Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Achtung! ihr Computer wurde gesperrt (https://www.trojaner-board.de/111398-achtung-computer-wurde-gesperrt.html)

chikichikx 13.03.2012 16:09
Achtung! ihr Computer wurde gesperrt
 
Hi leute,

ich wollte mir eben entspannt ein Film mit DiVX angucken plötzlich kam diese Meldung: "Achtung, ihr Computer wurde gesperrt" da hier mehr threads zu diesen Thema sind muss ich glaub ich nicht den rest noch hinschreiben.
Ich hatte das so verstanden das ich mit "OTL by Oldtimer" den code besorgen muss und den hier Posten richtig?
Und was nun?

Betriebssystem: Windows 7

Code:
OTL Extras logfile created on: 13.03.2012 15:50:47 - Run 1
OTL by OldTimer - Version 3.2.36.3    Folder = C:\Users\Jay\Downloads
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,49 Mb Total Physical Memory | 529,49 Mb Available Physical Memory | 51,78% Memory free
2,00 Gb Paging File | 1,57 Gb Available in Paging File | 78,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,27 Gb Total Space | 142,58 Gb Free Space | 63,29% Space Free | Partition Type: NTFS
Drive I: | 59,15 Gb Total Space | 38,49 Gb Free Space | 65,08% Space Free | Partition Type: NTFS
Drive K: | 3,73 Gb Total Space | 3,21 Gb Free Space | 86,21% Space Free | Partition Type: FAT32
 
Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{483D6835-8EBB-479A-ABEC-1784EC232218}" = Linkury Smartbar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DAEMON Tools Pro" = DAEMON Tools Pro
"DivX Setup" = DivX-Setup
"facemoods" = Facemoods Toolbar
"Google Chrome" = Google Chrome
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NSS" = Norton Security Scan
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC Auto Shutdown_is1" = PC Auto Shutdown 5.0
"Project64 1.7" = Project64 1.7
"RiseOfImmortals" = Rise of Immortals
"Steam App 65800" = Dungeon Defenders
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"toolplugin" = toolplugin
"VueScan" = VueScan
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.03.2012 10:05:15 | Computer Name = Jay-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\VueScan\dpinst64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.03.2012 11:21:28 | Computer Name = Jay-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\programme\Steam\steamapps\common\dungeon
 defenders\Binaries\Win64\UnrealLightmass.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.03.2012 11:21:34 | Computer Name = Jay-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\VueScan\dpinst64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.03.2012 01:49:26 | Computer Name = Jay-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\programme\Steam\steamapps\common\dungeon
 defenders\Binaries\Win64\UnrealLightmass.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.03.2012 01:49:31 | Computer Name = Jay-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\VueScan\dpinst64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.03.2012 04:28:30 | Computer Name = Jay-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 40c    Startzeit:
01ccfd02714ad9e3    Endzeit: 749    Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe

Berichts-ID:
 aa21b6c4-68f8-11e1-a433-0019db71ae3c 
 
Error - 09.03.2012 11:13:54 | Computer Name = Jay-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\programme\Steam\steamapps\common\dungeon
 defenders\Binaries\Win64\UnrealLightmass.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 09.03.2012 11:14:05 | Computer Name = Jay-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\VueScan\dpinst64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 09.03.2012 11:17:51 | Computer Name = Jay-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddCoreCsiFiles : GetNextFileMapContent() failed.  System
 Error: Falscher Parameter.  .
 
Error - 09.03.2012 11:18:02 | Computer Name = Jay-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddCoreCsiFiles : GetNextFileMapContent() failed.  System
 Error: Falscher Parameter.  .
 
[ System Events ]
Error - 21.02.2012 15:59:28 | Computer Name = Jay-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR8 gefunden.
 
Error - 21.02.2012 15:59:29 | Computer Name = Jay-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR8 gefunden.
 
Error - 21.02.2012 15:59:29 | Computer Name = Jay-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR8 gefunden.
 
Error - 23.02.2012 08:40:52 | Computer Name = Jay-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?02.?2012 um 21:58:27 unerwartet heruntergefahren.
 
Error - 27.02.2012 07:09:39 | Computer Name = Jay-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?02.?2012 um 22:27:01 unerwartet heruntergefahren.
 
Error - 28.02.2012 15:47:36 | Computer Name = Jay-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?02.?2012 um 17:10:32 unerwartet heruntergefahren.
 
Error - 01.03.2012 13:17:00 | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 01.03.2012 13:17:00 | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 01.03.2012 17:19:20 | Computer Name = Jay-PC | Source = DCOM | ID = 10010
Description =
 
Error - 07.03.2012 07:34:28 | Computer Name = Jay-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?07.?03.?2012 um 06:54:16 unerwartet heruntergefahren.
 
 
< End of report >
Code:
OTL logfile created on: 13.03.2012 15:50:47 - Run 1
OTL by OldTimer - Version 3.2.36.3    Folder = C:\Users\Jay\Downloads
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,49 Mb Total Physical Memory | 529,49 Mb Available Physical Memory | 51,78% Memory free
2,00 Gb Paging File | 1,57 Gb Available in Paging File | 78,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,27 Gb Total Space | 142,58 Gb Free Space | 63,29% Space Free | Partition Type: NTFS
Drive I: | 59,15 Gb Total Space | 38,49 Gb Free Space | 65,08% Space Free | Partition Type: NTFS
Drive K: | 3,73 Gb Total Space | 3,21 Gb Free Space | 86,21% Space Free | Partition Type: FAT32
 
Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jay\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\PROGRA~2\MICROS~1\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll ()
SRV - (PCAutoShutdown_Service) -- C:\Programme\PC Auto Shutdown\ShutdownService.exe (GoldSolution Software, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (FETNDIS) -- C:\Windows\System32\drivers\fetnd6.sys (VIA Technologies, Inc.              )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.linkury.com/newtab.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.07 15:17:54 | 000,000,000 | ---D | M]
 
[2012.01.04 16:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Extensions
[2012.02.10 13:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\0xmjnhz4.default\extensions
[2012.01.09 12:06:26 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\0xmjnhz4.default\extensions\ffxtlbr@Facemoods.com
[2012.02.10 13:58:41 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\0xmjnhz4.default\extensions\welcome@toolmin.com
[2012.01.09 12:06:27 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.10 13:58:41 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Facemoods = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Jay\AppData\Roaming\toolplugin\toolbar.dll ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PC Auto Shutdown] C:\Program Files\PC Auto Shutdown\AutoShutdown.exe (GoldSolution Software, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jay\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Linkury Chrome Smartbar] C:\Users\Jay\AppData\Local\Linkury\Application\Linkury.exe ()
O4 - HKCU..\Run: [vasja] C:\Users\Jay\AppData\Local\Temp\mor.exe (Hauppauge Computer Works Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DDBB915-D9B0-4102-BD90-171E5CAD2D8F}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.04.28 10:43:55 | 000,000,050 | -H-- | M] () - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.13 15:18:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\Pokemon EMU
[2012.03.13 15:18:33 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\BXT1-1
[2012.03.13 15:00:08 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\movies
[2012.03.13 14:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2012.03.13 14:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2012.03.13 14:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\TERA
[2012.02.22 21:58:30 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.02.22 21:58:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.22 21:58:30 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.22 21:58:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.22 21:58:30 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.02.22 21:58:30 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.02.22 21:58:30 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.02.22 21:58:30 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.02.22 21:58:30 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.02.22 21:58:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.22 21:58:30 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.02.22 21:58:30 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.02.22 21:58:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.22 21:58:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.02.22 21:58:30 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.02.22 21:58:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.02.22 21:58:30 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.02.22 21:58:30 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.02.22 21:58:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.02.22 21:58:30 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.02.22 21:58:30 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.02.22 21:58:30 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.02.22 21:58:30 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.02.22 21:58:30 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.02.22 21:58:30 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.02.22 21:58:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.02.22 21:58:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.02.22 21:58:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.02.22 21:58:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.02.22 21:58:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.22 21:58:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.02.22 21:58:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.02.22 21:58:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.02.22 21:58:30 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.02.22 21:58:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.02.22 21:58:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.02.22 21:58:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.02.19 17:08:21 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\games
[2012.02.19 16:56:41 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Project64 1.7
[2012.02.19 16:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 1.7
[2012.02.19 16:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\Project64 1.7
[2012.02.19 16:40:25 | 000,051,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vcomp100.dll
[2012.02.16 18:21:03 | 000,000,000 | R--D | C] -- C:\Users\Jay\Documents\Notes
[2012.02.16 13:30:26 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\Adobe Dreamweaver CS3
[2012.02.16 12:34:17 | 002,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.02.13 17:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012.02.13 17:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.02.13 17:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.02.13 17:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.02.13 17:39:26 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.02.13 17:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012.02.13 17:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.02.13 17:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012.02.13 17:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.02.13 17:35:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Microsoft Help
[2012.02.13 17:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.02.13 17:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.02.13 17:32:35 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Linkury
[2012.02.13 17:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2012.02.13 17:31:21 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.02.13 17:31:11 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\OpenCandy
[2012.02.13 17:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2012.02.13 17:30:09 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\DAEMON Tools Pro
[2012.02.13 17:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012.02.13 17:23:39 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\Adobe Photoshop CS3
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.13 15:44:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.13 15:44:43 | 804,118,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.13 15:43:29 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.13 15:27:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.13 15:04:14 | 000,009,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 15:04:14 | 000,009,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 15:01:05 | 000,001,351 | ---- | M] () -- C:\Users\Jay\Desktop\Dreamweaver.lnk
[2012.03.13 14:57:31 | 000,001,800 | ---- | M] () -- C:\Users\Jay\Desktop\TERA.lnk
[2012.03.12 18:26:35 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jay.job
[2012.03.01 18:24:34 | 000,081,107 | ---- | M] () -- C:\Users\Jay\Desktop\Bild joa.jpg
[2012.02.26 17:45:52 | 007,077,852 | ---- | M] () -- C:\Users\Jay\Desktop\Babe.jpg
[2012.02.24 16:07:44 | 004,421,205 | ---- | M] () -- C:\Users\Jay\Desktop\340036.Final Fantasy XIII OST - Eternal Love HQ MP3  Lyrics provided.mp3
[2012.02.22 21:58:30 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.02.22 21:58:30 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.22 21:58:30 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.22 21:58:30 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.22 21:58:30 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.02.22 21:58:30 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.02.22 21:58:30 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.02.22 21:58:30 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.02.22 21:58:30 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.02.22 21:58:30 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.22 21:58:30 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.02.22 21:58:30 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.02.22 21:58:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.22 21:58:30 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.02.22 21:58:30 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.02.22 21:58:30 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.02.22 21:58:30 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.02.22 21:58:30 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.02.22 21:58:30 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.02.22 21:58:30 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.02.22 21:58:30 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.02.22 21:58:30 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.02.22 21:58:30 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.02.22 21:58:30 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.02.22 21:58:30 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.02.22 21:58:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.02.22 21:58:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.02.22 21:58:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.02.22 21:58:30 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.02.22 21:58:30 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.02.22 21:58:30 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.22 21:58:30 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.02.22 21:58:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.02.22 21:58:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.02.22 21:58:30 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.02.22 21:58:30 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.02.22 21:58:30 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.02.22 21:58:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.02.20 12:46:46 | 000,095,338 | ---- | M] () -- C:\Users\Jay\Desktop\WinRAR.rar
[2012.02.19 16:56:41 | 000,001,216 | ---- | M] () -- C:\Users\Jay\Desktop\Project64 1.7.lnk
[2012.02.17 13:31:11 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.16 21:40:34 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.16 21:40:34 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.16 21:40:34 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.16 21:40:34 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.16 18:21:01 | 000,004,544 | ---- | M] () -- C:\Users\Jay\Desktop\Neues Journal-Dokument.jnt
[2012.02.13 19:25:55 | 000,001,311 | ---- | M] () -- C:\Users\Jay\Desktop\Photoshop.lnk
[2012.02.13 17:41:37 | 000,003,055 | ---- | M] () -- C:\Users\Jay\Desktop\Microsoft SharePoint Workspace 2010.lnk
[2012.02.13 17:41:37 | 000,003,042 | ---- | M] () -- C:\Users\Jay\Desktop\Microsoft InfoPath Designer 2010.lnk
[2012.02.13 17:41:37 | 000,003,041 | ---- | M] () -- C:\Users\Jay\Desktop\Microsoft Publisher 2010.lnk
[2012.02.13 17:41:37 | 000,003,029 | ---- | M] () -- C:\Users\Jay\Desktop\Microsoft Outlook 2010.lnk
[2012.02.13 17:41:37 | 000,003,026 | ---- | M] () -- C:\Users\Jay\Desktop\Microsoft InfoPath Filler 2010.lnk
[2012.02.13 17:41:37 | 000,003,021 | ---- | M] () -- C:\Users\Jay\Desktop\Microsoft Word 2010.lnk
[2012.02.13 17:41:37 | 000,002,937 | ---- | M] () -- C:\Users\Jay\Desktop\Microsoft PowerPoint 2010.lnk
[2012.02.13 17:41:37 | 000,002,879 | ---- | M] () -- C:\Users\Jay\Desktop\Microsoft OneNote 2010.lnk
[2012.02.13 17:41:36 | 000,002,951 | ---- | M] () -- C:\Users\Jay\Desktop\Microsoft Excel 2010.lnk
[2012.02.13 17:41:36 | 000,002,919 | ---- | M] () -- C:\Users\Jay\Desktop\Microsoft Access 2010.lnk
[2012.02.13 17:33:04 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2012.02.13 17:31:21 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
 
========== Files Created - No Company Name ==========
 
[2012.03.13 15:15:56 | 1020,995,078 | ---- | C] () -- C:\Users\Jay\Desktop\Sherlock.Holmes..avi
[2012.03.13 15:01:05 | 000,001,351 | ---- | C] () -- C:\Users\Jay\Desktop\Dreamweaver.lnk
[2012.03.13 14:57:31 | 000,001,800 | ---- | C] () -- C:\Users\Jay\Desktop\TERA.lnk
[2012.03.01 18:24:33 | 000,081,107 | ---- | C] () -- C:\Users\Jay\Desktop\Bild joa.jpg
[2012.02.26 17:45:44 | 007,077,852 | ---- | C] () -- C:\Users\Jay\Desktop\Babe.jpg
[2012.02.24 17:30:44 | 1459,978,240 | ---- | C] () -- C:\Users\Jay\rom-zwwp.iso
[2012.02.24 16:07:18 | 004,421,205 | ---- | C] () -- C:\Users\Jay\Desktop\340036.Final Fantasy XIII OST - Eternal Love HQ MP3  Lyrics provided.mp3
[2012.02.22 21:58:30 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.02.20 12:46:42 | 000,095,338 | ---- | C] () -- C:\Users\Jay\Desktop\WinRAR.rar
[2012.02.19 16:56:40 | 000,001,216 | ---- | C] () -- C:\Users\Jay\Desktop\Project64 1.7.lnk
[2012.02.16 18:21:01 | 000,004,544 | ---- | C] () -- C:\Users\Jay\Desktop\Neues Journal-Dokument.jnt
[2012.02.13 19:25:55 | 000,001,311 | ---- | C] () -- C:\Users\Jay\Desktop\Photoshop.lnk
[2012.02.13 17:41:37 | 000,003,055 | ---- | C] () -- C:\Users\Jay\Desktop\Microsoft SharePoint Workspace 2010.lnk
[2012.02.13 17:41:37 | 000,003,042 | ---- | C] () -- C:\Users\Jay\Desktop\Microsoft InfoPath Designer 2010.lnk
[2012.02.13 17:41:37 | 000,003,041 | ---- | C] () -- C:\Users\Jay\Desktop\Microsoft Publisher 2010.lnk
[2012.02.13 17:41:37 | 000,003,029 | ---- | C] () -- C:\Users\Jay\Desktop\Microsoft Outlook 2010.lnk
[2012.02.13 17:41:37 | 000,003,026 | ---- | C] () -- C:\Users\Jay\Desktop\Microsoft InfoPath Filler 2010.lnk
[2012.02.13 17:41:37 | 000,003,021 | ---- | C] () -- C:\Users\Jay\Desktop\Microsoft Word 2010.lnk
[2012.02.13 17:41:37 | 000,002,937 | ---- | C] () -- C:\Users\Jay\Desktop\Microsoft PowerPoint 2010.lnk
[2012.02.13 17:41:37 | 000,002,879 | ---- | C] () -- C:\Users\Jay\Desktop\Microsoft OneNote 2010.lnk
[2012.02.13 17:41:36 | 000,002,951 | ---- | C] () -- C:\Users\Jay\Desktop\Microsoft Excel 2010.lnk
[2012.02.13 17:41:36 | 000,002,919 | ---- | C] () -- C:\Users\Jay\Desktop\Microsoft Access 2010.lnk
[2012.02.13 17:33:04 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2012.02.13 17:28:07 | 000,000,000 | ---- | C] () -- C:\Windows\cs3marked32
[2012.02.13 17:23:57 | 037,329,920 | ---- | C] () -- C:\Users\Jay\Office 2010 activator.exe
[2012.02.11 14:47:35 | 000,000,091 | ---- | C] () -- C:\Users\Jay\AppData\Local\fusioncache.dat
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
 
========== LOP Check ==========
 
[2012.02.13 17:33:42 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\DAEMON Tools Pro
[2012.03.13 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\ICQ
[2012.01.11 16:19:21 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\LolClient
[2012.02.13 17:31:19 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\OpenCandy
[2012.02.10 17:16:18 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Samsung
[2012.02.10 13:58:41 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\toolplugin
[2012.01.12 19:44:06 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\TS3Client
[2012.01.12 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\ts3overlay
[2012.03.13 15:43:22 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Danke im vorraus:)

markusg 13.03.2012 17:50
hi
ist ja auch normal, die kino, sport und serien streaming seiten sind illegal, und die leute die euch das hosten, machen das nicht weil sie nett sind, die verdienen geld, und häufig tun sie das mit daten diebstahl etc.


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [vasja] C:\Users\Jay\AppData\Local\Temp\mor.exe (Hauppauge Computer Works Inc)
 :Files
C:\Users\Jay\AppData\Local\Temp\mor.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

chikichikx 13.03.2012 18:22
Super hat alles geklappt:) danke! diese Seite ist ehrlich nur weiter zu empfehlen:)
Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully.
C:\Users\Jay\AppData\Local\Temp\mor.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Jay
->Flash cache emptied: 26323 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jay
->Temp folder emptied: 5024203520 bytes
->Temporary Internet Files folder emptied: 113654101 bytes
->Java cache emptied: 209274 bytes
->FireFox cache emptied: 170406202 bytes
->Google Chrome cache emptied: 324243117 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 121705138 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 5.488,00 mb
 
 
OTL by OldTimer - Version 3.2.36.3 log created on 03132012_181708

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
:heilig::taenzer:

chikichikx 13.03.2012 18:36
Ich hätte da noch eine frage, und zwar, muss ich jetzt angst mehr haben wegen Post vom Gericht oder ähnliches? Oder müsste ich den PC schnellst möglich noch formatiern?

Danke

markusg 13.03.2012 18:50
wo ist der upload?
warum post vom gericht, wie kommst du darauf meine ich.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19