| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.08.2012, 16:36
| #1 |
 |  Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! Hallo, ich habe nach Eurer Anleitung einen Ukash Bundestrojaner entfernt mittels Kaspersky WinUnlocker. Das hat auch gut funktioniert, ich kam wieder in Win rein (Den Schritt mit dem unlocken von Files habe ich nicht gemacht, da ich keine gelockten Files gefunden habe). Allerdings habe ich nun den Fehler, dass meine LAN Karte ständig behauptet, es sei kein Netzwerkkabel angeschlossen, was definitiv nicht der Fall ist (auch Ersatzkabel habe ich getestet). Alles, was ich versucht habe, hat nicht funktioniert (sfc.exe, Neuinstallation des LAN Kartentreibers, Systemwiederherstellung etc.). Über eine eingebaute WLAN Karte kann ich noch auf das Netz zugreifen (die Connection zum ROuter ist aber instabil, terminiert sich des öfteren selbst, findet keine WLANS). Google hat nicht geholfen. Hat diesen Fehler schonmal jemand gesehen oder einen Ansatz dazu? Eigentlich bin ich nicht der vollkommene Anfänger bei Win 7, aber hier steh ich doch wie Schaf vor Berg... Das hat Malwarebytes als ersten Scan ausgegeben, bevor ich das System gereinigt habe: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.11.02 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Bastian :: BASTIAN-PC [Administrator] 11.08.2012 11:54:24 mbam-log-2012-08-11 (11-54-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 235642 Laufzeit: 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Downloads\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Keine Aktion durchgeführt. C:\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Windows\System32\H@tKeysH@@k.DLL (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\SysWOW64\H@tKeysH@@k.DLL (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
11.08.2012, 18:22
| #2 |
| /// Helfer-Team  | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! CustomScan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*
%APPDATA%\*AcroIEH*.*
%APPDATA%\*.exe
%APPDATA%\*.tmp
CREATERESTOREPOINT
__________________ |
|
11.08.2012, 19:03
| #3 |
| | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! Der [code] Befehl geht nicht, warum auch immer, muss es also als Text posten, sorry.
__________________Geändert von Ozi0815 (11.08.2012 um 19:08 Uhr) |
|
11.08.2012, 19:09
| #4 |
| | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! wegeditiert Geändert von Ozi0815 (11.08.2012 um 19:14 Uhr) |
|
11.08.2012, 19:10
| #5 |
| /// Helfer-Team | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! So mache den Scan nochmal und diesmal siehe zu, dass du keinen Muell ins OTL einfuegst, sondern nur das vorgegebene. |
|
11.08.2012, 19:10
| #6 |
| | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! wegeditiert |
|
11.08.2012, 19:12
| #7 |
| | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! Das habe ich, ich stelle es mal auf Minimal Ausgabe. |
|
11.08.2012, 19:14
| #8 |
| /// Helfer-Team | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! Wenn du die Anweisungen nicht befolgen moechtest, koennen wir auch hier aufhoeren. |
|
11.08.2012, 19:32
| #9 |
| | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr!Code:
ATTFilter OTL logfile created on: 11.08.2012 20:24:26 - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Bastian\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 59,27% Memory free 7,90 Gb Paging File | 5,87 Gb Available in Paging File | 74,29% Paging File free Paging file location(s): u:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,90 Gb Total Space | 6,66 Gb Free Space | 11,91% Space Free | Partition Type: NTFS Drive E: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive J: | 7,46 Gb Total Space | 7,45 Gb Free Space | 99,94% Space Free | Partition Type: FAT32 Drive U: | 238,47 Gb Total Space | 68,81 Gb Free Space | 28,86% Space Free | Partition Type: NTFS Computer Name: BASTIAN-PC | User Name: Bastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Bastian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\StarMoney 8.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) PRC - C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) PRC - C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software) PRC - C:\Windows\SysWOW64\XSrvSetup.exe () PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Bastian\AppData\Local\Temp\sfamcc00001.dll () MOD - C:\Users\Bastian\AppData\Local\Temp\sfareca00001.dll () MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP) SRV:64bit: - (D-Link SharePort Plus Helper) -- C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) SRV - (Windows7FirewallService) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software) SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (OTFSDMS) -- C:\Program Files (x86)\AddinForUNCFAT\UNCFATDMS.exe (Microsoft Corp.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT) DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\drivers\sxuptp.sys (silex technology, Inc.) DRV:64bit: - (HPFXBULKLEDM) -- C:\Windows\SysNative\drivers\hppdbulkio.sys (Hewlett Packard) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (tap0801) -- C:\Windows\SysNative\drivers\tap0801.sys (The OpenVPN Project) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (UnlockerDriver5) -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 34 9D FF 91 58 CD 01 [binary data] IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 89 93 98 DD FE CC 01 [binary data] IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: unplug@compunach:2.047 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.68\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.68\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 21:56:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 20:00:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 21:56:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 20:00:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.22 13:13:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\ipi6h4b5.default\extensions\mail@shopping-preise.de [2012.08.11 19:31:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\ipi6h4b5.default\extensions\extension@preispilot.com [2012.08.11 19:32:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\ipi6h4b5.default\extensions\firejump@firejump.net [2012.08.11 19:32:04 | 000,000,000 | ---D | M] [2011.01.09 01:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Extensions [2011.01.09 01:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.11 19:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\ipi6h4b5.default\extensions [2012.03.27 23:46:52 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\ipi6h4b5.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012.02.12 00:10:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\ipi6h4b5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.03 00:22:06 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\ipi6h4b5.default\extensions\2020Player_IKEA@2020Technologies.com [2012.08.11 19:32:00 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\ipi6h4b5.default\extensions\extension@preispilot.com [2012.08.11 19:32:04 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\ipi6h4b5.default\extensions\firejump@firejump.net [2012.08.11 19:31:59 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\ipi6h4b5.default\extensions\mail@shopping-preise.de [2012.08.11 19:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\ipi6h4b5.default\extensions\extension@preispilot.com\chrome [2008.07.27 23:18:44 | 000,002,117 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\ipi6h4b5.default\searchplugins\torrentfile-search.xml [2011.11.09 19:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.30 00:35:58 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IPI6H4B5.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.07.21 22:03:39 | 000,031,929 | ---- | M] () (No name found) -- C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IPI6H4B5.DEFAULT\EXTENSIONS\GEEKCK@FACEBOOK.COM.XPI [2012.07.20 21:56:23 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.02 09:49:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.02 09:49:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.02 09:49:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.02 09:49:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.02 09:49:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.02 09:49:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [HP CP1020 System Tray] C:\Program Files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE (HP) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OTFSDMS] C:\Program Files (x86)\AddinForUNCFAT\UNCFATDMS.exe (Microsoft Corp.) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016..\RunOnce: [CTPostBootSequencer] "C:\Users\Bastian\AppData\Local\Temp\CTPBSeq.exe" /reglaunch /self_destruct File not found O4 - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) O4 - Startup: C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Plus.lnk = File not found O4 - Startup: C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) O4 - Startup: C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O7 - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Bastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Bastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (Reg Error: Key error.) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86F63FA4-910A-416C-96AA-CB77085B2515}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F9278F9-D70A-44E1-96B2-E9A8221D863F}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{1350df40-717e-11e0-94f0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1350df40-717e-11e0-94f0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\null.exe O33 - MountPoints2\{74e61edd-758a-11e1-bd6d-1c6f653cf6e8}\Shell - "" = AutoRun O33 - MountPoints2\{74e61edd-758a-11e1-bd6d-1c6f653cf6e8}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009.07.15 21:39:51 | 000,106,760 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk /r \??\I:) O34 - HKLM BootExecute: (autocheck autochk /r \??\I:) O34 - HKLM BootExecute: (autocheck autochk /r \??\I:) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Bastian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ET6.lnk - C:\Windows\Installer\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}\ET6SC.exe_457D7505D6654F9591C3ECB8C56E9ACA.exe - (InstallShield Software Corp.) MsConfig:64bit - StartUpFolder: C:^Users^Bastian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Impulse Now.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^Bastian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation) MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: CmPCIaudio - hkey= - key= - C:\Windows\syswow64\RunDll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ivxe.exe - hkey= - key= - File not found MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QIP2005 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {64196E49-CECE-E490-7348-08BDD8DBBFC1} - Internet Explorer ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {900D26D6-B9E8-CB35-E395-28692311240A} - Microsoft Windows Media Player 12.0 ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler) Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( ) Drivers32: VIDC.VP70 - C:\Windows\SysWow64\vp7vfw.dll (On2.com) Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.11 19:34:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RT 7 Lite [2012.08.11 19:34:47 | 000,000,000 | ---D | C] -- C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockers Team [2012.08.11 19:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Rockers Team [2012.08.11 19:33:37 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Bastian\Desktop\OTL.exe [2012.08.11 19:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Langmeier Software [2012.08.11 19:32:00 | 000,000,000 | ---D | C] -- C:\Users\Bastian\AppData\Roaming\DesktopIconForAmazon [2012.08.11 19:31:59 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2012.08.11 19:21:12 | 000,000,000 | ---D | C] -- C:\Users\Bastian\Desktop\sata2 [2012.08.11 19:19:52 | 000,000,000 | ---D | C] -- C:\Users\Bastian\Desktop\sata [2012.08.11 17:56:53 | 000,000,000 | ---D | C] -- C:\Users\Bastian\Desktop\restore tools [2012.08.11 17:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO [2012.08.11 17:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems [2012.08.11 17:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO [2012.08.11 17:50:32 | 000,000,000 | ---D | C] -- C:\Users\Bastian\Documents\My ISO Files [2012.08.11 17:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.08.11 17:10:41 | 000,000,000 | ---D | C] -- C:\Downloads [2012.08.11 16:29:57 | 000,000,000 | ---D | C] -- C:\Users\Bastian\AppData\Roaming\ImgBurn [2012.08.11 16:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012.08.11 16:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012.08.11 15:21:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.11 14:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek [2012.08.11 11:54:08 | 000,000,000 | ---D | C] -- C:\Users\Bastian\AppData\Roaming\Malwarebytes [2012.08.11 11:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.11 11:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.11 11:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.09 15:27:42 | 000,000,000 | ---D | C] -- C:\Users\Bastian\Documents\Shiner [2012.08.07 09:40:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.06 14:34:25 | 000,000,000 | ---D | C] -- C:\Users\Bastian\Desktop\Handy Backup [2012.08.06 14:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.08.06 13:59:18 | 000,000,000 | ---D | C] -- C:\Users\Bastian\AppData\Local\Downloaded Installations [2012.08.06 13:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2012.08.06 13:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2012.08.06 13:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2012.08.06 11:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link [2012.08.06 11:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link [2012.08.06 11:58:33 | 000,301,128 | ---- | C] (silex technology, Inc.) -- C:\Windows\SysNative\drivers\sxuptp.sys [2012.08.02 11:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.08.02 11:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.07.21 12:18:36 | 000,000,000 | ---D | C] -- C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP [2012.07.21 12:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.07.21 12:17:09 | 000,000,000 | ---D | C] -- C:\CP1020_Series_Full_Solution [2012.07.16 09:44:27 | 000,000,000 | ---D | C] -- C:\Users\Bastian\Documents\Telltale Games [2012.07.12 21:50:25 | 000,000,000 | R--D | C] -- C:\Users\Bastian\Documents\Scanned Documents [2012.07.12 21:50:24 | 000,000,000 | ---D | C] -- C:\Users\Bastian\Documents\Fax [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.11 19:45:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.11 19:40:25 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.11 19:40:25 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.11 19:34:47 | 000,002,244 | ---- | M] () -- C:\Users\Bastian\Desktop\RT 7 Lite (64-Bit).lnk [2012.08.11 19:32:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Bastian\Desktop\OTL.exe [2012.08.11 18:01:04 | 001,682,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.11 18:01:04 | 000,729,104 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.11 18:01:04 | 000,670,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.11 18:01:04 | 000,158,848 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.11 18:01:04 | 000,130,290 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.11 17:50:35 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk [2012.08.11 17:41:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.11 17:40:12 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx [2012.08.11 17:40:12 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx [2012.08.11 17:40:12 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx [2012.08.11 16:30:43 | 000,002,542 | ---- | M] () -- C:\Users\Bastian\Desktop\Windows 7 USB DVD Download Tool.lnk [2012.08.11 16:24:46 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.08.11 16:18:44 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.08.11 16:18:44 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012.08.11 15:21:47 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.11 11:48:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\00etadpu.pad [2012.08.07 09:33:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.08.06 14:06:53 | 000,001,236 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Plus.lnk [2012.08.06 11:58:53 | 000,001,216 | ---- | M] () -- C:\Users\Bastian\Desktop\SharePort Plus.lnk [2012.08.01 00:25:07 | 000,001,072 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm [2012.08.01 00:25:07 | 000,001,072 | ---- | M] () -- C:\Windows\SysNative\settings.sfm [2012.07.29 14:22:33 | 000,000,492 | RHS- | M] () -- C:\Users\Bastian\ntuser.pol [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.11 20:21:54 | 000,073,402 | ---- | C] () -- C:\Users\Bastian\Desktop\Unbenannt.png [2012.08.11 19:34:47 | 000,002,244 | ---- | C] () -- C:\Users\Bastian\Desktop\RT 7 Lite (64-Bit).lnk [2012.08.11 19:32:10 | 000,002,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Rambazamba.lnk [2012.08.11 19:32:00 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.08.11 17:50:35 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk [2012.08.11 16:30:43 | 000,002,542 | ---- | C] () -- C:\Users\Bastian\Desktop\Windows 7 USB DVD Download Tool.lnk [2012.08.11 16:24:46 | 000,001,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012.08.11 16:24:46 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.08.11 15:21:47 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.11 11:41:31 | 004,503,728 | ---- | C] () -- C:\ProgramData\00etadpu.pad [2012.08.06 14:32:25 | 000,129,024 | R--- | C] () -- C:\Windows\SysNative\HPCP1020LM.dll [2012.08.06 14:06:53 | 000,001,236 | ---- | C] () -- C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Plus.lnk [2012.08.06 11:58:53 | 000,001,216 | ---- | C] () -- C:\Users\Bastian\Desktop\SharePort Plus.lnk [2012.06.17 18:18:34 | 000,366,080 | R--- | C] () -- C:\Windows\multiflexio.dll [2012.06.17 18:18:34 | 000,235,008 | ---- | C] () -- C:\Windows\scsicomm.dll [2012.06.17 18:18:34 | 000,231,936 | R--- | C] () -- C:\Windows\netcomm.dll [2012.06.17 18:18:34 | 000,226,304 | R--- | C] () -- C:\Windows\hppcompiocomm.dll [2012.06.14 17:47:08 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2012.06.14 17:47:07 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2012.06.14 17:47:04 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [2012.06.14 17:47:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2012.06.14 17:47:01 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2012.06.14 17:47:01 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2012.06.14 17:47:01 | 000,017,871 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2012.05.19 20:59:02 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini [2012.05.19 16:35:18 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.05.19 16:35:18 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.05.19 16:35:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2012.05.19 16:35:00 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2012.05.19 16:34:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2012.04.14 23:05:51 | 000,003,881 | R--- | C] () -- C:\ProgramData\HPSSOSS.HTM [2012.04.14 23:05:51 | 000,002,944 | R--- | C] () -- C:\ProgramData\HPSSSIG.GIF [2012.03.28 17:53:52 | 000,024,772 | R--- | C] () -- C:\ProgramData\HPSSDEF.CSS [2012.02.24 19:56:39 | 000,000,701 | ---- | C] () -- C:\Windows\Sfc3ng.INI [2011.11.03 13:49:30 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll [2011.11.03 13:49:30 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll [2011.10.05 17:37:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 15:50:14 | 000,000,394 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2011.08.29 02:38:34 | 000,000,492 | RHS- | C] () -- C:\Users\Bastian\ntuser.pol [2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.07.14 19:14:24 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.06.29 12:20:48 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011.06.20 12:47:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.06.15 16:01:02 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.06.15 16:01:00 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.06.15 16:01:00 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.06.15 16:01:00 | 000,122,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2011.06.10 18:59:48 | 000,000,684 | ---- | C] () -- C:\Users\Bastian\AppData\Roaming\AutoGK.ini [2011.05.16 10:45:12 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.05.06 17:03:54 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.04.28 19:53:22 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat [2011.04.12 15:41:18 | 000,000,635 | ---- | C] () -- C:\Windows\STBC.INI [2011.03.21 19:17:04 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI [2011.03.10 20:20:59 | 000,072,280 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2011.01.24 17:36:35 | 000,036,363 | ---- | C] () -- C:\Windows\CSTBox.INI [2011.01.21 22:10:43 | 000,017,920 | ---- | C] () -- C:\Users\Bastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.18 15:27:50 | 001,703,704 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.17 16:58:24 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.01.17 16:58:24 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.01.17 16:58:24 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.01.11 17:08:08 | 000,000,131 | ---- | C] () -- C:\Windows\CRC.INI [2011.01.10 19:12:16 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.01.09 02:35:53 | 000,007,603 | ---- | C] () -- C:\Users\Bastian\AppData\Local\resmon.resmoncfg [2011.01.09 01:56:12 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll [2011.01.09 01:30:59 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2011.01.09 01:12:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini ========== LOP Check ========== [2012.03.26 17:50:10 | 000,000,000 | -HSD | M] -- C:\Users\Bastian\AppData\Roaming\.# [2012.05.31 20:16:54 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Acronis [2011.04.30 13:55:59 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Amazon [2011.01.10 19:17:19 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Canon [2011.01.09 04:10:04 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DAEMON Tools Lite [2012.08.11 19:32:00 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DesktopIconForAmazon [2012.04.26 20:59:45 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DVDVideoSoft [2012.04.26 20:56:34 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.05 15:46:22 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\fotw [2011.06.10 19:10:56 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Fraunhofer [2011.02.05 19:17:56 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\FreeFLVConverter [2012.07.01 15:38:07 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\GetRightToGo [2012.08.11 16:30:07 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\ImgBurn [2011.12.18 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Import Audio from Video [2011.04.03 23:50:30 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Ips [2012.08.11 14:30:44 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\IrfanView [2012.02.09 17:50:16 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Ivacy [2012.05.31 20:25:49 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Kalypso Media [2011.01.09 00:37:07 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Leadertech [2011.01.17 23:29:14 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\mkvtoolnix [2012.05.23 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Mount&Blade [2012.05.27 09:38:51 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Mount&Blade Warband [2011.01.14 03:10:33 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\NBSoftSolutions [2012.04.15 23:58:49 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Priotecs [2012.02.18 22:56:15 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\ProtectDISC [2011.03.21 19:17:02 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\ScanSoft [2011.03.16 20:29:38 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Stardock [2012.01.15 00:26:40 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Subversion [2011.03.31 16:46:35 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Sync App Settings [2012.06.22 19:15:13 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\temp [2012.05.06 17:24:30 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\The Creative Assembly [2012.05.31 21:18:57 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Thunderbird [2012.04.14 13:22:53 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Trillian [2011.01.18 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\TuneUp Software [2012.07.01 15:42:40 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Ubisoft [2011.01.11 16:33:53 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Uniblue [2011.11.09 16:42:12 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Unity [2011.01.09 03:11:11 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\wargaming.net [2011.11.15 20:28:55 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Ypqa [2011.01.19 01:05:02 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Zeon [2012.08.11 14:30:44 | 000,000,000 | ---D | M] -- C:\Users\HTC\AppData\Roaming\HTC [2012.05.27 08:51:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.26 17:50:10 | 000,000,000 | -HSD | M] -- C:\Users\Bastian\AppData\Roaming\.# [2012.05.31 20:16:54 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Acronis [2011.06.08 18:00:17 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Adobe [2011.04.30 13:55:59 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Amazon [2011.09.14 16:35:19 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Apple Computer [2011.01.10 19:17:19 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Canon [2011.01.09 04:10:04 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DAEMON Tools Lite [2012.08.11 19:32:00 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DesktopIconForAmazon [2011.01.29 11:38:17 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DivX [2011.07.11 19:20:27 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\dvdcss [2012.04.26 20:59:45 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DVDVideoSoft [2012.04.26 20:56:34 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.05 15:46:22 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\fotw [2011.06.10 19:10:56 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Fraunhofer [2011.02.05 19:17:56 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\FreeFLVConverter [2012.07.01 15:38:07 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\GetRightToGo [2011.10.26 17:36:31 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Hamachi [2012.06.17 18:17:53 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\HP [2012.06.17 17:21:11 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\HpUpdate [2011.01.09 00:29:04 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Identities [2012.08.11 16:30:07 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\ImgBurn [2011.12.18 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Import Audio from Video [2011.05.03 15:09:48 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\InstallShield [2011.04.03 23:50:30 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Ips [2012.08.11 14:30:44 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\IrfanView [2012.02.09 17:50:16 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Ivacy [2012.05.31 20:25:49 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Kalypso Media [2011.01.09 00:37:07 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Leadertech [2011.04.29 15:57:34 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Logishrd [2011.10.09 22:27:54 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Logitech [2011.01.09 01:37:16 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Macromedia [2012.08.11 11:54:08 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Malwarebytes [2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Media Center Programs [2012.04.16 22:09:39 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Media Player Classic [2012.01.14 16:20:22 | 000,000,000 | --SD | M] -- C:\Users\Bastian\AppData\Roaming\Microsoft [2011.01.17 23:29:14 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\mkvtoolnix [2012.05.23 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Mount&Blade [2012.05.27 09:38:51 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Mount&Blade Warband [2011.01.09 01:10:07 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Mozilla [2011.01.14 03:10:33 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\NBSoftSolutions [2011.01.11 19:01:16 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Nero [2011.08.28 00:26:14 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\NVIDIA [2012.04.15 23:58:49 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Priotecs [2012.02.18 22:56:15 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\ProtectDISC [2011.03.21 19:17:02 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\ScanSoft [2011.01.17 17:00:50 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\SecuROM [2012.08.03 12:19:25 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Skype [2011.08.25 12:18:17 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\skypePM [2011.03.16 20:29:38 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Stardock [2012.01.15 00:26:40 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Subversion [2011.03.31 16:46:35 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Sync App Settings [2012.06.22 19:15:13 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\temp [2012.05.06 17:24:30 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\The Creative Assembly [2012.05.31 21:18:57 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Thunderbird [2012.04.14 13:22:53 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Trillian [2011.01.18 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\TuneUp Software [2012.07.01 15:42:40 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Ubisoft [2011.01.11 16:33:53 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Uniblue [2011.11.09 16:42:12 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Unity [2012.07.30 18:27:59 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\vlc [2011.01.09 03:11:11 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\wargaming.net [2011.01.12 11:25:10 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\WinRAR [2011.11.15 20:28:55 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Ypqa [2011.01.19 01:05:02 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > [2012.08.11 19:31:59 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Bastian\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe [2012.02.17 15:31:16 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Bastian\AppData\Roaming\Microsoft\Installer\{0B6994DB-9B21-40F2-820E-45C477FAA5DC}\ARPPRODUCTICON.exe [2012.08.11 16:30:43 | 000,119,808 | R--- | M] () -- C:\Users\Bastian\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe [2012.08.11 19:34:47 | 000,370,070 | R--- | M] () -- C:\Users\Bastian\AppData\Roaming\Microsoft\Installer\{DDEBB7D6-671C-468D-98EB-EF9F1A1BC524}\RTWin7Lite.exe [2011.03.22 18:06:12 | 000,010,134 | R--- | M] () -- C:\Users\Bastian\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.10.28 16:34:06 | 000,018,488 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\ipi6h4b5.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\Setup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: AHCIX86S.SYS > [2010.06.23 04:43:10 | 000,210,512 | ---- | M] (Advanced Micro Devices, Inc) MD5=567D091C512084D6AE8B9416EDDA1856 -- C:\Users\Bastian\Desktop\sata2\RAID_w7\W7\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* > [2012.07.12 10:32:50 | 000,000,174 | -HS- | M] () -- C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [2011.01.09 01:13:23 | 000,002,018 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2012.08.06 14:06:53 | 000,001,236 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Plus.lnk [2011.05.02 14:11:49 | 000,001,020 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2011.08.26 03:20:34 | 000,001,056 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk < %APPDATA%\*AcroIEH*.* > < %APPDATA%\*.exe > < %APPDATA%\*.tmp > < > < End of report > |
|
11.08.2012, 19:42
| #10 |
| /// Helfer-Team | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - C:\Users\Bastian\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Bastian\AppData\Local\Temp\sfareca00001.dll ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.047
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.68\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.68\npGoogleUpdate3.dll File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016..\RunOnce: [CTPostBootSequencer] "C:\Users\Bastian\AppData\Local\Temp\CTPBSeq.exe" /reglaunch /self_destruct File not found
O4 - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Plus.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\S-1-5-21-1196053202-3206118027-2483786034-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16:64bit: - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1350df40-717e-11e0-94f0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1350df40-717e-11e0-94f0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\null.exe
O33 - MountPoints2\{74e61edd-758a-11e1-bd6d-1c6f653cf6e8}\Shell - "" = AutoRun
MsConfig:64bit - StartUpFolder: C:^Users^Bastian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ET6.lnk - C:\Windows\Installer\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}\ET6SC.exe_457D7505D6654F9591C3ECB8C56E9ACA.exe - (InstallShield Software Corp.)
MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: ivxe.exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QIP2005 - hkey= - key= - File not found
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2012.08.11 11:48:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\00etadpu.pad
[2012.03.26 17:50:10 | 000,000,000 | -HSD | M] -- C:\Users\Bastian\AppData\Roaming\.#
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
11.08.2012, 19:50
| #11 |
| | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! PC hat recht lange zum Hochfahren gebraucht. Es hat sich ein Programm mitgestartet "LS PC Rambazamba". Das ursprüngliche Problem hat sich nicht gelöst. Hier das Log edit: Habe Rambazamba runtergeschmissen, ebenso firefox firejump Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-1196053202-3206118027-2483786034-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1196053202-3206118027-2483786034-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1196053202-3206118027-2483786034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-1196053202-3206118027-2483786034-1016\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1196053202-3206118027-2483786034-1016\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1196053202-3206118027-2483786034-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "chr-greentree_ff&type=302398" removed from browser.search.param.yahoo-fr
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: unplug@compunach:2.047 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1196053202-3206118027-2483786034-1016\Software\Microsoft\Windows\CurrentVersion\RunOnce\\CTPostBootSequencer deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1196053202-3206118027-2483786034-1016\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Plus.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1196053202-3206118027-2483786034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1196053202-3206118027-2483786034-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {1ABA5FAC-1417-422B-BA82-45C35E2C908B}
C:\Windows\Downloaded Program Files\2020Player_IKEA.inf moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ABA5FAC-1417-422B-BA82-45C35E2C908B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ABA5FAC-1417-422B-BA82-45C35E2C908B}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1ABA5FAC-1417-422B-BA82-45C35E2C908B}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ABA5FAC-1417-422B-BA82-45C35E2C908B}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1196053202-3206118027-2483786034-1016\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1196053202-3206118027-2483786034-1016\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1350df40-717e-11e0-94f0-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1350df40-717e-11e0-94f0-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1350df40-717e-11e0-94f0-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1350df40-717e-11e0-94f0-806e6f6e6963}\ not found.
File E:\null.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74e61edd-758a-11e1-bd6d-1c6f653cf6e8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74e61edd-758a-11e1-bd6d-1c6f653cf6e8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\HTC Sync Loader\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ivxe.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LightScribe Control Panel\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\QIP2005\ not found.
C:\Windows\SysNative\SETB781.tmp deleted successfully.
C:\Windows\SysNative\SETFA56.tmp deleted successfully.
C:\ProgramData\00etadpu.pad moved successfully.
C:\Users\Bastian\AppData\Roaming\.# folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Bastian\Desktop\cmd.bat deleted successfully.
C:\Users\Bastian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Bastian
->Temp folder emptied: 85961251 bytes
->Temporary Internet Files folder emptied: 169374337 bytes
->Java cache emptied: 1234904 bytes
->FireFox cache emptied: 80925912 bytes
->Flash cache emptied: 38332 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: HTC
->Temporary Internet Files folder emptied: 743 bytes
->Flash cache emptied: 53637 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: UpdatusUser.Bastian-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3179651 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 7049098 bytes
Total Files Cleaned = 332,00 mb
[EMPTYFLASH]
User: All Users
User: Bastian
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: HTC
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
User: UpdatusUser.Bastian-PC
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.57.0 log created on 08112012_204526
Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File\Folder C:\Users\Bastian\AppData\Local\Temp\OICE_631FB923-101C-446B-AB16-2BB9FF113B47.0\613E7807. not found!
File\Folder C:\Users\Bastian\AppData\Local\Temp\OICE_630D8910-28F1-4C7A-9CA2-3B57C9016E7C.0\5CD5EC12. not found!
File\Folder C:\Users\Bastian\AppData\Local\Temp\OICE_3342D848-69D6-4520-BDEF-1C18F7C7FB31.0\6FD7D111. not found!
C:\Users\Bastian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\logishrd\LVPrcInj05.dll not found!
File\Folder C:\Windows\temp\logishrd\LVPrcInj06.dll not found!
PendingFileRenameOperations files...
[2009.07.15 21:39:51 | 000,000,122 | R--- | M] () E:\autorun.inf : MD5=B00D1EABC043412FD9CD13F6FE04202D
File C:\Users\Bastian\AppData\Local\Temp\OICE_631FB923-101C-446B-AB16-2BB9FF113B47.0\613E7807. not found!
File C:\Users\Bastian\AppData\Local\Temp\OICE_630D8910-28F1-4C7A-9CA2-3B57C9016E7C.0\5CD5EC12. not found!
File C:\Users\Bastian\AppData\Local\Temp\OICE_3342D848-69D6-4520-BDEF-1C18F7C7FB31.0\6FD7D111. not found!
File C:\Users\Bastian\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\logishrd\LVPrcInj05.dll not found!
File C:\Windows\temp\logishrd\LVPrcInj06.dll not found!
Registry entries deleted on Reboot...
Geändert von Ozi0815 (11.08.2012 um 20:11 Uhr) |
|
11.08.2012, 20:14
| #12 |
| /// Helfer-Team | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! Wir sind noch nicht fertig. Sehr gut!  1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
11.08.2012, 20:47
| #13 |
| | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! Ein lupenreiner PC... nur laufen tut er nicht... Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Bastian :: BASTIAN-PC [Administrator] Schutz: Aktiviert 11.08.2012 21:21:26 mbam-log-2012-08-11 (21-21-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|U:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 593320 Laufzeit: 24 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/11/2012 at 21:47:20
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Bastian - BASTIAN-PC
# Running from : C:\Users\Bastian\Desktop\adwcleaner(1).exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\ipi6h4b5.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [9857 octets] - [11/08/2012 17:38:49]
AdwCleaner[S1].txt - [10203 octets] - [11/08/2012 17:39:31]
AdwCleaner[R2].txt - [963 octets] - [11/08/2012 21:20:32]
AdwCleaner[R3].txt - [1023 octets] - [11/08/2012 21:47:14]
AdwCleaner[R4].txt - [955 octets] - [11/08/2012 21:47:20]
########## EOF - C:\AdwCleaner[R4].txt - [1082 octets] ##########
|
|
11.08.2012, 20:50
| #14 |
| /// Helfer-Team | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! Wo ist AdwCleaner[S1].txt ??
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
11.08.2012, 21:04
| #15 |
| | Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! Die ADW logfile ist doch oben gepostet? Eine [S1] File gibt es nicht, wahrscheinlich, weil es nicht das erste Mal ist, dass ich das Programm genutzt habe... Habe ADW nochmal laufen lassen und es gibt eine [S3] File, identischer Inhalt. Hier nochmal: Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/11/2012 at 21:59:17
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Bastian - BASTIAN-PC
# Running from : C:\Users\Bastian\Desktop\adwcleaner(1).exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\ipi6h4b5.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [9857 octets] - [11/08/2012 17:38:49]
AdwCleaner[S1].txt - [10203 octets] - [11/08/2012 17:39:31]
AdwCleaner[R2].txt - [963 octets] - [11/08/2012 21:20:32]
AdwCleaner[R3].txt - [1023 octets] - [11/08/2012 21:47:14]
AdwCleaner[R4].txt - [1083 octets] - [11/08/2012 21:47:20]
AdwCleaner[S2].txt - [1015 octets] - [11/08/2012 21:59:17]
########## EOF - C:\AdwCleaner[S2].txt - [1143 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 11.08.2012 22:08:33
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, U:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 11.08.2012 22:08:57
C:\Program Files (x86)\PantsOff\PantsOffHk.dll gefunden: Riskware.PSWTool.Win32.Finder.d!E1
Gescannt 888426
Gefunden 1
Scan Ende: 11.08.2012 22:28:33
Scan Zeit: 0:19:36
Code:
ATTFilter C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\ipi6h4b5.default\extensions\geekck@facebook.com.xpi JS/TrojanClicker.Agent.NCX trojan deleted - quarantined
Geändert von Ozi0815 (11.08.2012 um 21:59 Uhr) |
|
| Themen zu Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr! |
| administrator, anfänger, anti-malware, appdata, autostart, code, dateien, explorer, fehler, funktioniert, gelöscht, gereinigt, google, karte, kaspersky, lan, malwarebytes, microsoft, pup.pantsoff.passwordfinder, roaming, router, scan, speicher, system32, systemwiederherstellung, trojan.agent, wlan |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
