Warum wurde Combofix ausgfuehrt?


Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

• Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
• Starte die OTL.exe.
  Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
• Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found 
DRV - (WDICA) -- File not found 
DRV - (PDRFRAME) -- File not found 
DRV - (PDRELI) -- File not found 
DRV - (PDFRAME) -- File not found 
DRV - (PDCOMP) -- File not found 
DRV - (PCIDump) -- File not found 
DRV - (lbrtfdc) -- File not found 
DRV - (i2omgmt) -- File not found 
DRV - (Changer) -- File not found 
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Ask.com" 
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" 
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_ptnrs=%5EABT&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" 
FF - user.js - File not found 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 
[2012.07.13 19:24:59 | 000,001,785 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\QLink.lnk
[2012.07.02 20:02:45 | 000,262,448 | RHS- | C] () -- C:\cmldr 
[2012.07.02 19:59:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe 
[2012.07.02 19:59:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe 
[2012.07.02 19:59:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe 
[2012.07.02 19:59:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe 
[2012.07.02 19:59:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe 

[2012.07.10 17:02:06 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe 
[2012.07.10 17:02:06 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl 
[2012.07.10 09:01:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Systweak 
[2012.07.10 09:01:14 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe 
[2012.07.02 19:59:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt 
[2012.07.02 19:59:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe 
[2012.07.02 19:59:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe 
[2012.07.02 19:59:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe 
[2012.07.02 19:59:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe 
[2012.07.02 19:59:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe 
[2012.07.22 14:40:00 | 000,001,198 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007UA.job 
[2012.07.21 19:40:00 | 000,001,146 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007Core.job 
[2012.07.20 09:28:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job 


:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         

• Schließe alle Programme.
• Klicke auf den Fix Button.
• Wenn OTL einen Neustart verlangt, bitte zulassen.
• Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
  Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Zitat:

Zitat von t'john

Warum wurde Combofix ausgfuehrt?

k.A. - siehe mein Eingangstext bzw.
http://www.trojaner-board.de/117823-...ichnung-2.html
Da Seite 2 Nachricht 14 von Cosinus

Zitat:

Zitat von t'john

[*]Schließe alle Programme.

Hier weiß ich leider oft nicht, ob ich es richtig mache.
Wie schließe ich Hintergrundprogramme? Ich kenne nur die im Startmenu (Skype wurde z.B. farbig aber leer angezeigt, ließ sich aber nicht öffnen und nicht schließen) und alles, was ich selbst göffnet habe.

Hier der OTL-Fix-log

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File  %SystemRoot%\System32\appmgmts.dll File not found not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File  File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File  File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File  File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File  File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File  File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File  File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File  File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File  File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File  File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File  C:\ComboFix\catchme.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" removed from browser.startup.homepage
Prefs.js: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 removed from extensions.enabledItems
Prefs.js: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5 removed from extensions.enabledItems
Prefs.js: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 removed from extensions.enabledItems
Prefs.js: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_ptnrs=%5EABT&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\QLink.lnk moved successfully.
C:\cmldr moved successfully.
C:\WINDOWS\PEV.exe moved successfully.
C:\WINDOWS\MBR.exe moved successfully.
C:\WINDOWS\sed.exe moved successfully.
C:\WINDOWS\grep.exe moved successfully.
C:\WINDOWS\zip.exe moved successfully.
C:\WINDOWS\system32\FlashPlayerApp.exe moved successfully.
C:\WINDOWS\system32\FlashPlayerCPLApp.cpl moved successfully.
Folder C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Systweak\ not found.
C:\WINDOWS\system32\roboot.exe moved successfully.
C:\WINDOWS\erdnt\subs\Users\00000006 folder moved successfully.
C:\WINDOWS\erdnt\subs\Users\00000005 folder moved successfully.
C:\WINDOWS\erdnt\subs\Users\00000004 folder moved successfully.
C:\WINDOWS\erdnt\subs\Users\00000003 folder moved successfully.
C:\WINDOWS\erdnt\subs\Users\00000002 folder moved successfully.
C:\WINDOWS\erdnt\subs\Users\00000001 folder moved successfully.
C:\WINDOWS\erdnt\subs\Users folder moved successfully.
C:\WINDOWS\erdnt\subs folder moved successfully.
C:\WINDOWS\erdnt\Hiv-backup\Users\00000006 folder moved successfully.
C:\WINDOWS\erdnt\Hiv-backup\Users\00000005 folder moved successfully.
C:\WINDOWS\erdnt\Hiv-backup\Users\00000004 folder moved successfully.
C:\WINDOWS\erdnt\Hiv-backup\Users\00000003 folder moved successfully.
C:\WINDOWS\erdnt\Hiv-backup\Users\00000002 folder moved successfully.
C:\WINDOWS\erdnt\Hiv-backup\Users\00000001 folder moved successfully.
C:\WINDOWS\erdnt\Hiv-backup\Users folder moved successfully.
C:\WINDOWS\erdnt\Hiv-backup folder moved successfully.
C:\WINDOWS\erdnt\cache folder moved successfully.
C:\WINDOWS\erdnt folder moved successfully.
File C:\WINDOWS\PEV.exe not found.
File C:\WINDOWS\MBR.exe not found.
File C:\WINDOWS\sed.exe not found.
File C:\WINDOWS\grep.exe not found.
File C:\WINDOWS\zip.exe not found.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007UA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007Core.job moved successfully.
C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\xxx\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\xxx\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: xxx
->Temp folder emptied: 31517019 bytes
->Temporary Internet Files folder emptied: 797102 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 680114342 bytes
->Flash cache emptied: 3037 bytes
 
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Neuer Ordner
 
User: PB
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66016 bytes
RecycleBin emptied: 61484128 bytes
 
Total Files Cleaned = 738,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: xxx
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Gast
 
User: LocalService
 
User: NetworkService
 
User: Neuer Ordner
 
User: PB
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
OTL by OldTimer - Version 3.2.53.1 log created on 07222012_202012

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

VIELEN DANK !!!