| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner_BNK.Win32.Keylogger.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.12.2011, 00:47
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner_BNK.Win32.Keylogger.gen Nö...Log ist unvollständig!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.12.2011, 13:17
| #17 |
 | Trojaner_BNK.Win32.Keylogger.gen Tja.....
__________________wieder mal ein 2. Versuch Code:
ATTFilter OTL logfile created on: 29.12.2011 23:44:16 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\xxxx\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 52,97% Memory free 6,21 Gb Paging File | 4,23 Gb Available in Paging File | 68,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 581,17 Gb Total Space | 354,49 Gb Free Space | 61,00% Space Free | Partition Type: NTFS Drive D: | 14,99 Gb Total Space | 2,73 Gb Free Space | 18,20% Space Free | Partition Type: FAT32 Drive E: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 14,83 Gb Total Space | 10,64 Gb Free Space | 71,78% Space Free | Partition Type: FAT32 Computer Name: LISA | User Name: xxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\xxxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Logitech\Vid HD\Vid.exe (Logitech Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\adc6081b96ada807b858bd7dd6c44b08\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\3c0633ebbeacf2d66ef3952b50568479\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b8f8841931a97c3ab2b652f13cfeb295\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\945868a5fd952dcfe3fa4904cbab936a\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7306f4ac763fc6264804397bc22226e8\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9db16bf8a565eaa6bbb182dcd147cfb6\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\18ec39f6cef17c8576736b60e0be5131\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\11a64ded5d210891688bdef1c54c26e4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\968981974b267a245b7b78393836df5a\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\34b8c9534065b074e4e5228f40310e13\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\404a37992b5c2de07993795fb48dfc65\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Users\xxxx\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll () MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Programme\Logitech\Vid HD\vpxmd.dll () MOD - C:\Programme\Logitech\Vid HD\SDL.dll () MOD - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () MOD - C:\Programme\Common Files\LogiShrd\LvApi11\LvApi11.dll () MOD - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe () MOD - C:\Programme\Logitech\Vid HD\QtNetwork4.dll () MOD - C:\Programme\Logitech\Vid HD\QtCore4.dll () MOD - C:\Programme\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Logitech\Vid HD\plugins\imageformats\qico4.dll () MOD - C:\Programme\Logitech\Vid HD\plugins\imageformats\qgif4.dll () MOD - C:\Programme\Logitech\Vid HD\QtWebKit4.dll () MOD - C:\Programme\Logitech\Vid HD\QtXml4.dll () MOD - C:\Programme\Logitech\Vid HD\QtSql4.dll () MOD - C:\Programme\Logitech\Vid HD\QtOpenGL4.dll () MOD - C:\Programme\Logitech\Vid HD\QtGui4.dll () MOD - C:\Programme\Logitech\Vid HD\phonon4.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () ========== Win32 Services (SafeList) ========== SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (LVUVC) Logitech Webcam 500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (NETGEARUHUB) -- C:\Windows\System32\drivers\NETGEARUHUB.sys (SerComm) DRV - (NETGEARUHOST) -- C:\Windows\System32\drivers\NETGEARUHOST.sys (SerComm) DRV - (NETGEARUCOMP) -- C:\Windows\System32\drivers\NETGEARUCOMP.sys (SerComm) DRV - (PCAMp50) -- C:\Windows\System32\drivers\PCAMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKLM\..\URLSearchHook: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\..\URLSearchHook: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.19 12:02:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.19 12:02:12 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010.08.28 20:30:48 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Messenger Plus Toolbar) - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Messenger Plus Toolbar) - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Toolbar) - {B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Device Detector] DevDetect.exe -autorun File not found O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7606793A-BB19-49AE-B3F3-41B45FED3179}: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8B84594-FC55-49AE-825B-BCA5D2990B10}: NameServer = 195.34.133.21,195.34.133.22 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\xxxx\AppData\Roaming\ACD Systems\ACDSee\ACD Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\xxxx\AppData\Roaming\ACD Systems\ACDSee\ACD Hintergrund.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.09.16 08:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2011.09.16 05:58:13 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{d8bba5cc-b4c9-11de-aa25-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d8bba5cc-b4c9-11de-aa25-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2011.09.16 08:07:13 | 000,054,544 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\System32\Adobe ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - wdmaud.drv (Microsoft Corporation) Drivers32: midi5 - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer5 - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo - vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32: VIDC.ACDV - ACDV.dll (ACD Systems) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - lvcodec2.dll (Logitech Inc.) Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - wdmaud.drv (Microsoft Corporation) Drivers32: wave5 - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.28 21:34:21 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{B971625A-BB02-4C84-A62B-E8833772AE34} [2011.12.28 21:33:59 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{9F7AF2F9-8FDC-40A0-B334-BE9DC89C6C4F} [2011.12.28 17:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.12.26 19:34:44 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{8EBF900B-26E0-4E68-8802-DC217D6E7F24} [2011.12.26 19:34:26 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{B9951FE2-C89B-4809-BF3D-ADF780A6BF6F} [2011.12.25 19:00:40 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{8737F213-AA94-4BEB-85FF-FEC2212349D2} [2011.12.25 19:00:29 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{3396E23C-1396-47EB-870B-1530919D582F} [2011.12.21 15:43:53 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{E232D97D-2ABA-40FF-B988-0258F18F2324} [2011.12.21 15:43:31 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{FA9601C8-12EA-4F79-AEE6-24415B77FDF2} [2011.12.18 18:32:58 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{0CC4AF84-5E76-4979-8F1C-C82EA2B7D9F4} [2011.12.18 18:32:42 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{416D8D98-8E0F-4DF2-8EA4-F56F95AF6BFD} [2011.12.16 15:13:34 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{CE1A89CC-66E2-46C4-93A6-C416E19F7311} [2011.12.16 15:13:12 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{B669AA1C-6DA9-435A-AAA9-36CD0D5E0FDA} [2011.12.13 18:57:12 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{25DB5C77-BB8B-4CBE-959B-45482D575096} [2011.12.13 18:56:50 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{8F35E9BD-F76E-485B-81E3-F43714EA8E9D} [2011.12.13 17:08:19 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{1BEBB1FF-BDD2-477F-8D63-B8DC5B90DE03} [2011.12.13 17:07:58 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{EB3074E8-B658-414D-9A7F-603F24541FBD} [2011.12.09 17:02:38 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{157D1DDC-64DA-4424-811F-1E2B92FFCCA2} [2011.12.09 17:02:17 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{0EF90309-251B-4339-B9E5-297D5227372C} [2011.12.09 16:50:07 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{0DFA5194-05B3-47FA-A970-BF08BBFF0AD0} [2011.12.09 16:49:53 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{2E448198-B33C-49A0-B5D6-9E09AF7A6A36} [2011.12.08 19:08:33 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{2B37E358-E0D1-43DF-86FA-74D89D423843} [2011.12.08 19:08:20 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{072F3E2D-DA29-44C0-BD23-9A1C008D0C48} [2011.12.08 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{5D02E47D-8895-440F-B0B6-9F8F4148A571} [2011.12.03 13:03:19 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{3A750BDD-2CD5-4F7B-AE5E-B7F99696C249} [2011.12.03 13:02:58 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{B76ABAE1-AB29-43D4-A8DB-97DAFCFA4A66} [2011.12.02 14:45:04 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{714F7CD5-3737-467C-8BDE-AB3FC91C7C17} [2011.12.02 14:44:43 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{37A57628-5ACB-4381-BC42-58BA6753DA63} [2011.12.01 19:54:43 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{65BD1F10-AA53-44A2-A6F5-C63616EEE775} [2011.12.01 19:54:32 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{763E561A-08D9-442F-90FB-298AE05B8799} ========== Files - Modified Within 30 Days ========== [2011.12.29 23:10:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.29 22:20:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.29 22:20:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.29 16:26:47 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.29 16:26:47 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.29 16:26:47 | 000,127,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.29 16:26:47 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.29 16:21:01 | 000,086,525 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.12.29 16:20:40 | 000,086,525 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.12.29 16:20:39 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.29 16:20:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.29 16:20:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.12.29 16:20:20 | 3220,385,792 | -HS- | M] () -- C:\hiberfil.sys [2011.12.27 13:18:24 | 000,013,074 | -HS- | M] () -- C:\Users\xxxx\AppData\Local\2f34s54wg8g45fha41046iv1f8x1xvnb7u71q2k0x [2011.12.27 13:18:24 | 000,013,074 | -HS- | M] () -- C:\ProgramData\2f34s54wg8g45fha41046iv1f8x1xvnb7u71q2k0x [2011.12.27 12:12:49 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.26 21:27:01 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.12.26 21:27:01 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.12.26 21:26:52 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.12.26 17:43:22 | 000,000,104 | ---- | M] () -- C:\Users\xxxx\Documents\Computer - Verknüpfung.lnk [2011.12.16 14:35:38 | 000,430,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.12.26 21:26:52 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.12.26 19:56:52 | 000,013,074 | -HS- | C] () -- C:\Users\xxxx\AppData\Local\2f34s54wg8g45fha41046iv1f8x1xvnb7u71q2k0x [2011.12.26 19:56:52 | 000,013,074 | -HS- | C] () -- C:\ProgramData\2f34s54wg8g45fha41046iv1f8x1xvnb7u71q2k0x [2011.12.26 17:43:22 | 000,000,104 | ---- | C] () -- C:\Users\xxxx\Documents\Computer - Verknüpfung.lnk [2011.10.25 17:25:19 | 000,000,680 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat [2011.08.04 11:58:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Application Support [2011.08.04 11:58:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Application [2011.08.04 11:58:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Applause and Laugher [2011.08.04 11:58:00 | 000,000,268 | RH-- | C] () -- C:\Users\xxxx\AppData\Roaming\Analog Sync [2011.08.04 11:58:00 | 000,000,268 | RH-- | C] () -- C:\Users\xxxx\AppData\Roaming\Analog Swirl [2011.08.04 11:58:00 | 000,000,268 | RH-- | C] () -- C:\Users\xxxx\AppData\Roaming\Analog Pad [2011.08.04 11:58:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.08.04 11:58:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.08.04 11:58:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.04.16 16:08:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.04.16 16:08:25 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.03.08 13:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.02.13 11:43:46 | 000,020,480 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.02 16:21:23 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat [2010.08.30 18:01:39 | 001,584,053 | ---- | C] () -- C:\Windows\Restaurant Empire II Uninstaller.exe [2010.08.03 14:46:09 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.07.07 13:44:56 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010.07.07 13:44:30 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.07.07 13:44:20 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.05.19 11:53:30 | 000,225,313 | ---- | C] () -- C:\Windows\hpoins40.dat [2010.01.22 16:38:50 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.01.22 16:38:50 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.01.16 10:49:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.01.16 10:43:03 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.01.16 10:24:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.01.02 19:43:49 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat.temp [2009.12.27 12:20:11 | 000,023,239 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\UserTile.png [2009.10.07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.08.11 10:48:47 | 000,000,042 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2009.08.11 10:47:54 | 000,086,525 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.11 10:47:53 | 000,086,525 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.30 07:19:35 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.07.29 11:33:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.29 11:32:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.29 10:45:55 | 000,014,713 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2009.07.28 19:36:51 | 000,632,014 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.28 19:36:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.28 19:36:51 | 000,127,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.28 19:36:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.28 09:49:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.05.22 11:04:30 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,430,328 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,598,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.03.21 15:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL ========== LOP Check ========== [2010.01.16 10:29:44 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ACD Systems [2010.08.23 16:16:28 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Janes Realty2 [2010.08.03 14:46:59 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Leadertech [2011.08.04 12:02:05 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Nikon [2011.10.28 18:19:34 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\OpenOffice.org [2011.10.22 13:26:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Origin [2011.11.15 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PhotoScape [2010.06.02 14:00:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PlayFirst [2011.04.16 16:04:02 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Samsung [2010.08.19 11:01:41 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Windows Live Writer [2011.12.29 11:45:29 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.16 10:29:44 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ACD Systems [2010.01.23 10:09:29 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Adobe [2010.10.31 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Apple Computer [2011.09.11 16:43:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\AVS4YOU [2010.08.02 12:59:31 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Corel [2009.12.31 20:10:55 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\CyberLink [2011.06.12 19:44:08 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Google [2010.05.19 12:06:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HP [2009.10.09 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Identities [2010.01.28 13:58:15 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\InstallShield [2010.08.23 16:16:28 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Janes Realty2 [2010.08.03 14:46:59 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Leadertech [2009.10.09 13:10:18 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Macromedia [2010.08.27 18:21:08 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Media Center Programs [2011.04.16 17:13:39 | 000,000,000 | --SD | M] -- C:\Users\xxxx\AppData\Roaming\Microsoft [2010.05.02 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Microsoft Games [2011.08.04 12:02:05 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Nikon [2011.10.28 18:19:34 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\OpenOffice.org [2011.10.22 13:26:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Origin [2011.11.15 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PhotoScape [2010.06.02 14:00:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PlayFirst [2011.04.16 16:04:02 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Samsung [2010.08.19 11:01:41 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Windows Live Writer < %APPDATA%\*.exe /s > [2010.09.24 07:25:14 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\xxxx\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.09.12 18:25:26 | 003,127,456 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\xxxx\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2011.02.23 15:36:53 | 000,010,134 | R--- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe [2011.08.12 10:29:11 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\xxxx\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe [2010.08.30 18:50:32 | 003,690,152 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Restaurant Empire II\RE2_German_patch_v101.exe [2011.03.18 02:18:32 | 077,557,544 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe [2011.06.05 09:17:32 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe [2011.03.17 22:07:08 | 000,075,688 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\DriverChecker.exe [2011.03.17 22:07:14 | 000,896,912 | ---- | M] (Samsung) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe [2011.03.17 22:07:10 | 000,277,424 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2011.03.17 22:07:14 | 000,040,888 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesMobileDeviceService.exe [2011.03.17 22:07:16 | 003,373,456 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2011.03.17 22:07:18 | 000,208,280 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\lame.exe [2011.03.17 22:07:22 | 000,195,992 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\oggenc.exe [2011.03.08 13:41:52 | 000,146,832 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe [2011.03.08 13:41:52 | 000,287,120 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2011.03.08 13:41:54 | 000,651,152 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2011.03.17 22:07:38 | 000,026,536 | ---- | M] (Teruten Inc) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FsExService64.exe [2011.03.17 22:07:44 | 000,223,144 | ---- | M] (Teruten) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FsUsbExService.exe [2011.03.17 22:07:46 | 000,143,272 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FUSBCommander.exe [2011.03.17 22:07:50 | 000,113,064 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\HSPConnection.exe [2011.03.17 22:07:52 | 000,067,496 | ---- | M] (Samsung) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2011.03.17 22:07:18 | 000,131,984 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2011.03.17 22:07:00 | 000,019,872 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2011.03.17 22:07:20 | 004,661,464 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2011.03.17 22:07:56 | 000,227,224 | ---- | M] (ENJsoft corp.) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\SelfMV.exe [2011.03.17 22:08:00 | 000,067,480 | ---- | M] (ENJsoft corp.) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\SelfMV2.exe [2011.03.17 22:08:04 | 000,079,768 | ---- | M] (ENJsoft corp.) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\TG_CAM.exe [2011.03.10 09:29:48 | 020,638,056 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2011.11.08 11:11:58 | 000,392,080 | ---- | M] (ml) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\temp\Kies.Update.exe [2011.11.08 11:11:58 | 000,392,080 | ---- | M] (ml) -- C:\Users\xxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\drivers\nvstor32.sys [2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_d87a3a1f\nvstor32.sys < MD5 for: SCECLI.DLL > [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Files - Unicode (All) ========== [2011.12.08 17:23:15 | 000,016,360 | ---- | M] ()(C:\Users\xxxx\Documents\Zitate etc ?.docx) -- C:\Users\xxxx\Documents\Zitate etc ♥.docx [2011.12.08 17:23:15 | 000,016,360 | ---- | C] ()(C:\Users\xxxx\Documents\Zitate etc ?.docx) -- C:\Users\xxxx\Documents\Zitate etc ♥.docx < End of report >  |
|
30.12.2011, 19:18
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_BNK.Win32.Keylogger.gen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKLM\..\URLSearchHook: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
IE - HKCU\..\URLSearchHook: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Messenger Plus Toolbar) - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Messenger Plus Toolbar) - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Toolbar) - {B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.09.16 08:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011.09.16 05:58:13 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{d8bba5cc-b4c9-11de-aa25-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d8bba5cc-b4c9-11de-aa25-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2011.09.16 08:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
[2011.12.27 13:18:24 | 000,013,074 | -HS- | M] () -- C:\Users\xxxx\AppData\Local\2f34s54wg8g45fha41046iv1f8x1xvnb7u71q2k0x
[2011.12.27 13:18:24 | 000,013,074 | -HS- | M] () -- C:\ProgramData\2f34s54wg8g45fha41046iv1f8x1xvnb7u71q2k0x
[2010.01.02 19:43:49 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat.temp
:Files
C:\Users\xxxx\AppData\Local\{*
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
30.12.2011, 20:55
| #19 |
| | Trojaner_BNK.Win32.Keylogger.gen Hallo Arne, hier das log von OTL Fix Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\ deleted successfully.
C:\Programme\Messenger_Plus\prxtbMess.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\ not found.
File C:\Programme\Messenger_Plus\prxtbMess.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\ deleted successfully.
C:\Programme\Windows Live\Companion\companioncore.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\ not found.
File C:\Programme\Messenger_Plus\prxtbMess.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Programme\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\ not found.
File C:\Programme\Messenger_Plus\prxtbMess.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B760D5A4-8D24-4CB6-942E-D6BB540AD88C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B760D5A4-8D24-4CB6-942E-D6BB540AD88C}\ not found.
File C:\Programme\Messenger_Plus\prxtbMess.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8bba5cc-b4c9-11de-aa25-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8bba5cc-b4c9-11de-aa25-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8bba5cc-b4c9-11de-aa25-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8bba5cc-b4c9-11de-aa25-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
C:\Users\xxxx\AppData\Local\2f34s54wg8g45fha41046iv1f8x1xvnb7u71q2k0x moved successfully.
C:\ProgramData\2f34s54wg8g45fha41046iv1f8x1xvnb7u71q2k0x moved successfully.
C:\Windows\hpomdl40.dat.temp moved successfully.
========== FILES ==========
C:\Users\xxxx\AppData\Local\{01AECE22-ED53-44B8-B0DD-7BCAB9CEF400} folder moved successfully.
C:\Users\xxxx\AppData\Local\{01BF2CBA-37ED-4504-A68A-D210ED2BE4C6} folder moved successfully.
C:\Users\xxxx\AppData\Local\{0258F160-4347-461C-88B6-DA055EADC5CF} folder moved successfully.
C:\Users\xxxx\AppData\Local\{02FCB851-2C71-4B83-A38D-998691EF4801} folder moved successfully.
C:\Users\xxxx\AppData\Local\{035100D5-413D-4591-A890-2948EF604BC8} folder moved successfully.
C:\Users\xxxx\AppData\Local\{04918CCC-E981-4372-8DC2-FE927890EBD2} folder moved successfully.
C:\Users\xxxx\AppData\Local\{04ECA444-86F9-44D4-AFC2-72E21B958C30} folder moved successfully.
C:\Users\xxxx\AppData\Local\{05032138-57D5-4131-8B06-DE2FDAB64622} folder moved successfully.
C:\Users\xxxx\AppData\Local\{05503222-41BE-4FD8-AAE3-A2C7181419BF} folder moved successfully.
C:\Users\xxxx\AppData\Local\{05B02808-186F-4325-874F-583A9F89A468} folder moved successfully.
C:\Users\xxxx\AppData\Local\{06FC5F96-62CB-4201-B686-E9240F706461} folder moved successfully.
C:\Users\xxxx\AppData\Local\{071B52DD-B49C-4D58-9A74-C678B00F1C93} folder moved successfully.
C:\Users\xxxx\AppData\Local\{072F3E2D-DA29-44C0-BD23-9A1C008D0C48} folder moved successfully.
C:\Users\xxxx\AppData\Local\{088DF574-D603-46D9-B239-B4208A374BA1} folder moved successfully.
C:\Users\xxxx\AppData\Local\{08B26C19-1ABF-453F-B0F6-43585A3D72F5} folder moved successfully.
C:\Users\xxxx\AppData\Local\{08D19CD0-B186-4417-A186-6E0CC7A7116C} folder moved successfully.
C:\Users\xxxx\AppData\Local\{09ECA33A-74D3-4560-85AC-3FD8B735A481} folder moved successfully.
C:\Users\xxxx\AppData\Local\{0AFDC209-A092-426A-A7E2-13EE1468060C} folder moved successfully.
C:\Users\xxxx\AppData\Local\{0CC4AF84-5E76-4979-8F1C-C82EA2B7D9F4} folder moved successfully.
C:\Users\xxxx\AppData\Local\{0DFA5194-05B3-47FA-A970-BF08BBFF0AD0} folder moved successfully.
C:\Users\xxxx\AppData\Local\{0EF90309-251B-4339-B9E5-297D5227372C} folder moved successfully.
C:\Users\xxxx\AppData\Local\{0F97170C-02C1-4CB6-BDD9-0DF4ABF76CBC} folder moved successfully.
C:\Users\xxxx\AppData\Local\{10547E21-BC0B-48F3-8720-7710DA02F67E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{1300445B-8F52-442E-A816-876C696D5416} folder moved successfully.
C:\Users\xxxx\AppData\Local\{1316808B-B360-4E73-8198-8969C1E97B73} folder moved successfully.
C:\Users\xxxx\AppData\Local\{1365A7A3-56A7-4F36-AD84-BD1F42DDC570} folder moved successfully.
C:\Users\xxxx\AppData\Local\{13BBDA97-76FC-491C-AB93-807311F325B5} folder moved successfully.
C:\Users\xxxx\AppData\Local\{14810203-D206-4FB2-9C6A-FF2949C36A63} folder moved successfully.
C:\Users\xxxx\AppData\Local\{155B8059-7FFC-4059-A55A-9874B12C0354} folder moved successfully.
C:\Users\xxxx\AppData\Local\{157D1DDC-64DA-4424-811F-1E2B92FFCCA2} folder moved successfully.
C:\Users\xxxx\AppData\Local\{15BF9938-A64A-48FA-99CA-9896332C7E3D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{160BD0EE-8207-4AB7-908C-3D7DA4B13ED7} folder moved successfully.
C:\Users\xxxx\AppData\Local\{1971C696-E5D0-4C73-B0DC-4352B8A7E422} folder moved successfully.
C:\Users\xxxx\AppData\Local\{19E7DFDC-53A4-47BF-85AF-2B3907ED7614} folder moved successfully.
C:\Users\xxxx\AppData\Local\{19ECEA1B-A6E3-41B4-9134-1CA27F37AE9B} folder moved successfully.
C:\Users\xxxx\AppData\Local\{1AF58CD3-1F53-4A19-B349-1E786AFF31AF} folder moved successfully.
C:\Users\xxxx\AppData\Local\{1B3AAC02-D829-4F80-9F9D-841987108B62} folder moved successfully.
C:\Users\xxxx\AppData\Local\{1B5D2067-DD76-4C1A-AA1D-3EA81AA301C7} folder moved successfully.
C:\Users\xxxx\AppData\Local\{1BEBB1FF-BDD2-477F-8D63-B8DC5B90DE03} folder moved successfully.
C:\Users\xxxx\AppData\Local\{1C55F796-C39A-49D8-BE3E-8C0C7BE247C0} folder moved successfully.
C:\Users\xxxx\AppData\Local\{1DE607F4-C587-41B7-9456-A2848F6FC965} folder moved successfully.
C:\Users\xxxx\AppData\Local\{1E62470A-E239-44A7-A6E2-DECE5DA5DD96} folder moved successfully.
C:\Users\xxxx\AppData\Local\{1F540EFB-25AF-49F8-9D28-2DF96421D8DF} folder moved successfully.
C:\Users\xxxx\AppData\Local\{2109AABC-3310-4AA7-ABC7-13495CD91FBC} folder moved successfully.
C:\Users\xxxx\AppData\Local\{22779E20-FC5C-4BB3-BC62-6F3E3BEF4306} folder moved successfully.
C:\Users\xxxx\AppData\Local\{23509888-2732-4607-9856-D41028CA885C} folder moved successfully.
C:\Users\xxxx\AppData\Local\{2586AC9C-75A2-4179-8D55-AFA542E17749} folder moved successfully.
C:\Users\xxxx\AppData\Local\{25B97C16-CB71-4A49-BC85-37C7E8118F69} folder moved successfully.
C:\Users\xxxx\AppData\Local\{25DB5C77-BB8B-4CBE-959B-45482D575096} folder moved successfully.
C:\Users\xxxx\AppData\Local\{27480F1F-A87B-4FE6-BF64-D184EBB443EE} folder moved successfully.
C:\Users\xxxx\AppData\Local\{291F4D43-EF43-49F6-9C0C-15FA746E59E3} folder moved successfully.
C:\Users\xxxx\AppData\Local\{29EDD68A-A127-4461-81E7-4B91CE297346} folder moved successfully.
C:\Users\xxxx\AppData\Local\{2B37E358-E0D1-43DF-86FA-74D89D423843} folder moved successfully.
C:\Users\xxxx\AppData\Local\{2BDBE330-642E-492D-9147-5B36284FCF5C} folder moved successfully.
C:\Users\xxxx\AppData\Local\{2C448A2E-2854-4FEE-B2D0-D10C4DDEAA4D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{2CFDB68B-CBF6-4A29-B5F2-06BEADD49247} folder moved successfully.
C:\Users\xxxx\AppData\Local\{2D5D3073-A6C8-4FDE-B992-BD3732A1B0DA} folder moved successfully.
C:\Users\xxxx\AppData\Local\{2E40CEAC-6A1F-41E4-993B-76AB7C3844DD} folder moved successfully.
C:\Users\xxxx\AppData\Local\{2E448198-B33C-49A0-B5D6-9E09AF7A6A36} folder moved successfully.
C:\Users\xxxx\AppData\Local\{2E5DD9A1-D9FA-4C8B-8F2D-4821959BFCFD} folder moved successfully.
C:\Users\xxxx\AppData\Local\{2FD24393-9416-4ADD-974A-069B4F9BEA19} folder moved successfully.
C:\Users\xxxx\AppData\Local\{2FDAFA30-EBC0-4E24-8FA0-D3851552198E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{301CAA86-6533-4164-8D67-D444ABBB52EA} folder moved successfully.
C:\Users\xxxx\AppData\Local\{3050FECE-14A1-44A2-9000-DCE23F223441} folder moved successfully.
C:\Users\xxxx\AppData\Local\{30826EC2-4063-4564-9442-E9C200CBD0D0} folder moved successfully.
C:\Users\xxxx\AppData\Local\{30B393BC-7582-46FD-9EC2-F7B87AD7E301} folder moved successfully.
C:\Users\xxxx\AppData\Local\{30C24753-6B4A-464B-82E1-4DA15494CD4D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{326AC6FE-0843-4CAD-90CB-65DEB2603E9B} folder moved successfully.
C:\Users\xxxx\AppData\Local\{3396E23C-1396-47EB-870B-1530919D582F} folder moved successfully.
C:\Users\xxxx\AppData\Local\{33B9B96B-F170-493C-93EB-E2F979DEFB48} folder moved successfully.
C:\Users\xxxx\AppData\Local\{34A74112-71B2-45CC-AAEE-D5068885D735} folder moved successfully.
C:\Users\xxxx\AppData\Local\{350462A2-161E-4DBA-B1C3-323F6C7A8569} folder moved successfully.
C:\Users\xxxx\AppData\Local\{37058AF5-6214-4E3B-B4D1-B2C504D11229} folder moved successfully.
C:\Users\xxxx\AppData\Local\{37A57628-5ACB-4381-BC42-58BA6753DA63} folder moved successfully.
C:\Users\xxxx\AppData\Local\{38E68B2A-314F-4C00-84D4-E309EC1EE187} folder moved successfully.
C:\Users\xxxx\AppData\Local\{38EB3A51-EEFE-4CA8-8E96-F7AC96CA63A7} folder moved successfully.
C:\Users\xxxx\AppData\Local\{38EDA774-199B-4E3F-8A4B-022E2A124375} folder moved successfully.
C:\Users\xxxx\AppData\Local\{394BD2E2-92D2-4CD7-991E-902A2FEB694D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{3983D8B0-8E39-40C9-9091-8AC0BB668799} folder moved successfully.
C:\Users\xxxx\AppData\Local\{39C2868E-4E2A-451E-94EA-33B718052F5A} folder moved successfully.
C:\Users\xxxx\AppData\Local\{39E11262-6EE0-48A6-866C-46980011E1C6} folder moved successfully.
C:\Users\xxxx\AppData\Local\{3A4DD815-F6F7-4896-B012-33A18D2DF325} folder moved successfully.
C:\Users\xxxx\AppData\Local\{3A750BDD-2CD5-4F7B-AE5E-B7F99696C249} folder moved successfully.
C:\Users\xxxx\AppData\Local\{3A7F6234-942A-4BF8-832C-1F8290CFE236} folder moved successfully.
C:\Users\xxxx\AppData\Local\{3D9E074E-DB3F-4893-914F-591B178FFD9D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{3E140250-6653-426C-8A6A-EE942FF770B1} folder moved successfully.
C:\Users\xxxx\AppData\Local\{3FA875A1-AA62-4DFF-A5F8-2BBB41C5D786} folder moved successfully.
C:\Users\xxxx\AppData\Local\{40AD6C74-51EF-438A-B7F8-80B75111C6A7} folder moved successfully.
C:\Users\xxxx\AppData\Local\{40CA34EB-A797-438F-908F-F35960E51E2E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{41138944-10CB-4DFC-A1AB-AF26C2F4EE64} folder moved successfully.
C:\Users\xxxx\AppData\Local\{411A551D-0150-42F3-AA6F-2EFB4726DF65} folder moved successfully.
C:\Users\xxxx\AppData\Local\{416D8D98-8E0F-4DF2-8EA4-F56F95AF6BFD} folder moved successfully.
C:\Users\xxxx\AppData\Local\{419D21E1-E5BA-4F51-8FE0-0D494F416F4F} folder moved successfully.
C:\Users\xxxx\AppData\Local\{42AE4F5D-3982-4515-A0BD-FA5B504B553E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{43257AED-8CC0-4AB3-B9ED-48F92314475E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{43B41A65-FFA1-4F3D-91FC-7359176774C1} folder moved successfully.
C:\Users\xxxx\AppData\Local\{48151432-BCDE-4EA2-AA09-A2DBCB9EEE2E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{4BC735FB-7911-4686-9EB8-3402BA52F297} folder moved successfully.
C:\Users\xxxx\AppData\Local\{4C6A3209-EA27-4C8C-B673-4A6227C66845} folder moved successfully.
C:\Users\xxxx\AppData\Local\{4D449559-837D-4F1F-95CA-8510DBA25FF5} folder moved successfully.
C:\Users\xxxx\AppData\Local\{50F7D722-4BE8-4F5D-9C0C-833DCDD1DF01} folder moved successfully.
C:\Users\xxxx\AppData\Local\{516A986D-8E37-4575-BA0E-616D062F2290} folder moved successfully.
C:\Users\xxxx\AppData\Local\{5244A0EB-0EC8-4721-92A3-8059BC6AF457} folder moved successfully.
C:\Users\xxxx\AppData\Local\{526109A3-14C5-428D-BB20-96DBA1F7252A} folder moved successfully.
C:\Users\xxxx\AppData\Local\{5308E873-C428-4C8D-9227-772AAC645624} folder moved successfully.
C:\Users\xxxx\AppData\Local\{5487F30F-6075-4366-BF2E-E1302E6008EE} folder moved successfully.
C:\Users\xxxx\AppData\Local\{5633C76E-C57F-471F-A344-978E084F0931} folder moved successfully.
C:\Users\xxxx\AppData\Local\{5B9594EA-74FE-4C94-8BB5-8C7553FB6AD4} folder moved successfully.
C:\Users\xxxx\AppData\Local\{5D02E47D-8895-440F-B0B6-9F8F4148A571} folder moved successfully.
C:\Users\xxxx\AppData\Local\{5D507DC3-223E-4444-99BF-31CE5E59F62E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{5E13899E-97CF-4984-A0A1-CCA3FBE9E718} folder moved successfully.
C:\Users\xxxx\AppData\Local\{5ED83471-3FEC-4ECE-B419-70A819447F46} folder moved successfully.
C:\Users\xxxx\AppData\Local\{60212648-8D0B-416B-B932-53687550ABF4} folder moved successfully.
C:\Users\xxxx\AppData\Local\{61B2F8E7-703C-450E-BCF0-B89298386569} folder moved successfully.
C:\Users\xxxx\AppData\Local\{61D03258-2F71-48CF-91DA-998A3ACA267A} folder moved successfully.
C:\Users\xxxx\AppData\Local\{637217B2-D7A9-4819-B715-23717E23E7CD} folder moved successfully.
C:\Users\xxxx\AppData\Local\{63FDA160-683F-4839-A6A6-C867EC23A142} folder moved successfully.
C:\Users\xxxx\AppData\Local\{64F21396-2FA2-460B-8547-EF16E469F65E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{65021EB9-66BA-4C2A-8913-1188145590AF} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6503A499-792E-419F-A87F-EFA29B537BF9} folder moved successfully.
C:\Users\xxxx\AppData\Local\{65043D43-5BB1-464E-98DA-9F5A32F7D260} folder moved successfully.
C:\Users\xxxx\AppData\Local\{658D16AF-0AA5-451A-9B70-DEEF1ABECBD7} folder moved successfully.
C:\Users\xxxx\AppData\Local\{65BD1F10-AA53-44A2-A6F5-C63616EEE775} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6825AC72-9C43-4B92-A965-88E1AFAA47DE} folder moved successfully.
C:\Users\xxxx\AppData\Local\{68E03964-2208-414C-9A6F-36E1A351BC8C} folder moved successfully.
C:\Users\xxxx\AppData\Local\{692F6507-C969-4349-9349-C859B2A50A19} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6AD16545-027D-43FC-BFCF-BC5B04864ACF} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6B85AFC4-9AD1-493C-A9C1-69E5F84EFBC1} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6BA15EA7-C037-475E-BAB3-D8835FD8BE8D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6CA226FC-300B-4512-A11F-04E82B190357} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6CD35634-4D27-4FB9-B09E-EC37B45F0E84} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6D329D5C-D092-4E28-B025-35EAB6B3D5B3} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6D42D067-4A4C-4D75-9274-B753C2591F64} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6E1C2D22-2ED6-4AF4-B33F-159C80FAFED3} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6EAA7925-6B78-4347-A103-83E037F1AAC0} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6EB2F40F-D8D5-436F-ACF0-ABBE20F95E43} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6F68A74B-EA04-4F53-8778-A1F6CA6DBE05} folder moved successfully.
C:\Users\xxxx\AppData\Local\{6F9D6DF1-A55A-4BDA-9B15-774C71C921EF} folder moved successfully.
C:\Users\xxxx\AppData\Local\{701636DA-C45B-4852-9A5C-8EAB1D61235E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{71125D24-A832-44D6-A703-BCEC5F6F7569} folder moved successfully.
C:\Users\xxxx\AppData\Local\{714F7CD5-3737-467C-8BDE-AB3FC91C7C17} folder moved successfully.
C:\Users\xxxx\AppData\Local\{73FF1BEC-F211-4A07-84A4-02C13FD3451A} folder moved successfully.
C:\Users\xxxx\AppData\Local\{7583E5CB-689E-4A8F-AEF3-CFCBDD876E31} folder moved successfully.
C:\Users\xxxx\AppData\Local\{75D6512A-061A-462E-9D36-13F89CDD065D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{763E561A-08D9-442F-90FB-298AE05B8799} folder moved successfully.
C:\Users\xxxx\AppData\Local\{7763F14B-11F6-42CB-97DC-B52A94FBCBCF} folder moved successfully.
C:\Users\xxxx\AppData\Local\{77AF870A-E79D-4A63-AEC7-53192F7D86E9} folder moved successfully.
C:\Users\xxxx\AppData\Local\{780D7F27-BCED-4892-8A6F-37B0A1E5F12D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{7AAD0493-1281-462A-A215-3017E42BCCD1} folder moved successfully.
C:\Users\xxxx\AppData\Local\{7BE93069-6D68-47E1-9F35-34654DC0F574} folder moved successfully.
C:\Users\xxxx\AppData\Local\{7C274F64-CB6F-481E-A4FF-D179781BBB8E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{7C9D901C-AF0C-46EE-A0D3-CEA897FA3967} folder moved successfully.
C:\Users\xxxx\AppData\Local\{7DF14A7F-E1B4-40D8-BB18-BF9EED9D735E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{7E4EEDF2-2084-4F64-9067-7EE778A681A0} folder moved successfully.
C:\Users\xxxx\AppData\Local\{7E65E064-1ABC-4AE3-AD13-E40E7C04A0F1} folder moved successfully.
C:\Users\xxxx\AppData\Local\{7E720489-8153-41BD-B61E-3197AA309925} folder moved successfully.
C:\Users\xxxx\AppData\Local\{7F4A8117-29F9-4D60-8D59-BCDEF88BD6EB} folder moved successfully.
C:\Users\xxxx\AppData\Local\{8148905C-B1DB-4BB4-989D-35F799927009} folder moved successfully.
C:\Users\xxxx\AppData\Local\{814913D6-2CD6-4FBB-B874-865350D3EF9B} folder moved successfully.
C:\Users\xxxx\AppData\Local\{82960766-8D33-4CE4-861E-7CD06E8C62CC} folder moved successfully.
C:\Users\xxxx\AppData\Local\{82B061CF-962C-4F3C-B3FA-2064BF451EDD} folder moved successfully.
C:\Users\xxxx\AppData\Local\{82D0B111-ED14-455C-8357-485600F80994} folder moved successfully.
C:\Users\xxxx\AppData\Local\{8327D558-00E8-40E5-90EB-4CE18FDA6C32} folder moved successfully.
C:\Users\xxxx\AppData\Local\{8375D5B2-744A-4F32-B7E6-02016CD307D2} folder moved successfully.
C:\Users\xxxx\AppData\Local\{85285554-2745-4E3C-8AB7-81B182FA92B9} folder moved successfully.
C:\Users\xxxx\AppData\Local\{852DFDD6-91FA-477F-8C5C-A94740081E4C} folder moved successfully.
C:\Users\xxxx\AppData\Local\{857A30DF-AFB2-40A8-BE9E-9E41E8C7A861} folder moved successfully.
C:\Users\xxxx\AppData\Local\{87015551-DE67-4933-9ED5-5CBDF892A598} folder moved successfully.
C:\Users\xxxx\AppData\Local\{8720A02A-8406-4C28-9BE6-54A14E09F365} folder moved successfully.
C:\Users\xxxx\AppData\Local\{8737F213-AA94-4BEB-85FF-FEC2212349D2} folder moved successfully.
C:\Users\xxxx\AppData\Local\{884B80AA-0F87-4A49-9CC6-182FEB3A3E7D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{884BA7A7-2CD7-487B-BAB3-BE7CBFD39598} folder moved successfully.
C:\Users\xxxx\AppData\Local\{88812AE4-9EF4-41C9-90E0-9F886A74196F} folder moved successfully.
C:\Users\xxxx\AppData\Local\{8B464684-BE01-44E0-A665-20488043B027} folder moved successfully.
C:\Users\xxxx\AppData\Local\{8BB62541-4634-43F9-BE01-EC5A40371DAA} folder moved successfully.
C:\Users\xxxx\AppData\Local\{8BDBE06B-13F9-49C2-B132-EC48F07BA1E5} folder moved successfully.
C:\Users\xxxx\AppData\Local\{8C07267F-2071-409F-A678-8E6CE43A9754} folder moved successfully.
C:\Users\xxxx\AppData\Local\{8DEC84C2-27E6-49CE-A609-6250F549BE87} folder moved successfully.
C:\Users\xxxx\AppData\Local\{8EBF900B-26E0-4E68-8802-DC217D6E7F24} folder moved successfully.
C:\Users\xxxx\AppData\Local\{8F35E9BD-F76E-485B-81E3-F43714EA8E9D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{90940503-DA3E-4F86-AE3C-7D492D0832E0} folder moved successfully.
C:\Users\xxxx\AppData\Local\{9160032A-F0EB-4585-A818-A776D6A91B1B} folder moved successfully.
C:\Users\xxxx\AppData\Local\{91B9F509-00C0-4775-B71F-10B807CEC152} folder moved successfully.
C:\Users\xxxx\AppData\Local\{92C2368F-7856-4F70-851C-EDD1E11F9FA3} folder moved successfully.
C:\Users\xxxx\AppData\Local\{93635045-BF6E-4007-9BB2-9D52E7F64095} folder moved successfully.
C:\Users\xxxx\AppData\Local\{94BE3B1B-0C7F-4414-8C8D-14F76B2278E4} folder moved successfully.
C:\Users\xxxx\AppData\Local\{96B81507-6416-4B82-8D50-589871319ED4} folder moved successfully.
C:\Users\xxxx\AppData\Local\{978F5948-0926-414D-87A4-D2C6AE4168E4} folder moved successfully.
C:\Users\xxxx\AppData\Local\{9A99EA24-6123-4C7F-AD4B-12A5AF7511FE} folder moved successfully.
C:\Users\xxxx\AppData\Local\{9B0EB951-C5F1-411E-BBC3-2DB3A041D95F} folder moved successfully.
C:\Users\xxxx\AppData\Local\{9D1A054B-BA9A-4E21-8A20-ECC58CF8D4A0} folder moved successfully.
C:\Users\xxxx\AppData\Local\{9DE4A06C-8FBF-479E-82FD-4AD8901EC3F6} folder moved successfully.
C:\Users\xxxx\AppData\Local\{9EE5C2EA-3D80-462D-9031-E00D4E1B9EFE} folder moved successfully.
C:\Users\xxxx\AppData\Local\{9F7AF2F9-8FDC-40A0-B334-BE9DC89C6C4F} folder moved successfully.
C:\Users\xxxx\AppData\Local\{9F7D48F3-9C55-4B5D-B411-EB7A53E61A7C} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A01DE55D-9333-451D-B47E-21B7E9D95A40} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A03CBA4F-15B7-41E0-87B5-E104A0B8E26C} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A0AB2361-BD0D-4A94-BBA2-89DFE04CD2D3} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A0BEBD51-9D62-4E08-BCD6-7C96312AB850} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A15A1BF5-D7BA-42C1-B913-913DD0D21299} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A239FD42-E290-4EFB-AD57-5486988FC283} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A243DE12-AD8B-4D09-B5F0-9719822A128B} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A33B276B-D5A9-4E66-A9CF-75339E8C2634} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A3535437-6657-4B48-A45A-43F78A39A5D1} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A4356A6D-D3C1-421C-81D5-F67328509C74} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A5DF179D-BBD5-42F7-A422-FA81FD3BCA1F} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A6139ED5-2098-4D2E-945D-E8D2FE015A31} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A61B63F6-8EDB-4FF6-931B-BFEAC5B4ADAB} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A6398346-EB80-42B2-896F-E812AF9CB45A} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A658D079-A6D8-4580-B313-90FEC0CAFF22} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A6E027F7-9D23-4C79-A873-EBF15ADE6FAB} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A75878C8-D027-4CF1-ACF3-86AF8170C7C6} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A7956F6C-23F6-4DDF-BB0B-A7A290804C27} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A7CCBCEF-1A90-4278-B1C0-58556BC8C214} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A7CED0FC-7E6C-4B8C-B162-288012D96511} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A7F03E77-887B-4348-9B8A-0971584C8BF8} folder moved successfully.
C:\Users\xxxx\AppData\Local\{A91BF777-7E82-4DD2-B79B-9FDE053302AA} folder moved successfully.
C:\Users\xxxx\AppData\Local\{AA70CB0A-1B80-4F8C-94BF-998C6D656131} folder moved successfully.
C:\Users\xxxx\AppData\Local\{AAD312E6-A4BE-4336-8C83-E440C2C85236} folder moved successfully.
C:\Users\xxxx\AppData\Local\{AAFBD576-E686-4E0E-96EC-55C8D5BC483D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{ACB90D52-59C2-4EE5-B532-8C91AD41457A} folder moved successfully.
C:\Users\xxxx\AppData\Local\{ADC5821E-FD90-4331-B408-B3B0AA7D0954} folder moved successfully.
C:\Users\xxxx\AppData\Local\{B2F0420C-D9F7-4547-961B-BBD95AB040EC} folder moved successfully.
C:\Users\xxxx\AppData\Local\{B559A239-54BB-4004-9811-E8FCE29C532B} folder moved successfully.
C:\Users\xxxx\AppData\Local\{B669AA1C-6DA9-435A-AAA9-36CD0D5E0FDA} folder moved successfully.
C:\Users\xxxx\AppData\Local\{B76ABAE1-AB29-43D4-A8DB-97DAFCFA4A66} folder moved successfully.
C:\Users\xxxx\AppData\Local\{B8B2074B-CC8D-40F9-9003-E910697E9EF5} folder moved successfully.
C:\Users\xxxx\AppData\Local\{B971625A-BB02-4C84-A62B-E8833772AE34} folder moved successfully.
C:\Users\xxxx\AppData\Local\{B9951FE2-C89B-4809-BF3D-ADF780A6BF6F} folder moved successfully.
C:\Users\xxxx\AppData\Local\{B9CA8EE9-429A-4C58-9961-D469024E0CA4} folder moved successfully.
C:\Users\xxxx\AppData\Local\{B9DFD178-04F0-4997-B1D5-D703A8A670A8} folder moved successfully.
C:\Users\xxxx\AppData\Local\{BAD33003-7DCF-4545-89A6-45222170852B} folder moved successfully.
C:\Users\xxxx\AppData\Local\{BAF116C2-7526-42C3-8A18-2FB53F61CF3E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{BD439993-982A-4230-A7BD-7E82A43B1DD4} folder moved successfully.
C:\Users\xxxx\AppData\Local\{BDFB23E5-FDC7-4D00-8B45-5C3F364BAEE6} folder moved successfully.
C:\Users\xxxx\AppData\Local\{BF8757FF-34D0-4212-BD31-E8F17F40AEDD} folder moved successfully.
C:\Users\xxxx\AppData\Local\{BF8B979A-D9C2-4FD4-81F4-1A689636D766} folder moved successfully.
C:\Users\xxxx\AppData\Local\{C1ECD26B-1D04-4214-9238-A5E3C1DA066D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{C1F7D516-5D52-4F40-9A85-BEF4FEBDA355} folder moved successfully.
C:\Users\xxxx\AppData\Local\{C25B457F-DFE1-4DE4-A54E-075BC9EBB06C} folder moved successfully.
C:\Users\xxxx\AppData\Local\{C62D54FD-0B16-4EC7-B02F-8F7BC622776E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{C807A0A0-6258-4BCA-A09E-15830527FBF9} folder moved successfully.
C:\Users\xxxx\AppData\Local\{C82D46F2-20BD-4D7F-8159-42F8F6451718} folder moved successfully.
C:\Users\xxxx\AppData\Local\{C9C4D371-978C-41C1-9BCB-524CE6CC407D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{CA049D5A-CC3C-4FA8-90FB-D994C87E4FFB} folder moved successfully.
C:\Users\xxxx\AppData\Local\{CCC3A245-D365-4C4F-888D-6E39FE3918D9} folder moved successfully.
C:\Users\xxxx\AppData\Local\{CE1A89CC-66E2-46C4-93A6-C416E19F7311} folder moved successfully.
C:\Users\xxxx\AppData\Local\{CF1458B5-E2F6-408E-8913-28CE2AD04768} folder moved successfully.
C:\Users\xxxx\AppData\Local\{CFE0600E-07D3-43CD-A1BB-C3DC586815D8} folder moved successfully.
C:\Users\xxxx\AppData\Local\{D035078C-A6C1-40F7-BB9F-E4688D8BBFBE} folder moved successfully.
C:\Users\xxxx\AppData\Local\{D05B6BDC-998C-4E67-A8A3-7366ED8B8C34} folder moved successfully.
C:\Users\xxxx\AppData\Local\{D11D0ACE-2647-4ACA-8B16-279074BFBBB1} folder moved successfully.
C:\Users\xxxx\AppData\Local\{D5E998AC-DC2E-4491-9B32-842EFDBD17DE} folder moved successfully.
C:\Users\xxxx\AppData\Local\{D62F6EBA-DF9E-44AF-8A09-25CC10E7A726} folder moved successfully.
C:\Users\xxxx\AppData\Local\{D6314536-EDEC-4E60-AA9C-10068B43B486} folder moved successfully.
C:\Users\xxxx\AppData\Local\{D845830B-5C23-4C8D-AC9F-AA5344FC9B0C} folder moved successfully.
C:\Users\xxxx\AppData\Local\{DAD84D48-D16D-4463-931D-3511923B4B1B} folder moved successfully.
C:\Users\xxxx\AppData\Local\{DB407F3B-44D2-447F-B3FE-B42A7E2655BA} folder moved successfully.
C:\Users\xxxx\AppData\Local\{DC892A07-0E00-4EDC-AE7A-E545EBA07E04} folder moved successfully.
C:\Users\xxxx\AppData\Local\{DCF0EB2C-69F5-487B-944F-BB2DD2C94011} folder moved successfully.
C:\Users\xxxx\AppData\Local\{DE021037-AA7B-406E-8A97-ACD80235994F} folder moved successfully.
C:\Users\xxxx\AppData\Local\{DE8610E1-E882-43FB-B862-FDEE4DE78F58} folder moved successfully.
C:\Users\xxxx\AppData\Local\{DE8767F9-40E9-4728-BBDB-606C2F2AA585} folder moved successfully.
C:\Users\xxxx\AppData\Local\{DECA604A-BB54-4593-AC25-530F04EA834E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{DF74AA96-3C65-485F-8658-0D00A9E6D758} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E0D4A42C-4FE6-4055-87EA-FFEF8CFF673C} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E1324B0E-F06B-4333-BDD6-C20B83B22CCE} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E228B2DA-56C7-4ED9-8E40-52CA849019D6} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E232D97D-2ABA-40FF-B988-0258F18F2324} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E2648876-14B8-40BF-B1DE-35724C50269F} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E31C7192-E918-4320-BBC4-C4671FB23741} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E4928083-D3A2-444B-8621-5CBA3E1B987A} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E4C4DBDA-DC45-4DB5-8296-CF350369671E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E557FCCF-707C-4E8A-97AD-AA804A9E5AE6} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E6A503FB-49D3-48C2-86A0-A015F12E4174} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E7917369-778B-4528-8273-C3BB7962B271} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E7B6F0D1-B8B7-486E-859C-CA87C7F0AF93} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E86DE704-7E23-4089-8064-48094DF53C53} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E91B3F25-B09E-470C-8DA9-93DC123A50E2} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E993AE37-2520-4BFD-AC0D-4BF43B0CC2CB} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E99E18D9-5643-4222-BF99-95FFE86619BF} folder moved successfully.
C:\Users\xxxx\AppData\Local\{E9AC392C-E721-4312-B810-4A35BD57D3D2} folder moved successfully.
C:\Users\xxxx\AppData\Local\{EA25FA24-94CA-427A-81C0-7D60D65F5761} folder moved successfully.
C:\Users\xxxx\AppData\Local\{EB3074E8-B658-414D-9A7F-603F24541FBD} folder moved successfully.
C:\Users\xxxx\AppData\Local\{EB342AC0-A3A9-4F40-8FB6-771C052579DE} folder moved successfully.
C:\Users\xxxx\AppData\Local\{ECEA335E-F931-400B-9229-46C6B0CA4BB8} folder moved successfully.
C:\Users\xxxx\AppData\Local\{EE0C5599-269B-4B39-AA15-1E3B14DC9F4E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{EE7B4838-FC42-49C8-BFCC-C05136508EE7} folder moved successfully.
C:\Users\xxxx\AppData\Local\{EF43136F-CC72-4E46-B1FF-6445FA7CF60C} folder moved successfully.
C:\Users\xxxx\AppData\Local\{EF7B39D7-D06C-409A-9108-FC6485F08119} folder moved successfully.
C:\Users\xxxx\AppData\Local\{EF89514F-D3E9-4B3D-B91C-7D94F1947096} folder moved successfully.
C:\Users\xxxx\AppData\Local\{EFAED219-DF83-4B5A-BBFF-6081E3B2BCFB} folder moved successfully.
C:\Users\xxxx\AppData\Local\{EFEBF2A4-4344-4FAE-8A9F-7A5886ADEF6E} folder moved successfully.
C:\Users\xxxx\AppData\Local\{F1240A65-B872-4593-8370-ACF96016A79F} folder moved successfully.
C:\Users\xxxx\AppData\Local\{F17EBD43-957D-41F2-8DE6-B4D7246E7B30} folder moved successfully.
C:\Users\xxxx\AppData\Local\{F37EDB0C-3C2D-49B6-907A-A0F522171141} folder moved successfully.
C:\Users\xxxx\AppData\Local\{F43CD770-7765-449C-891E-43EF48E4A482} folder moved successfully.
C:\Users\xxxx\AppData\Local\{F477ACA4-4365-4A69-B507-FCCA6E0AE639} folder moved successfully.
C:\Users\xxxx\AppData\Local\{F5CBD0CC-5681-42A7-ACD6-2A6DCFE38373} folder moved successfully.
C:\Users\xxxx\AppData\Local\{F6020C5E-121F-4751-8C59-CEFC835D7180} folder moved successfully.
C:\Users\xxxx\AppData\Local\{F6925A06-23F0-4E88-80BA-E03E959EE035} folder moved successfully.
C:\Users\xxxx\AppData\Local\{F6AB5BF7-3C38-4B1E-AFA5-B4FC427909EB} folder moved successfully.
C:\Users\xxxx\AppData\Local\{F7514B32-C7CA-40F3-A1C2-5A426A7592F8} folder moved successfully.
C:\Users\xxxx\AppData\Local\{F9532BE9-F789-4FD1-B5C9-1EAFB40A3A46} folder moved successfully.
C:\Users\xxxx\AppData\Local\{FA9601C8-12EA-4F79-AEE6-24415B77FDF2} folder moved successfully.
C:\Users\xxxx\AppData\Local\{FB25A72A-34BE-4651-96CF-4BBF6731A07D} folder moved successfully.
C:\Users\xxxx\AppData\Local\{FB3D4C9C-D1AD-43F5-816F-B7132CF211C8} folder moved successfully.
C:\Users\xxxx\AppData\Local\{FBAA45AD-1C55-4326-AB96-A79D7664AE26} folder moved successfully.
C:\Users\xxxx\AppData\Local\{FCE69EEF-30AE-4D6B-930B-4970275B0714} folder moved successfully.
C:\Users\xxxx\AppData\Local\{FD29486E-BA27-423E-A83C-315E4A390162} folder moved successfully.
C:\Users\xxxx\AppData\Local\{FE37A591-5739-4BE7-80B7-7A3D80A2AFEB} folder moved successfully.
C:\Users\xxxx\AppData\Local\{FF21DDEF-8149-4349-8F81-C81FD2177EE5} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: xxxx
->Temp folder emptied: 947742900 bytes
->Temporary Internet Files folder emptied: 1246309150 bytes
->Java cache emptied: 13159749 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3292199 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59790607 bytes
RecycleBin emptied: 5021186375 bytes
Total Files Cleaned = 6.954,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 12302011_203750
Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File\Folder C:\Windows\temp\logishrd\LVPrcInj03.dll not found!
Registry entries deleted on Reboot...
 VG Robert |
|
30.12.2011, 22:24
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_BNK.Win32.Keylogger.gen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2011, 23:33
| #21 |
| | Trojaner_BNK.Win32.Keylogger.gen Hallo Arne, vorab eine Frage: soll ich unhide auch ausführen, wenn ich auf meine eigenen Dateien zugreifen kann? vg Robert |
|
30.12.2011, 23:54
| #22 |
| | Trojaner_BNK.Win32.Keylogger.gen Hier aber schon mal das log vom tdss killer: Code:
ATTFilter 23:40:51.0310 5488 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
23:40:51.0476 5488 ============================================================
23:40:51.0476 5488 Current date / time: 2011/12/30 23:40:51.0476
23:40:51.0476 5488 SystemInfo:
23:40:51.0476 5488
23:40:51.0476 5488 OS Version: 6.0.6002 ServicePack: 2.0
23:40:51.0476 5488 Product type: Workstation
23:40:51.0476 5488 ComputerName: LISA
23:40:51.0477 5488 UserName: xxxx
23:40:51.0477 5488 Windows directory: C:\Windows
23:40:51.0477 5488 System windows directory: C:\Windows
23:40:51.0477 5488 Processor architecture: Intel x86
23:40:51.0477 5488 Number of processors: 4
23:40:51.0477 5488 Page size: 0x1000
23:40:51.0477 5488 Boot type: Normal boot
23:40:51.0477 5488 ============================================================
23:40:52.0278 5488 Initialize success
23:41:03.0529 5316 ============================================================
23:41:03.0529 5316 Scan started
23:41:03.0529 5316 Mode: Manual; SigCheck; TDLFS;
23:41:03.0529 5316 ============================================================
23:41:03.0953 5316 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:41:04.0058 5316 ACPI - ok
23:41:04.0117 5316 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:41:04.0138 5316 adp94xx - ok
23:41:04.0175 5316 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:41:04.0191 5316 adpahci - ok
23:41:04.0214 5316 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:41:04.0227 5316 adpu160m - ok
23:41:04.0244 5316 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:41:04.0258 5316 adpu320 - ok
23:41:04.0354 5316 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:41:04.0444 5316 AFD - ok
23:41:04.0465 5316 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:41:04.0476 5316 agp440 - ok
23:41:04.0496 5316 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:41:04.0508 5316 aic78xx - ok
23:41:04.0534 5316 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:41:04.0544 5316 aliide - ok
23:41:04.0565 5316 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:41:04.0576 5316 amdagp - ok
23:41:04.0597 5316 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:41:04.0608 5316 amdide - ok
23:41:04.0653 5316 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:41:04.0754 5316 AmdK7 - ok
23:41:04.0782 5316 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
23:41:04.0831 5316 AmdK8 - ok
23:41:04.0883 5316 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:41:04.0894 5316 arc - ok
23:41:04.0931 5316 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:41:04.0943 5316 arcsas - ok
23:41:04.0973 5316 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:41:05.0015 5316 AsyncMac - ok
23:41:05.0042 5316 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:41:05.0054 5316 atapi - ok
23:41:05.0112 5316 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys
23:41:05.0158 5316 atksgt - ok
23:41:05.0242 5316 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
23:41:05.0252 5316 avgio - ok
23:41:05.0275 5316 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
23:41:05.0285 5316 avgntflt - ok
23:41:05.0317 5316 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
23:41:05.0326 5316 avipbb - ok
23:41:05.0360 5316 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:41:05.0395 5316 Beep - ok
23:41:05.0443 5316 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:41:05.0479 5316 blbdrive - ok
23:41:05.0542 5316 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:41:05.0590 5316 bowser - ok
23:41:05.0618 5316 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:41:05.0722 5316 BrFiltLo - ok
23:41:05.0770 5316 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:41:05.0800 5316 BrFiltUp - ok
23:41:05.0820 5316 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:41:05.0965 5316 Brserid - ok
23:41:05.0982 5316 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:41:06.0057 5316 BrSerWdm - ok
23:41:06.0080 5316 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:41:06.0152 5316 BrUsbMdm - ok
23:41:06.0173 5316 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:41:06.0226 5316 BrUsbSer - ok
23:41:06.0249 5316 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:41:06.0312 5316 BTHMODEM - ok
23:41:06.0340 5316 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:41:06.0362 5316 cdfs - ok
23:41:06.0385 5316 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:41:06.0402 5316 cdrom - ok
23:41:06.0432 5316 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:41:06.0464 5316 circlass - ok
23:41:06.0504 5316 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:41:06.0518 5316 CLFS - ok
23:41:06.0553 5316 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:41:06.0562 5316 cmdide - ok
23:41:06.0579 5316 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
23:41:06.0588 5316 Compbatt - ok
23:41:06.0612 5316 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:41:06.0620 5316 crcdisk - ok
23:41:06.0650 5316 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:41:06.0684 5316 Crusoe - ok
23:41:06.0744 5316 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:41:06.0800 5316 DfsC - ok
23:41:06.0866 5316 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys
23:41:06.0874 5316 dgderdrv - ok
23:41:06.0928 5316 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:41:06.0941 5316 disk - ok
23:41:06.0999 5316 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
23:41:07.0040 5316 Dot4 - ok
23:41:07.0080 5316 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:41:07.0118 5316 Dot4Print - ok
23:41:07.0135 5316 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
23:41:07.0177 5316 dot4usb - ok
23:41:07.0226 5316 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:41:07.0258 5316 drmkaud - ok
23:41:07.0306 5316 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:41:07.0348 5316 DXGKrnl - ok
23:41:07.0383 5316 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:41:07.0426 5316 E1G60 - ok
23:41:07.0474 5316 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:41:07.0489 5316 Ecache - ok
23:41:07.0529 5316 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:41:07.0548 5316 elxstor - ok
23:41:07.0596 5316 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:41:07.0629 5316 ErrDev - ok
23:41:07.0685 5316 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:41:07.0733 5316 exfat - ok
23:41:07.0751 5316 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:41:07.0793 5316 fastfat - ok
23:41:07.0837 5316 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:41:07.0874 5316 fdc - ok
23:41:07.0910 5316 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:41:07.0922 5316 FileInfo - ok
23:41:07.0944 5316 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:41:07.0990 5316 Filetrace - ok
23:41:08.0010 5316 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:41:08.0052 5316 flpydisk - ok
23:41:08.0079 5316 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:41:08.0093 5316 FltMgr - ok
23:41:08.0144 5316 fssfltr (8e307583e6b45f1accf762fe22a61c0d) C:\Windows\system32\DRIVERS\fssfltr.sys
23:41:08.0154 5316 fssfltr - ok
23:41:08.0255 5316 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
23:41:08.0276 5316 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
23:41:08.0276 5316 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
23:41:08.0318 5316 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:41:08.0346 5316 Fs_Rec - ok
23:41:08.0371 5316 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:41:08.0382 5316 gagp30kx - ok
23:41:08.0410 5316 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:41:08.0418 5316 GEARAspiWDM - ok
23:41:08.0482 5316 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
23:41:08.0527 5316 HdAudAddService - ok
23:41:08.0568 5316 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:41:08.0615 5316 HDAudBus - ok
23:41:08.0639 5316 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:41:08.0719 5316 HidBth - ok
23:41:08.0737 5316 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:41:08.0781 5316 HidIr - ok
23:41:08.0823 5316 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:41:08.0855 5316 HidUsb - ok
23:41:08.0879 5316 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:41:08.0890 5316 HpCISSs - ok
23:41:08.0951 5316 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:41:09.0010 5316 HTTP - ok
23:41:09.0022 5316 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:41:09.0035 5316 i2omp - ok
23:41:09.0081 5316 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:41:09.0114 5316 i8042prt - ok
23:41:09.0143 5316 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:41:09.0158 5316 iaStorV - ok
23:41:09.0200 5316 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:41:09.0211 5316 iirsp - ok
23:41:09.0330 5316 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys
23:41:09.0462 5316 IntcAzAudAddService - ok
23:41:09.0492 5316 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:41:09.0502 5316 intelide - ok
23:41:09.0520 5316 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:41:09.0566 5316 intelppm - ok
23:41:09.0584 5316 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:41:09.0621 5316 IpFilterDriver - ok
23:41:09.0632 5316 IpInIp - ok
23:41:09.0658 5316 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:41:09.0704 5316 IPMIDRV - ok
23:41:09.0716 5316 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:41:09.0743 5316 IPNAT - ok
23:41:09.0792 5316 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:41:09.0830 5316 IRENUM - ok
23:41:09.0849 5316 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:41:09.0860 5316 isapnp - ok
23:41:09.0893 5316 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:41:09.0908 5316 iScsiPrt - ok
23:41:09.0933 5316 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:41:09.0944 5316 iteatapi - ok
23:41:09.0972 5316 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:41:09.0983 5316 iteraid - ok
23:41:10.0001 5316 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:41:10.0012 5316 kbdclass - ok
23:41:10.0042 5316 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:41:10.0075 5316 kbdhid - ok
23:41:10.0126 5316 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
23:41:10.0166 5316 KSecDD - ok
23:41:10.0232 5316 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
23:41:10.0241 5316 lirsgt - ok
23:41:10.0258 5316 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:41:10.0297 5316 lltdio - ok
23:41:10.0334 5316 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:41:10.0346 5316 LSI_FC - ok
23:41:10.0362 5316 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:41:10.0374 5316 LSI_SAS - ok
23:41:10.0394 5316 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:41:10.0406 5316 LSI_SCSI - ok
23:41:10.0415 5316 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:41:10.0457 5316 luafv - ok
23:41:10.0492 5316 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\Drivers\LVPr2Mon.sys
23:41:10.0501 5316 LVPr2Mon - ok
23:41:10.0567 5316 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
23:41:10.0580 5316 LVRS - ok
23:41:10.0750 5316 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
23:41:11.0075 5316 LVUVC - ok
23:41:11.0118 5316 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:41:11.0128 5316 megasas - ok
23:41:11.0152 5316 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:41:11.0172 5316 MegaSR - ok
23:41:11.0243 5316 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:41:11.0285 5316 Modem - ok
23:41:11.0313 5316 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:41:11.0350 5316 monitor - ok
23:41:11.0374 5316 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:41:11.0384 5316 mouclass - ok
23:41:11.0395 5316 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:41:11.0421 5316 mouhid - ok
23:41:11.0440 5316 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:41:11.0451 5316 MountMgr - ok
23:41:11.0479 5316 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:41:11.0491 5316 mpio - ok
23:41:11.0507 5316 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:41:11.0537 5316 mpsdrv - ok
23:41:11.0570 5316 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:41:11.0580 5316 Mraid35x - ok
23:41:11.0598 5316 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:41:11.0639 5316 MRxDAV - ok
23:41:11.0684 5316 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:41:11.0730 5316 mrxsmb - ok
23:41:11.0764 5316 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:41:11.0793 5316 mrxsmb10 - ok
23:41:11.0808 5316 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:41:11.0840 5316 mrxsmb20 - ok
23:41:11.0877 5316 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
23:41:11.0888 5316 msahci - ok
23:41:11.0953 5316 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:41:11.0964 5316 msdsm - ok
23:41:11.0990 5316 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:41:12.0027 5316 Msfs - ok
23:41:12.0057 5316 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:41:12.0068 5316 msisadrv - ok
23:41:12.0102 5316 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:41:12.0140 5316 MSKSSRV - ok
23:41:12.0159 5316 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:41:12.0200 5316 MSPCLOCK - ok
23:41:12.0220 5316 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:41:12.0246 5316 MSPQM - ok
23:41:12.0278 5316 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:41:12.0292 5316 MsRPC - ok
23:41:12.0307 5316 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:41:12.0328 5316 mssmbios - ok
23:41:12.0344 5316 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:41:12.0388 5316 MSTEE - ok
23:41:12.0396 5316 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:41:12.0409 5316 Mup - ok
23:41:12.0459 5316 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:41:12.0495 5316 NativeWifiP - ok
23:41:12.0545 5316 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:41:12.0572 5316 NDIS - ok
23:41:12.0620 5316 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:41:12.0648 5316 NdisTapi - ok
23:41:12.0656 5316 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:41:12.0689 5316 Ndisuio - ok
23:41:12.0719 5316 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:41:12.0753 5316 NdisWan - ok
23:41:12.0771 5316 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:41:12.0805 5316 NDProxy - ok
23:41:12.0881 5316 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:41:12.0907 5316 NetBIOS - ok
23:41:12.0925 5316 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:41:12.0963 5316 netbt - ok
23:41:13.0004 5316 NETGEARUCOMP (6b94e5743ab91a82f6336c6641a5fe32) C:\Windows\system32\DRIVERS\NETGEARUCOMP.sys
23:41:13.0030 5316 NETGEARUCOMP - ok
23:41:13.0065 5316 NETGEARUHOST (00fd381143c937b8cdf639c0de5189e2) C:\Windows\system32\DRIVERS\NETGEARUHOST.sys
23:41:13.0104 5316 NETGEARUHOST - ok
23:41:13.0123 5316 NETGEARUHUB (6f57a54419e6186975fc00dc405fe4b0) C:\Windows\system32\DRIVERS\NETGEARUHUB.sys
23:41:13.0140 5316 NETGEARUHUB - ok
23:41:13.0208 5316 netr28u (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
23:41:13.0269 5316 netr28u - ok
23:41:13.0294 5316 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:41:13.0305 5316 nfrd960 - ok
23:41:13.0337 5316 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:41:13.0389 5316 Npfs - ok
23:41:13.0418 5316 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:41:13.0462 5316 nsiproxy - ok
23:41:13.0521 5316 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:41:13.0569 5316 Ntfs - ok
23:41:13.0587 5316 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:41:13.0649 5316 ntrigdigi - ok
23:41:13.0671 5316 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:41:13.0710 5316 Null - ok
23:41:13.0762 5316 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
23:41:13.0807 5316 NVENETFD - ok
23:41:13.0882 5316 NVHDA (d2f4c4b22969236382ca853b8daa2d4e) C:\Windows\system32\drivers\nvhda32v.sys
23:41:13.0891 5316 NVHDA - ok
23:41:14.0104 5316 nvlddmkm (f484e314c710b9c297f9ab363ff74370) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:41:14.0701 5316 nvlddmkm - ok
23:41:14.0730 5316 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:41:14.0742 5316 nvraid - ok
23:41:14.0773 5316 nvsmu (af1bd777af00e96c45c77192d7453369) C:\Windows\system32\DRIVERS\nvsmu.sys
23:41:14.0815 5316 nvsmu - ok
23:41:14.0846 5316 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:41:14.0857 5316 nvstor - ok
23:41:14.0901 5316 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
23:41:14.0911 5316 nvstor32 - ok
23:41:14.0929 5316 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:41:14.0942 5316 nv_agp - ok
23:41:14.0950 5316 NwlnkFlt - ok
23:41:14.0962 5316 NwlnkFwd - ok
23:41:14.0991 5316 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
23:41:15.0019 5316 ohci1394 - ok
23:41:15.0056 5316 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:41:15.0114 5316 Parport - ok
23:41:15.0140 5316 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:41:15.0152 5316 partmgr - ok
23:41:15.0168 5316 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:41:15.0212 5316 Parvdm - ok
23:41:15.0235 5316 PCAMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\PCAMp50.sys
23:41:15.0245 5316 PCAMp50 - ok
23:41:15.0289 5316 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
23:41:15.0297 5316 PCASp50 - ok
23:41:15.0336 5316 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:41:15.0351 5316 pci - ok
23:41:15.0366 5316 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
23:41:15.0378 5316 pciide - ok
23:41:15.0402 5316 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:41:15.0415 5316 pcmcia - ok
23:41:15.0464 5316 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:41:15.0541 5316 PEAUTH - ok
23:41:15.0628 5316 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:41:15.0665 5316 PptpMiniport - ok
23:41:15.0692 5316 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:41:15.0758 5316 Processor - ok
23:41:15.0822 5316 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:41:15.0854 5316 PSched - ok
23:41:15.0922 5316 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:41:15.0982 5316 ql2300 - ok
23:41:16.0013 5316 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:41:16.0024 5316 ql40xx - ok
23:41:16.0051 5316 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:41:16.0081 5316 QWAVEdrv - ok
23:41:16.0096 5316 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:41:16.0122 5316 RasAcd - ok
23:41:16.0141 5316 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:41:16.0168 5316 Rasl2tp - ok
23:41:16.0200 5316 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:41:16.0231 5316 RasPppoe - ok
23:41:16.0249 5316 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:41:16.0261 5316 RasSstp - ok
23:41:16.0274 5316 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:41:16.0295 5316 rdbss - ok
23:41:16.0306 5316 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:41:16.0328 5316 RDPCDD - ok
23:41:16.0361 5316 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:41:16.0386 5316 rdpdr - ok
23:41:16.0394 5316 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:41:16.0416 5316 RDPENCDD - ok
23:41:16.0444 5316 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
23:41:16.0463 5316 RDPWD - ok
23:41:16.0493 5316 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:41:16.0521 5316 rspndr - ok
23:41:16.0549 5316 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:41:16.0559 5316 sbp2port - ok
23:41:16.0594 5316 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:41:16.0649 5316 secdrv - ok
23:41:16.0698 5316 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
23:41:16.0746 5316 Serenum - ok
23:41:16.0784 5316 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
23:41:16.0816 5316 Serial - ok
23:41:16.0864 5316 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:41:16.0892 5316 sermouse - ok
23:41:16.0923 5316 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:41:16.0943 5316 sffdisk - ok
23:41:16.0964 5316 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:41:16.0998 5316 sffp_mmc - ok
23:41:17.0011 5316 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:41:17.0052 5316 sffp_sd - ok
23:41:17.0078 5316 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:41:17.0139 5316 sfloppy - ok
23:41:17.0166 5316 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:41:17.0177 5316 sisagp - ok
23:41:17.0198 5316 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:41:17.0209 5316 SiSRaid2 - ok
23:41:17.0228 5316 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:41:17.0239 5316 SiSRaid4 - ok
23:41:17.0278 5316 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:41:17.0319 5316 Smb - ok
23:41:17.0352 5316 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:41:17.0363 5316 spldr - ok
23:41:17.0413 5316 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:41:17.0439 5316 srv - ok
23:41:17.0468 5316 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:41:17.0499 5316 srv2 - ok
23:41:17.0536 5316 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:41:17.0567 5316 srvnet - ok
23:41:17.0619 5316 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\Windows\system32\DRIVERS\ssadbus.sys
23:41:17.0629 5316 ssadbus - ok
23:41:17.0650 5316 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:41:17.0658 5316 ssadmdfl - ok
23:41:17.0680 5316 ssadmdm (9afaa23421622c392b55508fa9613949) C:\Windows\system32\DRIVERS\ssadmdm.sys
23:41:17.0689 5316 ssadmdm - ok
23:41:17.0722 5316 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
23:41:17.0732 5316 sscdbus - ok
23:41:17.0765 5316 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
23:41:17.0772 5316 sscdmdfl - ok
23:41:17.0807 5316 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
23:41:17.0817 5316 sscdmdm - ok
23:41:17.0846 5316 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
23:41:17.0854 5316 ssmdrv - ok
23:41:17.0925 5316 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
23:41:17.0939 5316 StarOpen ( UnsignedFile.Multi.Generic ) - warning
23:41:17.0939 5316 StarOpen - detected UnsignedFile.Multi.Generic (1)
23:41:17.0975 5316 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:41:17.0986 5316 swenum - ok
23:41:18.0014 5316 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:41:18.0024 5316 Symc8xx - ok
23:41:18.0051 5316 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:41:18.0061 5316 Sym_hi - ok
23:41:18.0085 5316 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:41:18.0095 5316 Sym_u3 - ok
23:41:18.0157 5316 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
23:41:18.0214 5316 Tcpip - ok
23:41:18.0243 5316 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
23:41:18.0282 5316 Tcpip6 - ok
23:41:18.0351 5316 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:41:18.0391 5316 tcpipreg - ok
23:41:18.0411 5316 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:41:18.0445 5316 TDPIPE - ok
23:41:18.0465 5316 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:41:18.0491 5316 TDTCP - ok
23:41:18.0533 5316 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:41:18.0567 5316 tdx - ok
23:41:18.0588 5316 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:41:18.0602 5316 TermDD - ok
23:41:18.0639 5316 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:41:18.0672 5316 tssecsrv - ok
23:41:18.0694 5316 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:41:18.0729 5316 tunmp - ok
23:41:18.0758 5316 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:41:18.0780 5316 tunnel - ok
23:41:18.0805 5316 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:41:18.0816 5316 uagp35 - ok
23:41:18.0840 5316 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:41:18.0863 5316 udfs - ok
23:41:18.0902 5316 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:41:18.0913 5316 uliagpkx - ok
23:41:18.0949 5316 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:41:18.0964 5316 uliahci - ok
23:41:18.0988 5316 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:41:19.0000 5316 UlSata - ok
23:41:19.0036 5316 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:41:19.0048 5316 ulsata2 - ok
23:41:19.0090 5316 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:41:19.0131 5316 umbus - ok
23:41:19.0169 5316 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
23:41:19.0204 5316 USBAAPL - ok
23:41:19.0243 5316 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
23:41:19.0278 5316 usbaudio - ok
23:41:19.0322 5316 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:41:19.0343 5316 usbccgp - ok
23:41:19.0360 5316 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:41:19.0422 5316 usbcir - ok
23:41:19.0466 5316 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:41:19.0501 5316 usbehci - ok
23:41:19.0529 5316 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:41:19.0568 5316 usbhub - ok
23:41:19.0587 5316 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
23:41:19.0617 5316 usbohci - ok
23:41:19.0649 5316 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:41:19.0687 5316 usbprint - ok
23:41:19.0723 5316 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:41:19.0743 5316 usbscan - ok
23:41:19.0773 5316 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:41:19.0794 5316 USBSTOR - ok
23:41:19.0804 5316 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:41:19.0843 5316 usbuhci - ok
23:41:19.0885 5316 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:41:19.0925 5316 usbvideo - ok
23:41:19.0981 5316 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:41:20.0025 5316 vga - ok
23:41:20.0045 5316 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:41:20.0084 5316 VgaSave - ok
23:41:20.0123 5316 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:41:20.0134 5316 viaagp - ok
23:41:20.0189 5316 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:41:20.0228 5316 ViaC7 - ok
23:41:20.0252 5316 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:41:20.0263 5316 viaide - ok
23:41:20.0282 5316 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:41:20.0294 5316 volmgr - ok
23:41:20.0324 5316 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:41:20.0342 5316 volmgrx - ok
23:41:20.0370 5316 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:41:20.0386 5316 volsnap - ok
23:41:20.0419 5316 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:41:20.0432 5316 vsmraid - ok
23:41:20.0463 5316 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:41:20.0513 5316 WacomPen - ok
23:41:20.0531 5316 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:41:20.0554 5316 Wanarp - ok
23:41:20.0572 5316 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:41:20.0593 5316 Wanarpv6 - ok
23:41:20.0613 5316 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:41:20.0623 5316 Wd - ok
23:41:20.0647 5316 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:41:20.0669 5316 Wdf01000 - ok
23:41:20.0748 5316 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:41:20.0782 5316 WmiAcpi - ok
23:41:20.0842 5316 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:41:20.0869 5316 WpdUsb - ok
23:41:20.0912 5316 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:41:20.0944 5316 ws2ifsl - ok
23:41:21.0025 5316 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:41:21.0069 5316 WUDFRd - ok
23:41:21.0115 5316 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:41:21.0233 5316 \Device\Harddisk0\DR0 - ok
23:41:21.0242 5316 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
23:41:21.0595 5316 \Device\Harddisk2\DR2 - ok
23:41:21.0598 5316 Boot (0x1200) (408fc82089c7b8f8a2c5a42deb5af541) \Device\Harddisk0\DR0\Partition0
23:41:21.0599 5316 \Device\Harddisk0\DR0\Partition0 - ok
23:41:21.0611 5316 Boot (0x1200) (16d7cdfc95348c5293254222fe91ebe8) \Device\Harddisk0\DR0\Partition1
23:41:21.0612 5316 \Device\Harddisk0\DR0\Partition1 - ok
23:41:21.0618 5316 Boot (0x1200) (dccfb0bc5f93d550e712532eb1768d80) \Device\Harddisk2\DR2\Partition0
23:41:21.0620 5316 \Device\Harddisk2\DR2\Partition0 - ok
23:41:21.0621 5316 ============================================================
23:41:21.0621 5316 Scan finished
23:41:21.0621 5316 ============================================================
23:41:21.0633 3640 Detected object count: 2
23:41:21.0633 3640 Actual detected object count: 2
23:41:58.0567 3640 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
23:41:58.0567 3640 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:41:58.0570 3640 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
23:41:58.0570 3640 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
hoffe es passt alles mit unhide warte ich sicherheitshalber noch auf deine Antwort ob ich es auch ausführen soll. vg robert |
|
31.12.2011, 00:01
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_BNK.Win32.Keylogger.gen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.12.2011, 12:28
| #24 |
| | Trojaner_BNK.Win32.Keylogger.gen Hallo Arne, log von confi habe ich als zip angehängt hatte ganz schön bammel, aber es ist alles gut gegangen - freu  falls du heute silvester feierst wünsch ich dir natürlich einen guten Rutsch wir hören uns dann hoffentlich nächstes jahr? viele Grüße, Robert |
|
02.01.2012, 09:57
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_BNK.Win32.Keylogger.gen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2012, 17:44
| #26 |
| | Trojaner_BNK.Win32.Keylogger.gen Hallo Arne! Hoffe Du bist gut rübergerutscht  GMER ist bei mir nicht gelaufen. OSAM log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:57:33 on 02.01.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\LISA~1.DAN\AppData\Local\Temp\catchme.sys (File not found) "dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\Windows\System32\drivers\dgderdrv.sys "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "PCAMp50 NDIS Protocol Driver" (PCAMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\System32\Drivers\PCAMp50.sys "PCASp50 NDIS Protocol Driver" (PCASp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\System32\Drivers\PCASp50.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - ? - (File not found | COM-object registry key not found) {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - ? - C:\Program Files\Windows Live\Companion\companioncore.dll (File not found) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 (HTTP value) {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Lisa.Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Device Detector" - ? - DevDetect.exe -autorun (File not found) "KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s "KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe "Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "Nikon Message Center 2" - "Nikon Corporation" - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "hpf3l70v.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l70v.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE "Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software Run date: 2012-01-02 17:02:12 ----------------------------- 17:02:12.490 OS Version: Windows 6.0.6002 Service Pack 2 17:02:12.490 Number of processors: 4 586 0x170A 17:02:12.491 ComputerName: LISA UserName: 17:02:37.603 Initialize success 17:03:37.582 AVAST engine defs: 12010200 17:03:47.313 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057 17:03:47.315 Disk 0 Vendor: WDC_WD64 05.0 Size: 610480MB BusType: 3 17:03:47.324 Disk 0 MBR read successfully 17:03:47.326 Disk 0 MBR scan 17:03:47.340 Disk 0 Windows VISTA default MBR code 17:03:47.345 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 595117 MB offset 2048 17:03:47.350 Disk 0 Partition - 00 0F Extended LBA 15361 MB offset 1218801664 17:03:47.387 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 15360 MB offset 1218803712 17:03:47.393 Disk 0 scanning sectors +1250260992 17:03:47.436 Disk 0 scanning C:\Windows\system32\drivers 17:03:56.365 Service scanning 17:03:57.518 Modules scanning 17:04:01.016 Disk 0 trace - called modules: 17:04:01.045 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys 17:04:01.050 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863f9468] 17:04:01.054 3 CLASSPNP.SYS[8afad8b3] -> nt!IofCallDriver -> [0x861af958] 17:04:01.058 5 acpi.sys[806956bc] -> nt!IofCallDriver -> \Device\00000057[0x861ac900] 17:04:02.844 AVAST engine scan C:\Windows 17:04:06.500 AVAST engine scan C:\Windows\system32 17:05:49.910 AVAST engine scan C:\Windows\system32\drivers 17:06:09.896 AVAST engine scan C:\Users\xxxx 17:22:50.828 File: C:\Users\xxxx\desktop sachen\MFTools\OTL.exe **INFECTED** Win32:Malware-gen 17:28:19.897 AVAST engine scan C:\ProgramData 17:31:50.755 Scan finished successfully 17:34:48.986 Disk 0 MBR has been saved successfully to "C:\Users\xxxx\Downloads\MBR.dat" 17:34:48.991 The log file has been saved successfully to "C:\Users\xxxx\Downloads\aswMBR.txt" Robert |
|
02.01.2012, 20:50
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_BNK.Win32.Keylogger.gen Ja bin ich, ich war zwar etwas  aber war  Ich hoffe du bist auch gut reingekommen  Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.01.2012, 16:09
| #28 |
| | Trojaner_BNK.Win32.Keylogger.gen Hallo nochmal. Hier log mbam Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.03.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 xxxx :: LISA [Administrator] 03.01.2012 12:27:31 mbam-log-2012-01-03 (12-27-31).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 409837 Laufzeit: 1 Stunde(n), 23 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 01/03/2012 at 03:58 PM
Application Version : 5.0.1142
Core Rules Database Version : 8091
Trace Rules Database Version: 5903
Scan type : Complete Scan
Total Scan Time : 01:12:01
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 828
Memory threats detected : 0
Registry items scanned : 39645
Registry threats detected : 0
File items scanned : 76834
File threats detected : 225
Adware.Tracking Cookie
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@adx.chip[1].txt [ /adx.chip ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@apmebf[1].txt [ /apmebf ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@atdmt[1].txt [ /atdmt ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@eaeacom.112.2o7[1].txt [ /eaeacom.112.2o7 ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@mediaplex[1].txt [ /mediaplex ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@microsoftwllivemkt.112.2o7[1].txt [ /microsoftwllivemkt.112.2o7 ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@microsoftxbox.112.2o7[1].txt [ /microsoftxbox.112.2o7 ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@smartadserver[1].txt [ /smartadserver ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@www.etracker[2].txt [ /www.etracker ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@zedo[1].txt [ /zedo ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@zedo[2].txt [ /zedo ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\E27IBF74.txt [ /tribalfusion.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\TUVNWDYF.txt [ /tradedoubler.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Z2NG9QZD.txt [ /bs.serving-sys.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\L5RERQVS.txt [ /serving-sys.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\U7WR6XXW.txt [ /www.googleadservices.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\9IC7O0V3.txt [ /zanox.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\LGX46IIH.txt [ /ad.zanox.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\JKQ5RFYT.txt [ /amazon-adsystem.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\NODNFB4Y.txt [ /atdmt.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\TPIZO7MK.txt [ /statse.webtrendslive.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\XOQCMMUT.txt [ /specificclick.net ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\DUVY55G1.txt [ /ad2.adfarm1.adition.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\UHJEVWFM.txt [ /partypoker.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\MJBQ6OP8.txt [ /imrworldwide.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\MAKYPXN0.txt [ /doubleclick.net ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\RFK073ZE.txt [ /ads.bleepingcomputer.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\ELHU51AA.txt [ /kontera.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\7807PV2X.txt [ /adfarm1.adition.com ]
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\516X4XTH.txt [ /revsci.net ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\N3G9LXEK.txt [ Cookie:xxxx@2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@de.sitestat[1].txt [ Cookie:xxxx@de.sitestat.com/tom-tailor/austria/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\4GVXY1V7.txt [ Cookie:xxxx@invitemedia.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@microsoftwga.112.2o7[1].txt [ Cookie:xxxx@microsoftwga.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\S1A3CQ6K.txt [ Cookie:xxxx@adbrite.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\5QIH15Y3.txt [ Cookie:xxxx@serving-sys.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\IVSJ0SU6.txt [ Cookie:xxxx@accounts.google.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8NOOYEP.txt [ Cookie:xxxx@server.lon.liveperson.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\IBQS8799.txt [ Cookie:xxxx@collective-media.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8S2RAHOW.txt [ Cookie:xxxx@advertising.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@shopping.112.2o7[1].txt [ Cookie:xxxx@shopping.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@a.revenuemax[1].txt [ Cookie:xxxx@a.revenuemax.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\VD7RR33L.txt [ Cookie:xxxx@fastclick.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\S3NH1OPJ.txt [ Cookie:xxxx@zedo.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYN5CSL2.txt [ Cookie:xxxx@atdmt.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@msnportal.112.2o7[2].txt [ Cookie:xxxx@msnportal.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@guj.122.2o7[1].txt [ Cookie:xxxx@guj.122.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@fl01.ct2.comclick[1].txt [ Cookie:xxxx@fl01.ct2.comclick.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\92926QX0.txt [ Cookie:xxxx@ad.yieldmanager.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\P6BYXUVO.txt [ Cookie:xxxx@accounts.youtube.com/accounts ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@adsrv.admediate[1].txt [ Cookie:xxxx@adsrv.admediate.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\HXSNFPEH.txt [ Cookie:xxxx@liveperson.net/hc/82753263 ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@secmedia[2].txt [ Cookie:xxxx@secmedia.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@yadro[2].txt [ Cookie:xxxx@yadro.ru/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\SYIFKBZK.txt [ Cookie:xxxx@www.zanox-affiliate.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\XE26F1TB.txt [ Cookie:xxxx@www.googleadservices.com/pagead/conversion/1028954965/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@de.sitestat[2].txt [ Cookie:xxxx@de.sitestat.com/idgcom-de/pcwelt/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@specificclick[1].txt [ Cookie:xxxx@specificclick.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\HR5H5SR6.txt [ Cookie:xxxx@adtech.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\73YOQKU1.txt [ Cookie:xxxx@bs.serving-sys.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@xiti[1].txt [ Cookie:xxxx@xiti.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@track.effiliation[3].txt [ Cookie:xxxx@track.effiliation.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@countomat[1].txt [ Cookie:xxxx@countomat.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@tracking.financescout24[2].txt [ Cookie:xxxx@tracking.financescout24.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\MTKG53C8.txt [ Cookie:xxxx@ru4.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@stat.dealtime[2].txt [ Cookie:xxxx@stat.dealtime.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0VFCPY96.txt [ Cookie:xxxx@xxxlutz.at/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@server.cpmstar[2].txt [ Cookie:xxxx@server.cpmstar.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@tracking.3gnet[2].txt [ Cookie:xxxx@tracking.3gnet.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@www.adservspot[1].txt [ Cookie:xxxx@www.adservspot.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTDNFY7K.txt [ Cookie:xxxx@doubleclick.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\KVX79C8R.txt [ Cookie:xxxx@apmebf.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\D97YSKQT.txt [ Cookie:xxxx@harrenmedianetwork.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\7A283BDB.txt [ Cookie:xxxx@dyntracker.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@tele2.112.2o7[1].txt [ Cookie:xxxx@tele2.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@e-2dj6wnmysjczilq.stats.esomniture[2].txt [ Cookie:xxxx@e-2dj6wnmysjczilq.stats.esomniture.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYQXVJ4F.txt [ Cookie:xxxx@im.banner.t-online.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\3999ZWSB.txt [ Cookie:xxxx@azjmp.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\6FKZYDHA.txt [ Cookie:xxxx@statcounter.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\NBXRCTYW.txt [ Cookie:xxxx@ww251.smartadserver.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\UPH2ORQM.txt [ Cookie:xxxx@adfarm1.adition.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\R7H6A2R4.txt [ Cookie:xxxx@revsci.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@himedia.individuad[2].txt [ Cookie:xxxx@himedia.individuad.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@tns-counter[1].txt [ Cookie:xxxx@tns-counter.ru/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@ad.adnet[1].txt [ Cookie:xxxx@ad.adnet.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@it.profilbanner[1].txt [ Cookie:xxxx@it.profilbanner.me/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\BBI1Z324.txt [ Cookie:xxxx@google.com/accounts/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\W9L09FV1.txt [ Cookie:xxxx@adx.chip.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@clicks.pangora[1].txt [ Cookie:xxxx@clicks.pangora.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8ETT00JW.txt [ Cookie:xxxx@tracking.oe24.at// ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@fr.sitestat[2].txt [ Cookie:xxxx@fr.sitestat.com/jpg/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@hitbox[1].txt [ Cookie:xxxx@hitbox.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@de.sitestat[8].txt [ Cookie:xxxx@de.sitestat.com/sportscheck/shop-at/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@fr.sitestat[1].txt [ Cookie:xxxx@fr.sitestat.com/jpg/quillat/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@paypal.112.2o7[1].txt [ Cookie:xxxx@paypal.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\DWT3JYTS.txt [ Cookie:xxxx@eas4.emediate.eu/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@edsa.122.2o7[1].txt [ Cookie:xxxx@edsa.122.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\U7RZ6RZX.txt [ Cookie:xxxx@casalemedia.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@profilbanner[1].txt [ Cookie:xxxx@profilbanner.me/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@spylog[1].txt [ Cookie:xxxx@spylog.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q8Y0B6AC.txt [ Cookie:xxxx@komtrack.com/tr/101230 ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@e-2dj6wfk4qjdjacp.stats.esomniture[1].txt [ Cookie:xxxx@e-2dj6wfk4qjdjacp.stats.esomniture.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\E3KCJ9IX.txt [ Cookie:xxxx@www.google.at/accounts ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@e-2dj6whkowiczmdp.stats.esomniture[1].txt [ Cookie:xxxx@e-2dj6whkowiczmdp.stats.esomniture.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@microsoftwlmobilemkt.112.2o7[1].txt [ Cookie:xxxx@microsoftwlmobilemkt.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8I7U9URL.txt [ Cookie:xxxx@livestat.derstandard.at/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8PJT5UCZ.txt [ Cookie:xxxx@ad3.adfarm1.adition.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\2J626E2L.txt [ Cookie:xxxx@4stats.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@count.gjuce[1].txt [ Cookie:xxxx@count.gjuce.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ZK1Q1Z4.txt [ Cookie:xxxx@ad4.adfarm1.adition.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@optimize.indieclick[2].txt [ Cookie:xxxx@optimize.indieclick.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@hansenet.122.2o7[1].txt [ Cookie:xxxx@hansenet.122.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@ad.adserver01[2].txt [ Cookie:xxxx@ad.adserver01.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\WAV3IDOR.txt [ Cookie:xxxx@ads.quartermedia.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0WY5FNU6.txt [ Cookie:xxxx@traffictrack.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@adserver2.traffictrack[2].txt [ Cookie:xxxx@adserver2.traffictrack.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@overture[1].txt [ Cookie:xxxx@overture.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@questionmarket[2].txt [ Cookie:xxxx@questionmarket.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@in.getclicky[1].txt [ Cookie:xxxx@in.getclicky.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@holidaycheckag.122.2o7[1].txt [ Cookie:xxxx@holidaycheckag.122.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\3ZPY9L7I.txt [ Cookie:xxxx@tribalfusion.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@e-2dj6wnkiomd5gdq.stats.esomniture[2].txt [ Cookie:xxxx@e-2dj6wnkiomd5gdq.stats.esomniture.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@programm.tv-media[2].txt [ Cookie:xxxx@programm.tv-media.at/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@zbox.zanox[2].txt [ Cookie:xxxx@zbox.zanox.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@media.photobucket[1].txt [ Cookie:xxxx@media.photobucket.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\FOT22OCT.txt [ Cookie:xxxx@www.googleadservices.com/pagead/conversion/984582418/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@adserver.adtechus[1].txt [ Cookie:xxxx@adserver.adtechus.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@adserver5.bannerwerbung[2].txt [ Cookie:xxxx@adserver5.bannerwerbung.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\IR2WD3FL.txt [ Cookie:xxxx@docfinder.at/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\53FQSKJC.txt [ Cookie:xxxx@amazon-adsystem.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\XQ2MI2SR.txt [ Cookie:xxxx@stat.aldi.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@3pagen.112.2o7[1].txt [ Cookie:xxxx@3pagen.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@ehg-nokiafin.hitbox[1].txt [ Cookie:xxxx@ehg-nokiafin.hitbox.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\FG01BJ9I.txt [ Cookie:xxxx@d3.zedo.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@media.gan-online[1].txt [ Cookie:xxxx@media.gan-online.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\YX81FT7N.txt [ Cookie:xxxx@c.atdmt.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8WIKJGIN.txt [ Cookie:xxxx@eyewonder.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@warnerbros.112.2o7[1].txt [ Cookie:xxxx@warnerbros.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@bshg.122.2o7[1].txt [ Cookie:xxxx@bshg.122.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@gotacha.rotator.hadj7.adjuggler[2].txt [ Cookie:xxxx@gotacha.rotator.hadj7.adjuggler.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@xm.xtendmedia[2].txt [ Cookie:xxxx@xm.xtendmedia.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@www.umweltbundesamt[1].txt [ Cookie:xxxx@www.umweltbundesamt.at/pstats/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@www.tellavision.showmedia[1].txt [ Cookie:xxxx@www.tellavision.showmedia.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\219IS13L.txt [ Cookie:xxxx@h.atdmt.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\7YAAAUMC.txt [ Cookie:xxxx@www.google.com/accounts ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@yieldmanager[1].txt [ Cookie:xxxx@yieldmanager.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@clicksor[2].txt [ Cookie:xxxx@clicksor.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@adserver.doccheck[2].txt [ Cookie:xxxx@adserver.doccheck.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@bizrate[1].txt [ Cookie:xxxx@bizrate.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@microsoftwindows.112.2o7[1].txt [ Cookie:xxxx@microsoftwindows.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@estat[2].txt [ Cookie:xxxx@estat.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@beiersdorf.122.2o7[1].txt [ Cookie:xxxx@beiersdorf.122.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@fashionworld.112.2o7[1].txt [ Cookie:xxxx@fashionworld.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@e-2dj6aelyuoc5caq.stats.esomniture[2].txt [ Cookie:xxxx@e-2dj6aelyuoc5caq.stats.esomniture.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\FUJ81H1V.txt [ Cookie:xxxx@www.burstnet.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@de.sitestat[7].txt [ Cookie:xxxx@de.sitestat.com/haba/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@onestopinternet.122.2o7[1].txt [ Cookie:xxxx@onestopinternet.122.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@komtrack[4].txt [ Cookie:xxxx@komtrack.com/tr/105310 ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@de.sitestat[4].txt [ Cookie:xxxx@de.sitestat.com/tom-tailor/tomtailor/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@adserver.adreactor[1].txt [ Cookie:xxxx@adserver.adreactor.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2QDDZWG.txt [ Cookie:xxxx@komtrack.com/tr ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@e-2dj6wgkichczsgo.stats.esomniture[2].txt [ Cookie:xxxx@e-2dj6wgkichczsgo.stats.esomniture.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@openx.admediate[1].txt [ Cookie:xxxx@openx.admediate.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@trackmatics[1].txt [ Cookie:xxxx@trackmatics.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@de.sitestat[6].txt [ Cookie:xxxx@de.sitestat.com/haba/jako-o-at/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@advertstream[1].txt [ Cookie:xxxx@advertstream.com/a ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@ipcmedia.122.2o7[1].txt [ Cookie:xxxx@ipcmedia.122.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@de.sitestat[3].txt [ Cookie:xxxx@de.sitestat.com/tom-tailor/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@newsclick[2].txt [ Cookie:xxxx@newsclick.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@komtrack[2].txt [ Cookie:xxxx@komtrack.com/tr/104150 ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@adserver.twitpic[1].txt [ Cookie:xxxx@adserver.twitpic.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@track.webtrekk[1].txt [ Cookie:xxxx@track.webtrekk.de/539922558322009/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@usatoday1.112.2o7[1].txt [ Cookie:xxxx@usatoday1.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@hairfinder[2].txt [ Cookie:xxxx@hairfinder.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\FUV3R5RL.txt [ Cookie:xxxx@r1-ads.ace.advertising.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@ads1.vtxnet[1].txt [ Cookie:xxxx@ads1.vtxnet.ch/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\DEI5UAVR.txt [ Cookie:xxxx@mediaplex.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8KE71DN2.txt [ Cookie:xxxx@lfstmedia.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@trafficmp[1].txt [ Cookie:xxxx@trafficmp.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@sevenoneintermedia.112.2o7[1].txt [ Cookie:xxxx@sevenoneintermedia.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\HNV7MMJ4.txt [ Cookie:xxxx@77tracking.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@fidelity.rotator.hadj7.adjuggler[2].txt [ Cookie:xxxx@fidelity.rotator.hadj7.adjuggler.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@track.webtrekk[3].txt [ Cookie:xxxx@track.webtrekk.de/655479000000238/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\SHFD8MPM.txt [ Cookie:xxxx@www.googleadservices.com/pagead/conversion/1071627605/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\5JD1IIZ1.txt [ Cookie:xxxx@tradedoubler.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\678Z8I2F.txt [ Cookie:xxxx@ad.zanox.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@adserver1.w00tmedia[1].txt [ Cookie:xxxx@adserver1.w00tmedia.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\TBCOBXNU.txt [ Cookie:xxxx@media6degrees.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\6HRXO5CC.txt [ Cookie:xxxx@butlers.traffective-tracking.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@adsrv1.admediate[1].txt [ Cookie:xxxx@adsrv1.admediate.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\IW2WGIQG.txt [ Cookie:xxxx@www.googleadservices.com/pagead/conversion/1027123155/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@track.webtrekk[2].txt [ Cookie:xxxx@track.webtrekk.de/999955867561122/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q3GXOE9Q.txt [ Cookie:xxxx@banner.testberichte.de/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@audit.median[1].txt [ Cookie:xxxx@audit.median.hu/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\CXEJTRA9.txt [ Cookie:xxxx@www.googleadservices.com/pagead/conversion/1059657297/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\9XWUIIOM.txt [ Cookie:xxxx@viacom.adbureau.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@adxpose[1].txt [ Cookie:xxxx@adxpose.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@realmedia[1].txt [ Cookie:xxxx@realmedia.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@cmpmedica.112.2o7[1].txt [ Cookie:xxxx@cmpmedica.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@hearstugo.112.2o7[1].txt [ Cookie:xxxx@hearstugo.112.2o7.net/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\X60JZ0LH.txt [ Cookie:xxxx@insightexpressai.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\38Y2SNQL.txt [ Cookie:xxxx@webmasterplan.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\KUBT01IS.txt [ Cookie:xxxx@de.partypoker.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\YR6WLBVS.txt [ Cookie:xxxx@ar.atwola.com/ ]
C:\USERS\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\OZY2VEVT.txt [ Cookie:xxxx@googleads.g.doubleclick.net/ ]
C:\USERS\xxxx\Cookies\E27IBF74.txt [ Cookie:xxxx@tribalfusion.com/ ]
C:\USERS\xxxx\Cookies\xxxx@adx.chip[1].txt [ Cookie:xxxx@adx.chip.de/ ]
C:\USERS\xxxx\Cookies\TUVNWDYF.txt [ Cookie:xxxx@tradedoubler.com/ ]
C:\USERS\xxxx\Cookies\Z2NG9QZD.txt [ Cookie:xxxx@bs.serving-sys.com/ ]
C:\USERS\xxxx\Cookies\L5RERQVS.txt [ Cookie:xxxx@serving-sys.com/ ]
C:\USERS\xxxx\Cookies\U7WR6XXW.txt [ Cookie:xxxx@www.googleadservices.com/pagead/conversion/984582418/ ]
C:\USERS\xxxx\Cookies\LGX46IIH.txt [ Cookie:xxxx@ad.zanox.com/ ]
C:\USERS\xxxx\Cookies\JKQ5RFYT.txt [ Cookie:xxxx@amazon-adsystem.com/ ]
C:\USERS\xxxx\Cookies\xxxx@zedo[1].txt [ Cookie:xxxx@zedo.com/ ]
C:\USERS\xxxx\Cookies\NODNFB4Y.txt [ Cookie:xxxx@atdmt.com/ ]
C:\USERS\xxxx\Cookies\xxxx@msnportal.112.2o7[1].txt [ Cookie:xxxx@msnportal.112.2o7.net/ ]
C:\USERS\xxxx\Cookies\xxxx@microsoftwllivemkt.112.2o7[1].txt [ Cookie:xxxx@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\xxxx\Cookies\xxxx@microsoftxbox.112.2o7[1].txt [ Cookie:xxxx@microsoftxbox.112.2o7.net/ ]
C:\USERS\xxxx\Cookies\XOQCMMUT.txt [ Cookie:xxxx@specificclick.net/ ]
C:\USERS\xxxx\Cookies\xxxx@apmebf[1].txt [ Cookie:xxxx@apmebf.com/ ]
C:\USERS\xxxx\Cookies\MAKYPXN0.txt [ Cookie:xxxx@doubleclick.net/ ]
C:\USERS\xxxx\Cookies\xxxx@mediaplex[1].txt [ Cookie:xxxx@mediaplex.com/ ]
C:\USERS\xxxx\Cookies\7807PV2X.txt [ Cookie:xxxx@adfarm1.adition.com/ ]
C:\USERS\xxxx\Cookies\516X4XTH.txt [ Cookie:xxxx@revsci.net/ ]
bis bald Robert |
|
03.01.2012, 20:18
| #29 |
| | Trojaner_BNK.Win32.Keylogger.gen und zu guter letzt eset log: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8d12110cf020d044ba94098aab022e1d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-29 05:13:31
# local_time=2011-12-29 06:13:31 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=256 16777215 100 0 63163780 63163780 0 0
# compatibility_mode=1797 16775165 100 94 26507 100687885 76876 0
# compatibility_mode=5892 16776573 100 100 4151 162705306 0 0
# compatibility_mode=8192 67108863 100 0 84669 84669 0 0
# scanned=249657
# found=2
# cleaned=0
# scan_time=6233
C:\Users\xxxx\AppData\Local\Temp\~!#5E8B.tmp a variant of Win32/Injector.MPH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\xxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\3a56555c-4cef8da5 a variant of Win32/Kryptik.YEO trojan (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8d12110cf020d044ba94098aab022e1d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-03 06:17:00
# local_time=2012-01-03 07:17:00 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=256 16777215 100 0 63594870 63594870 0 0
# compatibility_mode=1797 16775165 100 94 332968 101118975 16835 0
# compatibility_mode=5892 16776573 100 100 24176 163136396 0 0
# compatibility_mode=8192 67108863 100 0 515759 515759 0 0
# scanned=235203
# found=0
# cleaned=0
# scan_time=10952
 komisch waren nur die 225 verdächtigen files, die SUPERAntiSpyware angezeigt hat...  vg Robert |
|
03.01.2012, 21:09
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_BNK.Win32.Keylogger.gen Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner_BNK.Win32.Keylogger.gen |
| 32 bit, avira, beseitigung, bingbar, bonjour, browser, computer, desktop, device driver, ebay, error, excel, excel.exe, firefox, flash player, google, home, iexplore.exe, install.exe, internet security 2012, keine programme, logfile, lws.exe, microsoft office word, nvlddmkm.sys, office 2007, origin, picasa, plug-in, realtek, scan, sched.exe, security, senden, server, software, staropen, studio, trojaner, version=1.0, viren, virus, vista, visual studio |
Linear-Darstellung
