OTL-Log: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: 4 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\cilpf5h6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\cilpf5h6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\cilpf5h6.default\extensions\battlefieldheroespatcher@ea.com\plugins folder moved successfully.
C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\cilpf5h6.default\extensions\battlefieldheroespatcher@ea.com\META-INF folder moved successfully.
C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\cilpf5h6.default\extensions\battlefieldheroespatcher@ea.com folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PowerSuite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpeedUpMyPC deleted successfully.
C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk moved successfully.
C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Users\XXXXXX\AppData\Roaming\Uhmon folder moved successfully.
C:\Users\XXXXXX\AppData\Roaming\Ozzey folder moved successfully.
C:\Users\XXXXXX\AppData\Roaming\Amazon folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon folder moved successfully.
ADS C:\ProgramData\Temp:5079DADB deleted successfully.
File C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk not found.
C:\Windows\Tasks\hpwebreg_xxxxxxxxxx.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\XXXXXX\Desktop\cmd.bat deleted successfully.
C:\Users\XXXXXX\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: XXXXXX
->Temp folder emptied: 4094288819 bytes
->Temporary Internet Files folder emptied: 1717863939 bytes
->Java cache emptied: 1279716 bytes
->FireFox cache emptied: 345235277 bytes
->Flash cache emptied: 252038 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 711240 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 367799274 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6.225,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: XXXXXX
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.55.0 log created on 07282012_223450
Files\Folders moved on Reboot...
C:\Users\XXXXXX\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\XXXXXX\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
In meiner relativ großen Ahnungslosigkeit habe ich, nachdem ich wieder Zugriff auf meinen Desktop hatte, mein Mobiltelefon angeschlossen, um eine handvoll Fotos auf den Rechner zu kopieren. Muss ich mir diesbezüglich Sorgen machen? Vielen Dank für die große Hilfe! |
|
29.07.2012, 13:55
| #6 |
| /// Helfer-Team | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) Nein, keine Sorge. Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) |
|
29.07.2012, 18:53
| #7 |
| | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) Hallo t'John, danke für die schnelle Antwort. Windows lädt gefühlt etwas schneller  Hier sind die Logs: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.29.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 XXXXXX :: XXXXXX-PC [Administrator] Schutz: Aktiviert 29.07.2012 17:01:36 mbam-log-2012-07-29 (17-01-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 371619 Laufzeit: 1 Stunde(n), 25 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/29/2012 at 19:48:13
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : XXXXXX - XXXXXX-PC
# Running from : C:\Users\XXXXXX\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
***** [Registre - GUID] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\cilpf5h6.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1525 octets] - [29/07/2012 19:48:13]
########## EOF - C:\AdwCleaner[R1].txt - [1653 octets] ##########
|
|
29.07.2012, 18:55
| #8 |
| /// Helfer-Team | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
29.07.2012, 21:32
| #9 |
| | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) Super, danke! Hier die beiden neuen Logs: Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/29/2012 at 20:24:45
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : XXXXXX - XXXXXX-PC
# Running from : C:\Users\XXXXXX\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
***** [Registre - GUID] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\cilpf5h6.default\prefs.js
C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\cilpf5h6.default\user.js ... Deleted !
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1646 octets] - [29/07/2012 19:48:13]
AdwCleaner[S1].txt - [1287 octets] - [29/07/2012 20:24:45]
########## EOF - C:\AdwCleaner[S1].txt - [1415 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 29.07.2012 20:36:58
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, F:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 29.07.2012 20:37:22
Gescannt 620928
Gefunden 0
Scan Ende: 29.07.2012 22:29:28
Scan Zeit: 1:52:06
Geändert von FJ1 (29.07.2012 um 21:34 Uhr) Grund: Vollständigkeit |
|
29.07.2012, 21:34
| #10 |
| /// Helfer-Team | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
29.07.2012, 22:08
| #11 |
| | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) "Can not get update. Is proxy configured?" Heißt das ich habe noch irgendetwas an, das verhindert, dass es updaten kann? |
|
30.07.2012, 15:47
| #12 |
| /// Helfer-Team | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) Falsche Proxy Einstellungen entfernen
  |
|
30.07.2012, 17:54
| #13 |
| | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) Hi t'john, super, danke. Jetzt hat es geklappt. Hier ist der Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=61711af6f4633d42860cdced055c073b
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-30 03:18:01
# local_time=2012-07-30 05:18:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 24869582 24869582 0 0
# compatibility_mode=5893 16776573 100 94 66286 95291299 0 0
# compatibility_mode=8192 67108863 100 0 65637 65637 0 0
# scanned=85
# found=0
# cleaned=0
# scan_time=32
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=61711af6f4633d42860cdced055c073b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-30 04:48:02
# local_time=2012-07-30 06:48:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 24869687 24869687 0 0
# compatibility_mode=5893 16776573 100 94 66391 95291404 0 0
# compatibility_mode=8192 67108863 100 0 65742 65742 0 0
# scanned=193247
# found=0
# cleaned=0
# scan_time=5327
|
|
30.07.2012, 17:59
| #14 |
| /// Helfer-Team | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) Java aktualisieren Deine Javaversion ist veraltet. Da einige Schaedlinge ueber Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen muessen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von SingularLabs herunter und entpacke es auf den Desktop. Nimm die Windows Binary. JavaRA ist geeignet fuer Windows Windows 9x, 2k, XP, Vista, 7. Vista und Windows 7-User muessen die Benuterkontensteuerung deaktivieren, Anleitung siehe unten.
Downloade nun die aktuelle Offline-Version von Java von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also waehrend der Installation den Haken bei der Toolbar entfernen. Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
30.07.2012, 19:16
| #15 |
| | BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) Alles klar soweit, danke! Hier ist die Logdatei von JavaRa: Code:
ATTFilter There was an error removing C:\Users\XXXXXX\Start Menu\Programs\Sun Download Manager 2.0 (local). The error returned was 124.
JavaRa 1.16 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Jul 30 19:48:18 2012
Found and removed: Applications\java.exe
Found and removed: Applications\javaw.exe
Found and removed: JavaPlugin.FamilyVersionSupport
Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.6
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\JavaPlugin
Found and removed: SOFTWARE\Classes\JavaPlugin.160_31
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0
Found and removed: SOFTWARE\JavaSoft
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5
------------------------------------
Finished reporting.
Bei den Einstellungen von Java wird mir im Moment kein Reiter Update bzw. Aktualisieren angezeigt. Ich nehme an, das liegt daran, dass die Version momentan aktuell ist. |
|
| Themen zu BKA-Trojaner 1.03 - AppData\Roaming\Ozzey\somu.exe (Spyware.Zeus) |
| administrator, anti-malware, aufsetzen, autostart, dateien, einstellungen, explorer, externe festplatte, festplatte, folge, frage, hilfe!, ip-adresse, laptop, löschen, malwarebytes, neu, neu aufsetzen, neustart, popup, problem, probleme, programm, rechner, scan, sperrbildschirm, spyware.zeus, systemstart |
Linear-Darstellung
