| |
| |||||||
Log-Analyse und Auswertung: 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.07.2012, 15:17
| #1 |
 |  2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) Hey, hier ein zweites Thema, da auch der Rechner meines Freundes mit dem GVU Trojaner befallen war. Es ist die Webcam Version des Trojaners (d.h. auf dem GVU Screen ershceint rechts oben ein Webcambild desjenigen, der gerade vorm Laptop sitzt... die Webcam vom Rechner ging automatisch an und zeigte mich mit tollem Gesichtsausdruck..  )Rechner: Win 7 64bit Version Ist der Rechner jetzt sauber? Die Entfernung mit Kaspersky Rescue Disk 10 hatte nicht funktioniert. Ich habe den Rechner via 'abgesichertem Modus mit Eingabeauffroderung' auf den letzten Systemherstellungspunkt zurückgesetzt. Beste Grüße und vielen Dank im Voraus, Julia anbei die Log Files: OTL / Extras Malwarebytes Scan (Quick Scan) CCleaner (Liste installierter Programme) OTL.txt Code:
ATTFilter OTL logfile created on: 07.07.2012 15:49:54 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\User\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 51,03% Memory free 7,73 Gb Paging File | 5,34 Gb Available in Paging File | 69,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,07 Gb Total Space | 474,62 Gb Free Space | 79,62% Space Free | Partition Type: NTFS Drive F: | 7,45 Gb Total Space | 1,95 Gb Free Space | 26,14% Space Free | Partition Type: FAT32 Computer Name: SLOWY-LAPTOP | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.) PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\program files (x86)\avira\antivir desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe (Synaptics Incorporated) PRC - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.) PRC - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\06269663e6482bc4ceeb48c2a7d1ad34\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\SysWOW64\SynTPEnhPS.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtXmlPatterns4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.) SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ScrybeUpdater) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation) DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 6E E5 3E D1 3F CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {9BBC9A74-B28E-4005-B3AF-F2D477619A8C} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9BBC9A74-B28E-4005-B3AF-F2D477619A8C}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{693F8FD7-10A0-4C49-AF3B-0C3A7DACDBFF}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b0476f03-5868-11e1-a422-f04da29b1743}\Shell - "" = AutoRun O33 - MountPoints2\{b0476f03-5868-11e1-a422-f04da29b1743}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.07 15:49:33 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.07.07 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2012.07.07 15:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.07 15:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.07 15:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.07 15:48:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.07 15:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.07 15:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.07 15:38:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{16823E8C-A078-4C66-8943-AD21FB8449C7} [2012.07.07 15:38:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C989013F-95AA-4EFA-8AE1-EDAA5ACD851B} [2012.07.07 15:24:48 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.07.07 12:25:20 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.07.06 09:02:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BD658276-142E-484F-A398-E8C5188B962E} [2012.07.06 09:02:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{865127F8-C981-47F8-A24E-0D9FC3E197F9} [2012.07.05 10:34:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D5A3D1B2-7827-4597-BE49-11C346BB240B} [2012.07.05 10:34:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9D8BC2F7-6850-4272-A77C-5496FB95998C} [2012.07.04 10:01:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A520C90F-833B-4938-BE2C-5DD8307E92B5} [2012.07.04 10:01:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4F8BBA10-4E6D-4973-8ED9-C38E8EAD6122} [2012.07.03 22:00:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{25472629-CDB2-498D-BC22-8A468897252C} [2012.07.03 22:00:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D0DCF4FB-3A62-4325-8E1F-325F47F1DD8F} [2012.07.03 10:25:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Skype [2012.07.03 10:25:23 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.07.03 10:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.07.03 10:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.07.03 10:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.07.03 08:41:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AEAB6F4D-68F0-400B-B006-61F499F48ADD} [2012.07.03 08:41:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E20E0B88-963F-4109-A719-EFDBF7D564D8} [2012.07.02 07:20:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{71D9A49F-4963-49F3-A66F-4DB42FD772ED} [2012.07.02 07:20:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E663E06E-2A63-4EC3-9ABF-31FF1D5B4DD9} [2012.07.01 12:45:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BDD86BAB-13D3-4A09-A7EA-2ED2DF6756D9} [2012.07.01 12:45:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8BCADFC1-A24C-4CA7-8CF6-74478859557F} [2012.06.30 20:53:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4F32F56F-ED59-4A0A-902F-CF04AA27D8B3} [2012.06.30 20:53:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5A0C917D-1371-4F2C-98C9-692FB628300E} [2012.06.30 08:52:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{49F7F8ED-006D-4578-950B-E99F36D7FC08} [2012.06.30 08:52:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BA4D338A-565C-46D5-89D8-0346C4F2FF9F} [2012.06.29 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5E0D07A8-710A-417C-A449-1A3DAD0C0DCB} [2012.06.29 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A82E456A-1EC4-4F37-892A-05C473CADD07} [2012.06.28 23:32:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BDFF3426-26C9-41F0-A8BF-ECC57F8DEA6A} [2012.06.28 23:31:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2F80A2AD-C649-4F06-8689-0D3DDEB85FC7} [2012.06.28 11:31:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D8035D53-EB6B-4D05-ABC0-FD2FD553A136} [2012.06.28 11:31:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AAFE1ECA-AF5B-4CA8-8EAB-A70242BDBCF8} [2012.06.27 11:13:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5FF2287D-10D0-492A-B0CD-A55073DC8FCB} [2012.06.27 11:13:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{27F79668-4BA2-4BC9-B588-A4D9101217AA} [2012.06.25 10:52:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{99ACA8E4-8ED9-45C0-AD22-CDD1F4B0A4A2} [2012.06.25 10:52:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E05AD055-6C07-42A4-9668-672511EC25CC} [2012.06.24 20:19:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2C358A6F-9CB3-41A1-87CC-B0E26312C7F8} [2012.06.24 20:19:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ED604B5C-55A4-4696-873A-0409AE7B85B0} [2012.06.24 08:18:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D2C1B0AF-7719-45B9-BDF8-067879A8A1AB} [2012.06.24 08:18:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{76896CF5-ECA3-4C06-A75B-FBE23446BBDB} [2012.06.23 11:48:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{348CBD21-59D9-41E9-BBEF-FBA38774C81D} [2012.06.23 11:48:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BA1DDF4F-C4C7-4CC6-AB96-BFC7519D6A5A} [2012.06.23 10:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.23 10:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.23 10:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.06.23 10:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.23 10:00:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\olsztyn [2012.06.22 23:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery [2012.06.22 23:47:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EBFA8C02-E603-4441-AEDA-A05CC67486C7} [2012.06.22 23:47:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D00AB6B6-271B-4621-9B3A-1933A0CF4F11} [2012.06.22 11:01:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0F26B8B4-82B7-4B83-AD24-E95CF99EFFE7} [2012.06.22 11:01:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4028A972-6237-4BD8-9336-6D24C9B88DA1} [2012.06.21 22:56:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{28819102-577D-454B-9A64-BF2340E6010A} [2012.06.21 22:56:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{98C8FFB8-81C8-4982-8F42-C6FAC9C229DA} [2012.06.21 12:31:47 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.06.21 12:29:48 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys [2012.06.21 12:25:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{060C4CC9-0215-430B-88F3-EDEE0921356E} [2012.06.21 12:25:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0D112525-2541-46C2-B69A-C7B7D4DE81E5} [2012.06.21 09:42:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F02CD3E8-5BEF-4090-A2E3-201611BAAAB5} [2012.06.21 09:42:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{47326FE9-A6FC-43DE-88FC-C450E30990E8} [2012.06.21 08:40:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AE7556BA-4132-4605-90FD-B5CF82ABFB8D} [2012.06.21 08:40:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{60CD9344-08F7-421A-A957-E125AB70E218} [2012.06.20 22:50:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{06D6EB4D-BDAC-456D-B1D6-4A10A280F63F} [2012.06.20 22:50:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{435AA412-2369-4A01-9432-D2E11627DD86} [2012.06.20 15:19:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B99E259B-75FE-4B1C-9F8A-E56244552575} [2012.06.20 15:19:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{34AC5A90-7F4E-49DE-A55D-16EDD3140A6C} [2012.06.20 13:48:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6DD76D90-DCC2-49E4-80FF-6B3D3FF13809} [2012.06.20 13:48:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F3D6DA0F-26AB-474C-AECD-A2CA41C69D04} [2012.06.20 10:58:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{37B7CF3F-9016-4177-A011-42838556BB02} [2012.06.20 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A52DD540-196E-497B-B93B-BBDDA8205303} [2012.06.19 22:38:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BE11BF7D-98DF-404D-A7F9-4142A9C3A5C6} [2012.06.19 22:37:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B31E87B0-087D-4326-B87F-19CBB9F72A6D} [2012.06.19 14:45:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{79EDE67B-02B5-4E3E-B4B4-F3F6C58F1CD9} [2012.06.19 14:44:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4CAE7961-448E-44A1-8EDE-38427C4ED3BE} [2012.06.19 12:55:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A6E426D5-9E73-498A-A989-4478AD55D9A1} [2012.06.19 12:55:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{37E50F05-35CD-474B-8167-4E63189264BC} [2012.06.19 09:43:57 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.19 09:43:57 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.19 09:43:57 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.19 09:43:44 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.19 09:43:44 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.19 09:43:44 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.19 09:43:31 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.19 09:43:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.19 09:40:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C3D27DB1-833B-4F78-BC06-912466737C4E} [2012.06.19 09:40:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DDD9F5EF-BBF5-4070-AF65-98C2D5E91E24} [2012.06.17 12:54:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8B1A0318-672A-44AC-8DAD-58A42287F77D} [2012.06.16 20:40:55 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\irish [2012.06.16 10:45:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4637A8C4-F42C-4CB6-A764-4AF24547E022} [2012.06.15 10:04:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F41EF9F2-DA06-4D7C-BBBA-F0AB4C4F9C7D} [2012.06.14 17:04:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1D6BA126-B650-4C4F-BCF4-D94114E35E8E} [2012.06.14 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{419C3EC8-1C7D-46AA-85A4-4BB8375F2A2B} [2012.06.14 16:44:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DF9C6D2D-ED48-47B2-BE9B-C2C96D9536F9} [2012.06.14 16:43:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2D715485-1C56-4A4B-8539-1A365947212A} [2012.06.14 14:24:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2E4A029D-97EA-48B5-BC4E-801CA9379174} [2012.06.14 14:23:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7DA252F6-99D5-4ED1-95F9-345424E8AB82} [2012.06.14 13:42:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F0294073-1162-404E-B300-82D87360A9E6} [2012.06.14 13:42:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{576A2875-BEDC-4BDA-8CAA-B552D41B6124} [2012.06.14 10:27:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6BDE1944-6410-4C01-8324-16934AFFE5E2} [2012.06.14 10:27:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AC5E3806-4164-486B-8F5A-FDE48BC06501} [2012.06.13 21:12:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DE9776FC-3AE8-46B0-B723-2BB317B3A20D} [2012.06.13 21:12:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2F921977-6258-4288-A3DC-F80E9F643549} [2012.06.13 20:31:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5757FCBE-A8F0-4E03-BE72-22B27A1D48AC} [2012.06.13 20:31:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{21189E7C-A3A8-4407-98B5-334A8C1BBB28} [2012.06.13 18:35:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8D3C3400-B99C-4B0B-906B-F95F562E3026} [2012.06.13 18:34:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{61985E19-BFB8-4B70-B72E-65F194AD42FD} [2012.06.13 14:28:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5831BD6E-F733-45F3-9D4D-8710A9B282C4} [2012.06.13 14:28:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{443C62F2-8DCF-46FD-93D0-4C0B9F9D4D42} [2012.06.13 13:03:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{768680F9-5951-4A3A-9EAF-FE1E6EFA6976} [2012.06.13 13:02:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{208F66E3-4F1E-4C37-B059-94F2963C1A6E} [2012.06.13 12:01:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.13 12:01:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.13 12:01:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.13 12:01:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.13 12:01:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.13 12:01:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.13 12:01:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.13 12:01:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.13 12:01:17 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.13 12:01:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.13 12:01:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.13 12:01:16 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 12:01:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.13 10:01:47 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 10:01:46 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.13 10:01:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 10:01:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 10:01:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 10:01:36 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 10:01:33 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 10:01:30 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 10:01:29 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 09:47:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7BAC72B2-0E6A-4569-894D-EF14C87AA762} [2012.06.13 09:46:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9B148FE7-24A8-4044-A644-401DEA7074DE} [2012.06.12 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{697ED71B-8157-4F93-9E43-A62002C772D1} [2012.06.12 18:14:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CE9A7A2A-9D65-4ED7-A44A-BB52735B4D9E} [2012.06.12 16:52:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C492A42C-D40B-4587-88BB-EE6D7CEBA2D1} [2012.06.12 16:52:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3623CC06-891B-41D1-9085-7EC79585C1A4} [2012.06.12 14:34:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6EC76C52-9599-4225-A731-ABACF3B17B9D} [2012.06.12 14:34:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CEB0CB5F-3C83-43D9-AA8E-12A4091B5AF2} [2012.06.12 11:11:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{949B9BB9-1F70-4B0E-81E6-DA702B2BCABD} [2012.06.12 11:11:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9E04D120-7861-47A3-89B7-D2BB57B7F8E8} [2012.06.11 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A9486202-9C2D-4D06-BB9A-30E5866A4A60} [2012.06.11 21:42:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6DA0E5D8-7B50-4103-9F66-A204840DE6FD} [2012.06.11 18:13:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FE0ADAF2-EBC6-48F7-A856-DF058ECBE79F} [2012.06.11 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8B832F81-A47C-4EF7-A2CA-FB58F0E2B42C} [2012.06.11 11:35:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1BB6679C-2BCA-42E1-956F-AE4F0027FE94} [2012.06.11 11:35:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{57F25263-EFDE-4D36-BC20-225DCC8F3471} [2012.06.11 09:45:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F1421748-1099-4BC0-BB79-18B0D51A31C7} [2012.06.11 09:44:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{012AC4D9-FE4A-4775-BEE9-7B0C1C84614C} [2012.06.10 20:34:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F49014B1-59E8-412A-8107-60776A0FECB2} [2012.06.10 20:34:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{02CE511A-48DA-4FD1-89DA-55D821E926BD} [2012.06.10 18:12:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8F993571-FFF3-438C-A46F-6E497F99E368} [2012.06.10 18:12:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{14268F5A-BCAD-49B1-BA4D-FBBACB83A49B} [2012.06.10 13:03:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5F1B3F1C-0772-40D8-81D2-C5BB0C90CCAA} [2012.06.10 13:03:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F669104F-B760-407A-83E8-9ACFDE13AFCD} [2012.06.08 19:58:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{58FB11E2-3653-4663-B983-B409900F2EC5} [2012.06.08 19:58:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AC13C6C5-5924-409C-AB76-3C48785F95EE} [2012.06.08 15:57:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{786339A5-6F75-4FDD-B400-79CC25C946A2} [2012.06.08 15:57:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1E580D5E-DDB5-4385-A9C2-B566D08E477D} [2012.06.08 13:21:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8A22479C-DC6F-4538-AB94-10229401FF75} [2012.06.08 13:21:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3879910E-0A94-49C3-8E65-64CDB5DAB968} [2012.06.08 09:21:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ECE86E08-AE15-4B27-BA19-12EE3E7EE632} [2012.06.08 09:21:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7495338C-43BC-4D8F-AC54-772238BAF96A} ========== Files - Modified Within 30 Days ========== [2012.07.07 15:50:46 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.07 15:50:46 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.07 15:50:46 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.07 15:50:46 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.07 15:50:46 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.07 15:50:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.07.07 15:48:36 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.07 15:48:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.07 15:44:39 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.07 15:44:39 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.07 15:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.07 15:38:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.07 15:37:53 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.07 15:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.07 15:37:17 | 3113,230,336 | -HS- | M] () -- C:\hiberfil.sys [2012.07.07 15:31:28 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad [2012.07.07 15:29:26 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat [2012.07.05 18:44:07 | 000,184,670 | ---- | M] () -- C:\Users\User\Desktop\Bayern_Vermessung.pdf [2012.07.05 18:43:53 | 000,038,418 | ---- | M] () -- C:\Users\User\Desktop\GISFachkraft.pdf [2012.07.03 10:33:41 | 000,060,055 | ---- | M] () -- C:\Users\User\Desktop\skype.jpg [2012.07.03 10:25:23 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.06.25 18:33:18 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012.06.24 08:39:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.24 08:39:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.23 10:09:35 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.17 17:24:45 | 000,283,767 | ---- | M] () -- C:\Users\User\Desktop\Mahnung.pdf [2012.06.13 13:01:14 | 000,435,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.07.07 15:48:36 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.07 15:48:23 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.07 15:29:26 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat [2012.07.06 19:33:25 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.07.05 18:44:07 | 000,184,670 | ---- | C] () -- C:\Users\User\Desktop\Bayern_Vermessung.pdf [2012.07.05 18:43:53 | 000,038,418 | ---- | C] () -- C:\Users\User\Desktop\GISFachkraft.pdf [2012.07.03 10:34:22 | 000,060,055 | ---- | C] () -- C:\Users\User\Desktop\skype.jpg [2012.07.03 10:25:23 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.06.23 10:09:35 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.17 17:24:44 | 000,283,767 | ---- | C] () -- C:\Users\User\Desktop\Mahnung.pdf [2012.01.24 17:06:10 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.30 18:15:58 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin [2011.07.14 22:02:34 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.07.07 19:49:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.26 15:39:54 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.02.16 12:16:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite [2012.02.16 12:10:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Pro [2012.04.23 09:36:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Downloaded Installations [2012.06.16 20:43:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft [2012.06.03 13:14:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers [2011.07.11 17:38:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2012.02.16 12:41:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin [2012.03.14 14:13:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PCDr [2011.09.15 14:59:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SharePod [2012.03.13 18:57:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Simfy [2011.07.14 22:06:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Synaptics [2012.01.26 12:33:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Titanium [2011.12.31 00:58:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\tmp [2011.07.12 20:28:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer [2012.01.24 16:44:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions [2011.09.19 19:27:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Xilisoft [2012.06.25 18:33:18 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012.07.03 15:41:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.07 15:50:01 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.07.2012 15:49:54 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 51,03% Memory free
7,73 Gb Paging File | 5,34 Gb Available in Paging File | 69,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 474,62 Gb Free Space | 79,62% Space Free | Partition Type: NTFS
Drive F: | 7,45 Gb Total Space | 1,95 Gb Free Space | 26,14% Space Free | Partition Type: FAT32
Computer Name: SLOWY-LAPTOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0647EC19-88CB-4247-B203-231589DC8E2C}" = lport=137 | protocol=17 | dir=in | app=system |
"{11D827EA-CD66-44AA-A333-C16592950FD6}" = rport=137 | protocol=17 | dir=out | app=system |
"{2EDB247E-438C-41F2-A918-CAFDB630D672}" = lport=138 | protocol=17 | dir=in | app=system |
"{2EF91754-4ED3-40E3-8D8C-88A637C2AB9F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37A6C23E-1AA6-409A-BD39-1196289B4A5D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3BAF7C5E-EF7F-450C-B0A7-65B565391455}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F281DBF-53EA-4094-8338-2D6797F221AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{459D0368-4340-4C0E-8135-4A99DA357362}" = rport=139 | protocol=6 | dir=out | app=system |
"{5D401CD7-2DC3-48E4-BEF2-24339EC312B6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{640552A9-E121-43CC-A3E9-B44295AE97B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74EAAAB4-A91C-4B85-AA15-43DA4F6B13F8}" = rport=138 | protocol=17 | dir=out | app=system |
"{89AFF692-98D7-4CFE-A05B-909AD825CEB0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9297198F-2AFE-4752-9440-237F02DD08EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A2D2D10A-4BB5-4C8C-A126-C77BC6223599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AEA03DC9-BCD7-4497-A015-4D0803753760}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B368BA1A-28B6-4950-92A4-38DBDE21587C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BAD2D0EF-EB85-4BA1-9FA8-F86CAA96FF62}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C38C3F17-B0AC-4709-8E40-6C8BC3302D60}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C7E47663-98D5-4A3A-9C5E-BC5D1949C1F4}" = lport=445 | protocol=6 | dir=in | app=system |
"{D2BC0868-D5C8-4DA3-9E83-53BAD6732699}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2EE3934-629C-412C-B251-698732859D7A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8D56E55-E093-4CFF-AC07-8351F5E3CCCC}" = rport=445 | protocol=6 | dir=out | app=system |
"{E251ABD1-F97A-4300-8F3B-66756C93BA37}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7D6A3A1-5503-4BDE-9D94-B858DA1BC302}" = lport=139 | protocol=6 | dir=in | app=system |
"{F151FBFB-5509-4982-9209-A7F9E2EC86D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FD899067-DC71-4A1C-8572-6DB3E3012736}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0193DA55-622D-4035-AD4A-70DAC1F829F2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0E0C4097-C48B-4C13-A203-8F71DF20317D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F8C9164-8A2C-4EB4-AD1B-C0E1D2F7D11A}" = protocol=6 | dir=out | app=system |
"{19321F1E-B7BE-4E9B-8395-8AE9732A065C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A634BC9-3CE2-49A9-AD7F-1BEA39B60472}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1ACAADAF-0D7B-45F7-8F6F-2C9EE805F9DF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{202F6B99-D032-4991-8CE1-0C22E0AC58B0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{285C38C8-8D20-4F89-8321-1B7F161996D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34438BF1-9C5E-4549-8FC9-7D4510F440A5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C0F453A-7225-4A0C-A143-532BA9A6EE4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4326D249-0060-4EBE-B709-C94C042C77AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{478C299D-107E-408C-B8D1-6DDCC32B39C9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4F395A2B-5149-4A63-9D30-802BC8FF9186}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{51E6E308-1AB5-48B6-A183-F830D919ECE8}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{53897C8C-8DFF-4D63-A930-3C4E59E158C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59E8592F-802E-4B41-A0DD-6A5F6605F129}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{73951D19-8AE2-4AFA-A4D1-4C26E6B0F5D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{83B5B402-C8EA-4E21-8DA3-D243C5617008}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{857BE93B-4930-4CD7-B108-9C6BAE92E41D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{87F62BC3-7F42-4FF8-89A1-672379272687}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8839573A-283C-4834-9A68-D70FE5BF2203}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8F140529-5D2B-4FAD-95C4-6DC1D27F85A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{95339CD1-932A-48E8-96F3-AF1C3598EC5D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{987FFCA1-3B16-4E56-827B-B26183CFA61B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{996C8736-EA93-4FF8-870A-D07D2568A5A3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A3E86297-85DE-43B1-9F99-63B7378570B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A5E2EF4C-0823-4BD7-B096-EA2C0CB098BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE22F492-4BEF-4AF1-9162-1DE683D768FD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C391F9B4-3BFF-4C11-8E16-90041CD5D8DF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C454C70A-228C-4F22-9584-70F9CA252F46}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D04E6BD9-48D9-4FBF-8389-D5A0DE15BF12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D0F8B3ED-9350-4FA6-B55B-8C90C512C01E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D3232226-DCE0-4F05-A94A-8477A7976131}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{D72659A5-B6AB-4548-9092-01DDE9E5A98C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DFD174D6-FE3C-4B27-BFC1-20716F28E297}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FB14D546-B61A-4D15-A5CC-F461A7865AD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{5D219FA2-27D9-4B2D-9479-E40780A86954}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{8A45E2F9-76DC-4C6F-BECA-25122DBC3964}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe |
"TCP Query User{AF045C69-43A0-49EE-9AC2-AEC30B3FFD67}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{F51027AE-5D8B-438D-A1D2-7E3A3E556F14}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{FFB01EE7-1B59-4640-9AF3-A947F2CB66C7}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{520C02FD-3C5A-4545-BEB8-38DADBF0E5CC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{65DC2CF6-142C-4FC3-AD9F-7A3B817D415C}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe |
"UDP Query User{AF0E4CB4-C7F7-49DE-96C0-F33A453263F1}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{EB1FDCE0-F706-49C3-8F67-8E65708A6849}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F3720A5D-DA26-4B3D-86D2-841620180529}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi-Software
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F59A8AC-1D7B-8578-38F7-8F5166FA8580}" = ccc-utility64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF5745D9-C0A7-4D40-2900-AD093F232827}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{1B2BDFB3-3786-A62F-F498-83F9EE3FBD0F}" = CCC Help Japanese
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{20068980-5702-5CA7-F335-6592852F7F59}" = CCC Help Italian
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{302188C7-ADCF-4328-8E2E-FE9DCC2F40BD}" = Hauppauge TV Tuner Driver
"{3031A053-DC97-4D03-9179-BF6F98F63FA2}" = Wunderlist
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D6F16CA-13B8-6425-A71A-B91DB3E14F51}" = CCC Help Danish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE43CB4-9FB5-82E1-780C-9D38E2F1391E}" = CCC Help Dutch
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{597BBBD5-8A69-CF88-2DE3-67194CE5C071}" = Catalyst Control Center Graphics Previews Common
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7677040A-E5AA-998C-8810-59F0B5D3E0A8}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC90569-A7DB-5EA0-A9FE-0C5799A28B11}" = CCC Help Chinese Traditional
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DEB7DD7-FC6D-76C6-712D-40968A736963}" = CCC Help Swedish
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92531F24-21E5-C8EC-30E6-D56536FD61C7}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0080-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BC422FB-175A-0191-C141-B8B453DAF06E}" = Catalyst Control Center Graphics Previews Vista
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1C21906-351B-685E-7263-A4C30DF381E0}" = CCC Help German
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB6EE148-B13E-C19D-2732-CD0EB23C39B8}" = CCC Help Portuguese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B834524D-C302-F626-87D6-5E7352FBE502}" = simfy
"{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}" = ccc-core-static
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D11D2A79-78FA-EA15-CC16-8F24817EAED2}" = CCC Help Korean
"{D165A6B1-6985-072E-969E-333D759D6777}" = CCC Help Spanish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}" = Dell Digital Delivery
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF28B648-9636-5DE8-A072-54A5323B0CDA}" = CCC Help Norwegian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8DEB138-8DAC-EB25-87CE-D38A2C1C35CE}" = CCC Help French
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F393B7C2-136F-2956-30A3-1099C8394B51}" = CCC Help Chinese Standard
"{F6F4AF75-109A-638B-80D5-87283B00CD5E}" = Catalyst Control Center Localization All
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB46EFDE-44F4-83F1-3044-68F5E95E3D4E}" = CCC Help English
"{FBCCCFB0-D89D-C91F-B9B1-8AB1760C1DD0}" = CCC Help Russian
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Dock" = Dell Dock
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Central" = Dell Webcam Central
"Dell Webcam Manager" = Dell Webcam Manager
"DVDFab 8 Qt_is1" = DVDFab 8.1.1.2 (08/08/2011) Qt
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.908
"Free Studio_is1" = Free Studio version 5.1.5
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Hauppauge TV Tuner Diagnostics" = Hauppauge TV Tuner Diagnostics (1.2.7076)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"pdfsam" = pdfsam
"PS3 Media Server" = PS3 Media Server
"Simfy" = simfy
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"SP-Downloader" = SP-Downloader
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.07.2012 11:26:25 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1076
Error - 06.07.2012 11:26:26 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.07.2012 11:26:26 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2121
Error - 06.07.2012 11:26:26 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2121
Error - 06.07.2012 11:26:27 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.07.2012 11:26:27 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3135
Error - 06.07.2012 11:26:27 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3135
Error - 06.07.2012 12:48:43 | Computer Name = Slowy-Laptop | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16446 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1548 Startzeit: 01cd5b5918910626 Endzeit: 0 Anwendungspfad:
C:\Program Files (x86)\internet explorer\iexplore.exe Berichts-ID:
Error - 06.07.2012 12:50:27 | Computer Name = Slowy-Laptop | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16446 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 180c Startzeit: 01cd5b9738347102 Endzeit: 0 Anwendungspfad:
C:\Program Files (x86)\internet explorer\iexplore.exe Berichts-ID:
Error - 06.07.2012 12:51:46 | Computer Name = Slowy-Laptop | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16446 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1b60 Startzeit: 01cd5b9772031be2 Endzeit: 0 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
[ System Events ]
Error - 07.07.2012 09:32:38 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.07.2012 09:32:38 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 07.07.2012 09:32:38 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.07.2012 09:32:38 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.07.2012 09:32:38 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 07.07.2012 09:32:38 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avipbb avkmgr DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6
WfpLwf
Error - 07.07.2012 09:34:00 | Computer Name = Slowy-Laptop | Source = DCOM | ID = 10005
Description =
Error - 07.07.2012 09:37:26 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Planer" wurde mit folgendem dienstspezifischem Fehler
beendet: %%305.
Error - 07.07.2012 09:37:27 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%303.
Error - 07.07.2012 09:47:52 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%303.
< End of report >
Malwarebytes (Quick Scan) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.04.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 User :: SLOWY-LAPTOP [Administrator] Schutz: Aktiviert 07.07.2012 15:50:45 mbam-log-2012-07-07 (15-50-45).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 198120 Laufzeit: 3 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) CCleaner (Liste installierter Programme) Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 13.03.2012 3.1.0.4880 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.06.2012 6,00MB 11.3.300.257 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 24.06.2012 6,00MB 11.3.300.262 Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 12.07.2011 118MB 10.1.0 Advanced Audio FX Engine Creative Technology Ltd 14.03.2012 1.12.05 Advanced Video FX Engine 14.03.2012 Apple Application Support Apple Inc. 23.06.2012 61,0MB 2.1.9 Apple Mobile Device Support Apple Inc. 23.06.2012 24,5MB 5.2.0.6 Apple Software Update Apple Inc. 23.01.2012 2,38MB 2.1.3.127 ATI Catalyst Install Manager ATI Technologies, Inc. 14.03.2012 22,3MB 3.0.778.0 Avira Free Antivirus Avira 09.05.2012 104MB 12.0.0.1125 Bonjour Apple Inc. 23.01.2012 2,04MB 3.0.0.10 CCleaner Piriform 22.06.2012 3.20 Cisco EAP-FAST Module Cisco Systems, Inc. 14.03.2012 1,55MB 2.2.14 Cisco LEAP Module Cisco Systems, Inc. 14.03.2012 644KB 1.0.19 Cisco PEAP Module Cisco Systems, Inc. 14.03.2012 1,23MB 1.1.6 DAEMON Tools Lite DT Soft Ltd 16.02.2012 4.45.3.0297 Dell Digital Delivery Dell Products, LP 22.06.2012 2,41MB 2.2.2000.0 Dell Dock Stardock Corporation 11.07.2011 2.0 Dell Dock Dell Driver Download Manager Dell Inc 14.03.2012 3.0.0.0 Dell Resource CD Ihr Firmenname 13.03.2012 1,92MB 1.00.0000 Dell Support Center Dell Inc. 14.03.2012 128MB 3.1.5907.23 Dell Webcam Center 14.03.2012 Dell Webcam Central Creative Technology Ltd 14.03.2012 1.40.05 Dell Webcam Manager 14.03.2012 DVDFab 8.1.1.2 (08/08/2011) Qt Fengtao Software Inc. 08.09.2011 49,4MB DW WLAN Card Utility Dell Inc. 5.60.48.35 Fifa 12 (c) Electronic Arts version 1 16.02.2012 1 Free Audio CD to MP3 Converter version 1.3.12.908 DVDVideoSoft Ltd. 24.01.2012 50,8MB Free Studio version 5.1.5 DVDVideoSoft Limited. 08.08.2011 329MB Free YouTube Download version 3.1.27.508 DVDVideoSoft Ltd. 03.06.2012 82,1MB 3.1.27.508 Free YouTube to MP3 Converter version 3.11.24.608 DVDVideoSoft Ltd. 16.06.2012 90,1MB 3.11.24.608 Google Earth Plug-in Google 16.11.2011 40,8MB 6.1.0.5001 Hauppauge TV Tuner Diagnostics (1.2.7076) Hauppauge Computer Works, Inc. 14.03.2012 1.2.7076 iCloud Apple Inc. 15.03.2012 33,2MB 1.1.0.40 IDT Audio IDT 14.03.2012 1.0.6289.0 Image Resizer Powertoy Clone for Windows (64 bit) Brice Lambson 31.07.2011 303KB 2.1.1 Intel(R) Control Center Intel Corporation 1.2.1.1007 Intel(R) Management Engine Components Intel Corporation 6.0.0.1179 Intel(R) PROSet/Wireless WiFi-Software Intel Corporation 14.03.2012 138MB 13.02.0000 Intel(R) Rapid Storage Technology Intel Corporation 9.6.4.1002 iTunes Apple Inc. 23.06.2012 182MB 10.6.3.25 Java(TM) 6 Update 31 Oracle 04.03.2012 95,1MB 6.0.310 Java(TM) 7 Update 1 (64-bit) Oracle 22.11.2011 93,3MB 7.0.10 Live! Cam Avatar Creative Technology Ltd. 14.03.2012 1.0 Live! Cam Avatar Creator Creative Technology Ltd. 14.03.2012 4.6.0817.1 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 07.07.2012 18,0MB 1.61.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 15.07.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.01.2012 2,93MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 24.01.2012 51,9MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 24.01.2012 10,6MB 4.0.30319 Microsoft Office Outlook Connector Microsoft Corporation 24.01.2012 3,38MB 14.0.6106.5001 Microsoft Office Professional Plus 2010 Microsoft Corporation 25.01.2012 14.0.6029.1000 Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Corporation 21.06.2012 1,38MB 14.0.5120.5000 Microsoft Silverlight Microsoft Corporation 09.05.2012 100MB 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 11.07.2011 1,69MB 3.1.0000 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 25.09.2011 2,69MB 8.0.56336 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 15.03.2012 572KB 8.0.61000 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 14.03.2012 252KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 11.07.2011 784KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 12.07.2011 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 19.09.2011 1,42MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.07.2011 596KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 12.07.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 17.02.2012 13,8MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 01.11.2011 12,2MB 10.0.40219 Modem Diagnostic Tool Dell 14.03.2012 1,22MB 1.0.28.0 No23 Recorder No23 13.03.2012 3,18MB 2.1.0.3 OpenOffice.org 3.3 OpenOffice.org 11.07.2011 414MB 3.3.9567 pdfsam 05.05.2012 2.2.1 PS3 Media Server PS3 Media Server 19.09.2011 142MB 1.40.0 Quickset64 Dell Inc. 27.09.2011 5,70MB 10.5.0 QuickTime Apple Inc. 15.03.2012 73,2MB 7.71.80.42 Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 14.03.2012 6.1.7600.30127 Roxio Burn Roxio 14.03.2012 36,1MB 1.01 simfy simfy GmbH 13.03.2012 1.6.5 Skype™ 5.10 Skype Technologies S.A. 03.07.2012 19,4MB 5.10.114 SP-Downloader 19.09.2011 Synaptics Gesture Suite featuring SYNAPTICS | Scrybe Synaptics Inc. 14.07.2011 14,0MB 1.6.5.17120 Synaptics Pointing Device Driver Synaptics Incorporated 14.07.2011 46,4MB 15.2.20.0 Veoh Web Player Veoh Networks, Inc. 25.11.2011 1.1.2.0000 VirtualDJ Home FREE Atomix Productions 28.12.2011 48,3MB 7.0.5 VLC media player 1.1.10 VideoLAN 11.07.2011 1.1.10 WIDCOMM Bluetooth Software Broadcom Corporation 14.03.2012 144MB 6.2.1.1100 Winamp Nullsoft, Inc 11.07.2011 5.62 Winamp Erkennungs-Plug-in Nullsoft, Inc 11.07.2011 63,0KB 1.0.0.1 Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501) Broadcom Corporation 14.03.2012 03/24/2010 6.3.0.2501 Windows Live Essentials Microsoft Corporation 21.06.2012 15.4.3555.0308 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 11.07.2011 5,57MB 15.4.5722.2 WinRAR 4.01 (32-Bit) win.rar GmbH 25.09.2011 4.01.0 Wunderlist None provided 26.01.2012 42,3MB 1.2.4 |
|
11.07.2012, 18:25
| #2 |
| /// Helfer-Team  | 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - C:\Windows\SysWOW64\SynTPEnhPS.dll ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {9BBC9A74-B28E-4005-B3AF-F2D477619A8C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BBC9A74-B28E-4005-B3AF-F2D477619A8C}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b0476f03-5868-11e1-a422-f04da29b1743}\Shell - "" = AutoRun
O33 - MountPoints2\{b0476f03-5868-11e1-a422-f04da29b1743}\Shell\AutoRun\command - "" = E:\setup.exe
[2012.07.07 15:38:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{16823E8C-A078-4C66-8943-AD21FB8449C7}
[2012.07.07 15:38:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C989013F-95AA-4EFA-8AE1-EDAA5ACD851B}
[2012.07.07 15:38:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.07 15:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.07 15:37:53 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.07 15:31:28 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.06 19:33:25 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
:Files
E:\setup.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\go_0molg.pad
:Commands
ipconfig /flushdns /c
[emptytemp]
[emptyflash]
[resethosts]
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
13.07.2012, 18:05
| #3 |
| | 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) hey, danke für deine Mühe. Anbei das Logfile.
__________________Beste Grüße, Jule Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BBC9A74-B28E-4005-B3AF-F2D477619A8C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BBC9A74-B28E-4005-B3AF-F2D477619A8C}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
File C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Desktop Disc Tool deleted successfully.
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe moved successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0476f03-5868-11e1-a422-f04da29b1743}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0476f03-5868-11e1-a422-f04da29b1743}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0476f03-5868-11e1-a422-f04da29b1743}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0476f03-5868-11e1-a422-f04da29b1743}\ not found.
File E:\setup.exe not found.
C:\Users\User\AppData\Local\{16823E8C-A078-4C66-8943-AD21FB8449C7} folder moved successfully.
C:\Users\User\AppData\Local\{C989013F-95AA-4EFA-8AE1-EDAA5ACD851B} folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\ProgramData\go_0molg.pad moved successfully.
File C:\ProgramData\go_0molg.pad not found.
========== FILES ==========
File\Folder E:\setup.exe not found.
File\Folder C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File\Folder C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File\Folder C:\ProgramData\go_0molg.pad not found.
========== COMMANDS ==========
Error: Unable to interpret <ipconfig /flushdns /c> in the current context!
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: User
->Temp folder emptied: 895840049 bytes
->Temporary Internet Files folder emptied: 942355701 bytes
->Java cache emptied: 759202 bytes
->Flash cache emptied: 264513 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 379056799 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 639 bytes
RecycleBin emptied: 253345737 bytes
Total Files Cleaned = 2.357,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: User
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.44.0 log created on 07132012_185128
Files\Folders moved on Reboot...
File\Folder C:\Users\User\AppData\Local\Temp\OICE_B307F93D-8F6F-4ABA-BE65-6ED4787F44C5.0\C4936DB6. not found!
File\Folder C:\Users\User\AppData\Local\Temp\OICE_6C5B9F5A-97A6-48B2-ABED-F00B61493B82.0\B76659A5. not found!
File\Folder C:\Users\User\AppData\Local\Temp\OICE_5C7C0E55-A485-4A08-A0EE-E49E327BEC0B.0\E6362D4F. not found!
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
13.07.2012, 19:39
| #4 |
| /// Helfer-Team | 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) Sehr gut!  Wie laeuft der Rechner? 1. Schritt Neue Version! Bitte neu runterladen! Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
13.07.2012, 23:19
| #5 |
| | 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) hey, scheint gut zu laufen.  wozu dient dieser adwcleaner? hier die Logdatei: Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/14/2012 at 00:16:56
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - SLOWY-LAPTOP
# Running from : C:\Users\User\Desktop\adwcleaner0.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\WiseConvert
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
***** [Registry] *****
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\WiseConvert
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\S
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [6868 octets] - [14/07/2012 00:16:56]
########## EOF - C:\AdwCleaner[R1].txt - [6996 octets] ##########
|
|
14.07.2012, 09:41
| #6 |
| /// Helfer-Team | 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) Wo ist das Malwarebytes Log? http://www.trojaner-board.de/118792-...tml#post864102
__________________ --> 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) |
|
14.07.2012, 18:05
| #7 |
| | 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) sorry, das hatte ich verpeilt mit anzuhängen. nach dem Neustart durch adwcleaner kam ein pop up von Windows mit der Anfrage, ob ich Daemon Tools Lite Helper erlauben möchte Einstellungen am Computer zu verändern. Was hat dieses Programm auf sich? Hab "nein" angeklickt. here we go Malware Bytes Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.13.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 User :: SLOWY-LAPTOP [Administrator] Schutz: Deaktiviert 13.07.2012 22:44:01 mbam-log-2012-07-13 (22-44-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 391093 Laufzeit: 59 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/14/2012 at 19:06:38
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - SLOWY-LAPTOP
# Running from : C:\Users\User\Desktop\adwcleaner0.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\WiseConvert
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
***** [Registry] *****
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\WiseConvert
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [6939 octets] - [14/07/2012 00:16:56]
AdwCleaner[S1].txt - [5032 octets] - [14/07/2012 19:06:38]
########## EOF - C:\AdwCleaner[S1].txt - [5160 octets] ##########
Geändert von dk-jule (14.07.2012 um 18:16 Uhr) Grund: neues Log File |
|
14.07.2012, 19:36
| #8 |
| /// Helfer-Team | 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) Sehr gut! Dann bist Du sauber und entlassen Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html |
|
15.07.2012, 16:15
| #9 |
| | 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) herzlichen Dank t'john für die kompetente Hilfe! Beste Grüße, Jule |
|
| Themen zu 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) |
| avira, bho, browser, cftmon.lnk, converter, diagnostics, document, firefox, flash player, google earth, go_0molg.pad, gvu trojaner, gvu trojaner entfernen, gvu trojaner mit webcam, heuristiks/extra, heuristiks/shuriken, home, iexplore.exe, install.exe, ip-hilfsdienst, langs, logfile, microsoft office word, mp3, plug-in, realtek, registry, searchscopes, security, software, svchost.exe, system, trojaner, usb 2.0, webcam gvu trojaner, webcamfenster, wpbt0.dll |
Linear-Darstellung
