| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner; weitere Schritte nach SystemwiederherstellungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.06.2013, 13:51
| #1 |
| |  GVU Trojaner; weitere Schritte nach Systemwiederherstellung Mahlzeit Forum, Ich habe ein Netbook hier, welches mit dem GVU Trojaner verseucht ist. Systemwiederherstellung ist bereits durchgeführt. Nach eurer Anleitung wurde "defogger" ausgeführt. Im Anschluss OTL durchlaufen lassen. Code:
ATTFilter OTL logfile created on: 6/19/2013 1:22:55 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MacDevet\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013.30 Mb Total Physical Memory | 187.28 Mb Available Physical Memory | 18.48% Memory free 1.99 Gb Paging File | 1.16 Gb Available in Paging File | 58.14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 112.00 Gb Total Space | 27.88 Gb Free Space | 24.89% Space Free | Partition Type: NTFS Drive D: | 165.99 Gb Total Space | 19.39 Gb Free Space | 11.68% Space Free | Partition Type: NTFS Computer Name: MACDEVET-PC | User Name: MacDevet | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/19 13:12:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MacDevet\Desktop\OTL.exe PRC - [2013/05/28 14:41:16 | 002,839,592 | ---- | M] (Iminent) -- C:\Program Files\Common Files\Umbrella\umbrella.exe PRC - [2013/01/08 11:27:24 | 000,026,600 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/10/30 11:56:40 | 000,197,152 | ---- | M] (PC Utilities Pro) -- C:\Program Files\Optimizer Pro\OptProSmartScan.exe PRC - [2012/10/17 05:02:20 | 000,790,120 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe PRC - [2012/10/04 16:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/09/06 14:22:40 | 000,016,896 | ---- | M] (Hercules®) -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE PRC - [2012/08/08 22:57:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/09 19:13:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/11/15 01:49:06 | 000,032,768 | ---- | M] (STRATO) -- C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe PRC - [2011/03/09 13:08:44 | 003,857,408 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/02/07 11:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2010/12/23 03:30:20 | 000,608,648 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe PRC - [2010/11/13 00:24:08 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe PRC - [2010/11/13 00:24:06 | 001,812,264 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2010/09/30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe PRC - [2010/09/30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe PRC - [2010/07/21 13:55:02 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2010/07/21 13:55:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/06/03 04:42:28 | 002,203,136 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SFB\SmartRestarter.exe PRC - [2010/04/20 07:31:56 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe ========== Modules (No Company Name) ========== MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/09/30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe MOD - [2010/04/20 07:31:56 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe MOD - [2010/02/03 07:19:20 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2013/06/03 17:27:32 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/28 14:41:16 | 002,839,592 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files\Common Files\Umbrella\umbrella.exe -- (SProtection) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012/09/06 14:22:40 | 000,016,896 | ---- | M] (Hercules®) [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/09 19:13:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/09 19:12:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/11/15 01:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2011/03/09 13:08:44 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2010/09/30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010/07/21 13:55:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/10/30 14:49:38 | 000,259,440 | ---- | M] (© Guillemot R&D, 2012. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK) DRV - [2012/10/30 14:49:36 | 000,200,560 | ---- | M] (© Guillemot R&D, 2012. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk) DRV - [2012/10/30 14:49:34 | 000,237,936 | ---- | M] (© Guillemot R&D, 2012. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi) DRV - [2012/05/09 19:13:07 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/09 19:13:07 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/10/19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/10/10 09:38:08 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport) DRV - [2011/01/08 01:22:22 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/08/30 16:45:48 | 000,315,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/10/29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009/10/29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009/10/29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009/10/29 20:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mixidj.claro-search.com/?affID=121139&babsrc=HP_ss&mntrId=28337f2b00000000000000ff12bd7de4 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://mixidj.claro-search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=28337f2b00000000000000ff12bd7de4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com [2013/04/26 19:10:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/04/11 11:31:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/11/26 14:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MacDevet\AppData\Roaming\mozilla\Extensions [2013/06/07 08:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MacDevet\AppData\Roaming\mozilla\Firefox\Profiles\xsa74xhd.default\extensions [2013/04/26 19:08:11 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\MacDevet\AppData\Roaming\mozilla\Firefox\Profiles\xsa74xhd.default\extensions\ffxtlbr@delta.com [2013/06/07 08:42:18 | 000,281,668 | ---- | M] () (No name found) -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012/12/13 21:18:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013/05/02 11:46:09 | 000,006,495 | ---- | M] () -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\searchplugins\babylon.xml [2013/04/26 19:14:23 | 000,006,492 | ---- | M] () -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\searchplugins\BrowserProtect.xml [2013/04/26 19:08:19 | 000,001,294 | ---- | M] () -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\searchplugins\delta.xml [2013/06/03 17:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/01/19 21:13:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/06/03 17:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions [2013/06/03 17:27:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/06/01 17:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\updated\extensions [2013/06/01 17:24:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/06/01 17:24:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/04/26 19:14:23 | 000,006,492 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®) O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O4 - HKCU..\Run: [HP Deskjet 3520 series (NET)] C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) O4 - Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MacDevet\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20678603-6457-40C7-9EDB-C474291B171F}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F89CDBA6-69D6-4EAF-ABF5-58236C4D87E5}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/19 13:12:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MacDevet\Desktop\OTL.exe [2013/06/19 12:47:19 | 000,000,000 | ---D | C] -- C:\Users\MacDevet\AppData\Roaming\Malwarebytes [2013/06/19 12:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/06/19 12:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/06/19 12:46:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013/06/19 12:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/06/19 12:46:22 | 000,000,000 | ---D | C] -- C:\Users\MacDevet\AppData\Local\Programs [2013/05/30 11:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorationen [2013/05/30 11:51:13 | 000,000,000 | ---D | C] -- C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Explorationen [2013/05/30 11:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Explorationen [2013/05/30 11:38:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry [2013/05/30 11:34:57 | 000,000,000 | ---D | C] -- C:\Users\MacDevet\Zero G Registry [2007/08/13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\MacDevet\AppData\Local\CDRip.dll [2007/01/18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\MacDevet\AppData\Local\No23 Recorder.exe [2006/12/11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\MacDevet\AppData\Local\basscd.dll [2006/12/11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\MacDevet\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2013/06/19 13:26:16 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/19 13:26:16 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/19 13:21:13 | 000,000,252 | ---- | M] () -- C:\windows\tasks\SpeedUpMyPC.job [2013/06/19 13:19:35 | 000,001,938 | ---- | M] () -- C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk [2013/06/19 13:18:42 | 000,000,330 | ---- | M] () -- C:\windows\tasks\spmonitor.job [2013/06/19 13:18:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/06/19 13:18:00 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys [2013/06/19 13:12:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MacDevet\Desktop\OTL.exe [2013/06/19 13:10:40 | 000,000,000 | ---- | M] () -- C:\Users\MacDevet\defogger_reenable [2013/06/19 13:08:49 | 000,050,477 | ---- | M] () -- C:\Users\MacDevet\Desktop\Defogger.exe [2013/06/19 12:46:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/06/18 17:51:57 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat [2013/06/07 08:29:29 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013/06/07 08:29:29 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/06/07 08:29:29 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013/06/07 08:29:29 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/05/30 12:12:15 | 000,287,832 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/05/30 11:35:33 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf [2013/05/30 11:34:56 | 000,000,016 | ---- | M] () -- C:\Users\MacDevet\persistent_state ========== Files Created - No Company Name ========== [2013/06/19 13:10:40 | 000,000,000 | ---- | C] () -- C:\Users\MacDevet\defogger_reenable [2013/06/19 13:08:36 | 000,050,477 | ---- | C] () -- C:\Users\MacDevet\Desktop\Defogger.exe [2013/06/19 12:46:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/06/18 17:51:57 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat [2013/05/30 11:35:33 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf [2013/05/30 11:34:56 | 000,000,016 | ---- | C] () -- C:\Users\MacDevet\persistent_state [2013/04/27 12:58:52 | 000,114,176 | ---- | C] () -- C:\Users\MacDevet\AppData\Roaming\BabMaint.exe [2012/12/08 18:57:41 | 000,001,428 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\RecConfig.xml [2012/12/08 18:46:26 | 000,221,184 | ---- | C] () -- C:\windows\System32\lame_enc.dll [2012/11/26 15:27:31 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012/07/10 19:20:20 | 000,004,020 | ---- | C] () -- C:\Users\MacDevet\.ganttproject [2012/04/09 16:45:55 | 000,002,067 | ---- | C] () -- C:\Users\MacDevet\.recently-used.xbel [2012/02/25 19:24:33 | 000,003,584 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/05 20:25:40 | 000,001,407 | ---- | C] () -- C:\windows\SiInst.ini [2011/11/28 22:43:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/11/26 13:26:50 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011/07/25 22:45:46 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat [2011/07/25 22:45:46 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2011/07/25 22:45:46 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat [2011/07/25 22:45:46 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2011/07/25 12:45:37 | 000,000,888 | ---- | C] () -- C:\windows\HotFixList.ini [2011/07/25 12:26:37 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll [2007/08/13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\lame_enc.dll [2006/10/26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\vorbisenc.dll [2006/10/26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\vorbisfile.dll [2006/10/26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\vorbis.dll [2006/10/26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\ogg.dll [2005/08/23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/12/28 20:05:30 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Audacity [2013/06/09 10:09:26 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\BabSolution [2013/02/08 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Babylon [2012/09/05 17:57:34 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\DVDVideoSoft [2012/01/02 03:09:51 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\DVDVideoSoftIEHelpers [2012/04/09 16:45:56 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\gtk-2.0 [2013/04/26 19:11:53 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Iminent [2012/04/16 20:39:21 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\MFSM-Tasks [2011/12/19 19:57:07 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\OpenOffice.org [2013/04/26 19:09:17 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Optimizer Pro [2012/04/10 09:59:25 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\PhotoScape [2011/11/27 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\RGE [2012/07/12 20:30:28 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\STRATO [2011/11/27 03:42:59 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Thunderbird [2012/04/30 18:18:14 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Tific [2012/04/27 19:19:22 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\TS3Client [2013/04/26 19:14:47 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Uniblue ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:5C270C64 < End of report > Code:
ATTFilter OTL Extras logfile created on: 6/19/2013 1:22:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MacDevet\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013.30 Mb Total Physical Memory | 187.28 Mb Available Physical Memory | 18.48% Memory free
1.99 Gb Paging File | 1.16 Gb Available in Paging File | 58.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 112.00 Gb Total Space | 27.88 Gb Free Space | 24.89% Space Free | Partition Type: NTFS
Drive D: | 165.99 Gb Total Space | 19.39 Gb Free Space | 11.68% Space Free | Partition Type: NTFS
Computer Name: MACDEVET-PC | User Name: MacDevet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8BCE85E8-501D-4854-B33C-E76538DC888A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{983350F9-0F34-4399-AD7C-4B50A0ADAA20}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3917C760-A0E6-44DD-A3DA-F101DD52CF29}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe |
"{42FEF731-9F49-4847-8D4E-AE9977B2EB2C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{563B790D-CD68-46FA-BD56-F1D82007714B}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe |
"{84C9DA1D-F3C4-49CB-A366-616A9CF1584C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{84E72674-71BE-42CB-A980-0396DD5AF02D}" = dir=in | app=c:\program files\iminent\iminent.exe |
"{8548F04D-727E-461B-B62A-53C9801F6369}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe |
"{A1579116-0B13-4943-BA0C-9BD7983F423C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A6CF250D-1978-4DA7-AD79-1CC0A00CCFE2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF31531C-C2EB-4F7C-8282-6D503494F5E0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C50B0A73-B725-40E6-8438-FCF062C349CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF082CED-199A-4D91-A0D9-D27CD2115193}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E70D5B8D-75E8-4587-A6B9-32DA83089A48}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe |
"{F7894551-63D7-4A5E-9845-77DD0051473B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02E1EAF5-F1B6-41EC-B500-E6BC728A5E20}" = Windows Live Remote Service Resources
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{065241D0-A178-4F24-8A09-691761A8957B}" = Windows Live Remote Service Resources
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{071A7A87-F72C-4239-BAF8-92FF44EB82AF}" = Windows Live Remote Client Resources
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0891B708-EF3F-4D7E-9724-265245F46276}" = Windows Live Remote Service Resources
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A1651F1-7E0F-4613-93FE-967F5BC3C1B7}" = Windows Live Remote Service Resources
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{143DB9C9-3F0D-4DC7-A57B-A7E4F26FA12E}" = Windows Live Remote Client Resources
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18088C5C-323A-4E56-AA4A-6D3F2EE34102}" = Windows Live Remote Client Resources
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources
"{208762DE-34A1-44B1-B597-509C8D05D39E}" = Windows Live Remote Client Resources
"{20C21396-4F89-4044-806B-326C993A3996}" = Windows Live Remote Service Resources
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{244C5A67-39DC-4C6C-BF1B-BCC9D342A4C4}" = Windows Live Remote Client Resources
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2852BC06-B850-4518-97E6-CD136FE75683}" = Windows Live Remote Client Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B3EA5DA-D040-48FB-813F-1CF8C0123698}" = Windows Live Remote Client Resources
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{30E82CD5-6E97-4381-86EB-548202A6D5B7}" = Windows Live Remote Client Resources
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{354FF1E9-5D3F-4D91-A433-7626AC6B55EA}" = Windows Live Remote Service Resources
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BC3B1A5-30E3-4DDB-BE08-E7262B838B5F}" = Windows Live Remote Client Resources
"{3BFB2388-64EE-4AAA-9235-5FE725FED6DE}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{41B07C21-145D-496F-B029-0899514099C7}" = Windows Live Remote Service Resources
"{41B72CAF-036B-4E0A-8D22-F5DF7C970434}" = Windows Live Remote Client Resources
"{41E4FA4B-9376-4C32-AA46-65FCC0087CD5}" = Windows Live Remote Service Resources
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{448702D4-83DD-4EFC-B09B-94AD6CA0D978}" = Windows Live Remote Service Resources
"{454F5782-A4C3-480E-A629-D435795DEFD8}" = Windows Live Remote Client Resources
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F2F5589-0217-43A6-91E9-B0F172D32CC9}_is1" = MF Shutdown Manager 2.1.0
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{5008BC55-FD3D-4A32-A1B7-610E18F4D220}" = Windows Live Remote Service Resources
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5C8BC258-A629-4DF2-97D0-E106C2A9B1BD}" = Windows Live Remote Client Resources
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{61A5DE19-BE38-45AF-A9BC-73E49703315E}" = Windows Live Remote Service Resources
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6255D9FC-427F-4867-84DB-164DBEA0661F}" = Windows Live Remote Client Resources
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{66B0B400-22AB-47E6-8673-38A5D37F6331}" = Windows Live Remote Client Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6B953497-169C-4929-9AA9-A9F510347468}" = HP Deskjet 3520 series Hilfe
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7234BD6D-5394-4572-A87D-0279C5ED535D}" = Windows Live Remote Client Resources
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{7612E28A-C4DB-4259-AA91-CB02B1BCF623}" = Windows Live Remote Service Resources
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{7846B719-862C-468A-9FD0-4769D2590535}" = Windows Live Remote Client Resources
"{787EAD29-5498-4BDB-BDF4-670A86F28DFB}" = VirtualDJ LE (DJ4Set)
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A143876-9658-4A58-82E7-B5F02D942957}" = Windows Live Remote Client Resources
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F1E694F-1880-4D5F-BD27-A0D0A5379864}" = Iminent
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82EE333F-45A9-4585-A5D9-31FE16B7FB25}" = Windows Live Remote Service Resources
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{84D3CB13-C7EE-4A29-817E-D82697320BF5}" = Windows Live Remote Client Resources
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CB7DE-8087-48A0-8280-1658F423AAEF}" = Windows Live Remote Service Resources
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C6647F-AFE0-4CC2-8809-28A0B320D11B}" = Windows Live Remote Service Resources
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97124033-1253-4474-8B25-1AB314A920E6}" = Windows Live Remote Service Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9F9D4CE4-E4B9-4745-98C9-5A934DD0CE8C}" = HP Deskjet 3520 series - Grundlegende Software für das Gerät
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A4C16B19-10AA-4990-AA87-D14F653E3345}" = Windows Live Remote Client Resources
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8DDD59F-1413-40BD-B61C-77A0BDB2B22B}" = Easy Resolution Manager
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{A9ABC0A6-DC01-4102-BEC9-86974A73B214}" = Windows Live Remote Client Resources
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC259A12-6CD9-486D-A97A-B619EB46225A}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B512307E-543D-457E-B759-75E0D5B0BCDF}" = Windows Live Remote Client Resources
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F55C3E-30EE-4D25-8BAD-CEE4BF8C78EB}" = Windows Live Remote Client Resources
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BA8D4CEF-D23D-44AB-8A89-66E602253791}" = Windows Live Remote Service Resources
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources
"{C411942C-C26B-4450-8B9A-173DCC22AEC6}" = Windows Live Remote Service Resources
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4E7704D-5AFB-44CA-B8BA-F16C8FA46D5F}" = Windows Live Remote Service Resources
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD6CB7F1-1B8E-424A-9B81-F8D2F03958EC}" = Windows Live Remote Client Resources
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D378BEA1-912E-4827-B9DB-D3B2C3D0BD4A}" = Windows Live Remote Service Resources
"{D3CAE2CA-BE71-4CA4-9EB9-46E1C82E778B}" = Windows Live Remote Service Resources
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEDF8BAB-98D7-4CFA-9C42-27431EC4BD1F}" = Windows Live Remote Service Resources
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E1629C45-9CEF-498E-83CD-D6A09CADA176}" = Windows Live Remote Client Resources
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = SpeedUpMyPC
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E6617B44-D556-49AC-B2A3-01451E115043}" = Windows Live Remote Service Resources
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E7FB0043-24A5-4B30-AED6-01B47B44CB67}" = Windows Live Remote Client Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA76E65F-6679-495A-A8A6-42AD6602ED4C}" = EasyFileShare
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EAEA7ED1-22F0-4C1E-B001-E56F10E1A100}" = Windows Live Remote Client Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F81DB83D-A016-45A6-A6A0-135B1E6939EF}" = Windows Live Remote Service Resources
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced MP3/WMA Recorder" = Advanced MP3/WMA Recorder
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Deflectex" = Deflectex
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Elantech" = ETDWare PS/2-X86 8.0.7.2_WHQL
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903
"GanttProject" = GanttProject
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"IMBoosterARP" = Iminent
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mixidj" = MixiDJ Toolbar
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Optimizer Pro_is1" = Optimizer Pro v3.0
"PhotoScape" = PhotoScape
"StarterBackgroundChanger" = StarterBackgroundChanger
"STRATO HiDrive" = STRATO HiDrive (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.2
"WAV To MP3_is1" = WAV To MP3 V2
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite" = Windows Live 程式集
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/30/2012 12:00:25 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HP\HP
Deskjet 3520 series\DriverStore\Pipeline\amd64\hpinkinsB011.exe". Die abhängige
Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/30/2012 12:02:04 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/30/2012 12:07:05 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/30/2012 12:07:44 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/30/2012 12:07:46 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/31/2012 10:00:01 AM | Computer Name = MacDevet-PC | Source = Application Hang | ID = 1002
Description = Programm McUICnt.exe, Version 2.15.101.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 174c Startzeit:
01cde699e3679f73 Endzeit: 360 Anwendungspfad: C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
Berichts-ID:
50166dec-5352-11e2-b142-e81132d25d27
Error - 12/31/2012 10:17:00 AM | Computer Name = MacDevet-PC | Source = Windows Backup | ID = 4104
Description =
Error - 12/31/2012 1:01:03 PM | Computer Name = MacDevet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/31/2012 1:01:03 PM | Computer Name = MacDevet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13369
Error - 12/31/2012 1:01:03 PM | Computer Name = MacDevet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13369
[ System Events ]
Error - 12/15/2012 9:23:40 AM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 12/15/2012 11:37:58 AM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 12/15/2012 3:01:27 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NIHardwareService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 12/19/2012 2:08:11 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
Error - 12/22/2012 7:10:19 AM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 12/25/2012 3:17:08 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 12/25/2012 3:17:44 PM | Computer Name = MacDevet-PC | Source = DCOM | ID = 10010
Description =
Error - 12/25/2012 3:35:49 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 12/25/2012 3:37:30 PM | Computer Name = MacDevet-PC | Source = DCOM | ID = 10010
Description =
Error - 12/25/2012 3:39:51 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-19 14:39:06
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.2AJ1 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\MacDevet\AppData\Local\Temp\uxdoqkob.sys
---- System - GMER 2.1 ----
SSDT 8B48881E ZwCreateSection
SSDT 8B488828 ZwRequestWaitReplyPort
SSDT 8B488823 ZwSetContextThread
SSDT 8B48882D ZwSetSecurityObject
SSDT 8B488832 ZwSystemDebugControl
SSDT 8B4887BF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81E829F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EBC1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81EC353C 4 Bytes [1E, 88, 48, 8B] {PUSH DS; MOV [EAX-0x75], CL}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 81EC3898 4 Bytes [28, 88, 48, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 81EC38DC 4 Bytes [23, 88, 48, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 81EC3958 4 Bytes [2D, 88, 48, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 81EC39AC 4 Bytes [32, 88, 48, 8B]
.text ...
? System32\drivers\emyusyq.sys Das System kann den angegebenen Pfad nicht finden. !
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313ba9225
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4de9d8801
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313ba9225 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4de9d8801 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Danke im Voraus. Devet |
|
19.06.2013, 13:53
| #2 |
| /// the machine /// TB-Ausbilder    | GVU Trojaner; weitere Schritte nach Systemwiederherstellung Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
19.06.2013, 14:11
| #3 |
| | GVU Trojaner; weitere Schritte nach Systemwiederherstellung Danke für die superschnelle Reaktion.
__________________Hier sind die files. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by MacDevet (administrator) on 19-06-2013 15:06:27
Running from C:\Users\MacDevet\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Iminent) C:\Program Files\Common Files\Umbrella\umbrella.exe
(STRATO) C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(Uniblue Systems Ltd) C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\windows\system32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxtray.exe
(Intel Corporation) C:\windows\system32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
() C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10119784 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [1812264 2010-11-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UIExec] "C:\Program Files\1&1 Surf-Stick\UIExec.exe" [139088 2010-09-30] ()
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot [2701720 2012-11-26] (Hercules®)
HKLM\...\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [1074736 2013-04-25] (Iminent)
HKLM\...\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe [884784 2013-04-25] (Iminent)
HKCU\...\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN26F1G47005SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1 [1837672 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mixidj.claro-search.com/?affID=121139&babsrc=HP_ss&mntrId=28337f2b00000000000000ff12bd7de4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://mixidj.claro-search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=28337f2b00000000000000ff12bd7de4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://mixidj.claro-search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=28337f2b00000000000000ff12bd7de4
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: mixidj Helper Object - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM - MixiDJ Toolbar - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Delta Toolbar - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\ffxtlbr@delta.com
FF Extension: No Name - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE [16896 2012-09-06] (Hercules®)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-03-09] (Native Instruments GmbH)
R2 SProtection; C:\Program Files\Common Files\Umbrella\umbrella.exe [2839592 2013-05-28] (Iminent)
R2 STRATO HiDrive Service; C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-09] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-19] (Avira GmbH)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [200560 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [116008 2010-11-13] (ELAN Microelectronics Corp.)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [259440 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [237936 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-10-10] (Windows (R) 2003 DDK 3790 provider)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2010-10-07] (SAMSUNG ELECTRONICS)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2011-01-08] (The OpenVPN Project)
U3 uxdoqkob; \??\C:\Users\MacDevet\AppData\Local\Temp\uxdoqkob.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-19 15:06 - 2013-06-19 15:06 - 00000000 ____D C:\FRST
2013-06-19 15:05 - 2013-06-19 15:05 - 01367073 ____A (Farbar) C:\Users\MacDevet\Desktop\FRST.exe
2013-06-19 14:39 - 2013-06-19 14:39 - 00003128 ____A C:\Users\MacDevet\Desktop\GMER.log
2013-06-19 14:38 - 2013-06-19 14:38 - 00003128 ____A C:\Users\MacDevet\Documents\GMER.log
2013-06-19 13:41 - 2013-06-19 13:42 - 00095408 ____A C:\Users\MacDevet\Desktop\Extras.Txt
2013-06-19 13:37 - 2013-06-19 13:41 - 00064502 ____A C:\Users\MacDevet\Desktop\OTL.Txt
2013-06-19 13:14 - 2013-06-19 13:14 - 00377856 ____A C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
2013-06-19 13:12 - 2013-06-19 13:12 - 00602112 ____A (OldTimer Tools) C:\Users\MacDevet\Desktop\OTL.exe
2013-06-19 13:10 - 2013-06-19 13:11 - 00000478 ____A C:\Users\MacDevet\Desktop\defogger_disable.log
2013-06-19 13:10 - 2013-06-19 13:10 - 00000000 ____A C:\Users\MacDevet\defogger_reenable
2013-06-19 13:08 - 2013-06-19 13:08 - 00050477 ____A C:\Users\MacDevet\Desktop\Defogger.exe
2013-06-19 12:47 - 2013-06-19 12:47 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 12:46 - 2013-06-19 12:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 12:46 - 2013-06-19 12:46 - 00001067 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 12:46 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-19 12:44 - 2013-06-19 12:48 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\MacDevet\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-18 17:51 - 2013-06-18 17:51 - 00003416 ____N C:\bootsqm.dat
2013-06-13 03:09 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 03:09 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 03:01 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:01 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:01 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:39 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 19:39 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 19:39 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 19:39 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 19:39 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 19:39 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 19:39 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 19:39 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 19:37 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-30 11:38 - 2013-05-30 12:02 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-05-30 11:35 - 2013-05-30 11:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-30 11:35 - 2013-05-30 11:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-30 11:35 - 2013-05-30 11:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-30 11:35 - 2013-05-30 11:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-30 11:35 - 2013-05-30 11:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-30 11:34 - 2013-05-30 11:34 - 00000016 ____A C:\Users\MacDevet\persistent_state
2013-05-30 11:34 - 2013-05-30 11:34 - 00000000 ____D C:\Users\MacDevet\Zero G Registry
2013-05-30 11:32 - 2013-05-30 11:34 - 10211989 ____A (Zero G Software, Inc.) C:\Users\MacDevet\Downloads\Deflectex.exe
2013-05-25 07:24 - 2013-05-25 07:24 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 07:12 - 2013-05-30 11:45 - 00015155 ____A C:\Windows\IE10_main.log
==================== One Month Modified Files and Folders ========
2013-06-19 15:06 - 2013-06-19 15:06 - 00000000 ____D C:\FRST
2013-06-19 15:05 - 2013-06-19 15:05 - 01367073 ____A (Farbar) C:\Users\MacDevet\Desktop\FRST.exe
2013-06-19 14:39 - 2013-06-19 14:39 - 00003128 ____A C:\Users\MacDevet\Desktop\GMER.log
2013-06-19 14:38 - 2013-06-19 14:38 - 00003128 ____A C:\Users\MacDevet\Documents\GMER.log
2013-06-19 13:48 - 2012-06-24 18:28 - 00000000 ____D C:\Users\MacDevet\AppData\Local\CrashDumps
2013-06-19 13:42 - 2013-06-19 13:41 - 00095408 ____A C:\Users\MacDevet\Desktop\Extras.Txt
2013-06-19 13:41 - 2013-06-19 13:37 - 00064502 ____A C:\Users\MacDevet\Desktop\OTL.Txt
2013-06-19 13:26 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 13:26 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 13:22 - 2011-07-26 04:16 - 01832346 ____A C:\Windows\WindowsUpdate.log
2013-06-19 13:21 - 2013-04-26 19:15 - 00000252 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2013-06-19 13:18 - 2013-04-26 19:15 - 00000330 ____A C:\Windows\Tasks\spmonitor.job
2013-06-19 13:18 - 2010-11-20 23:48 - 00340496 ____A C:\Windows\PFRO.log
2013-06-19 13:18 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 13:18 - 2009-07-14 06:39 - 00073934 ____A C:\Windows\setupact.log
2013-06-19 13:17 - 2011-07-25 13:39 - 00000000 ____D C:\Windows\ru
2013-06-19 13:14 - 2013-06-19 13:14 - 00377856 ____A C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
2013-06-19 13:12 - 2013-06-19 13:12 - 00602112 ____A (OldTimer Tools) C:\Users\MacDevet\Desktop\OTL.exe
2013-06-19 13:11 - 2013-06-19 13:10 - 00000478 ____A C:\Users\MacDevet\Desktop\defogger_disable.log
2013-06-19 13:10 - 2013-06-19 13:10 - 00000000 ____A C:\Users\MacDevet\defogger_reenable
2013-06-19 13:10 - 2011-11-26 13:24 - 00000000 ____D C:\users\MacDevet
2013-06-19 13:08 - 2013-06-19 13:08 - 00050477 ____A C:\Users\MacDevet\Desktop\Defogger.exe
2013-06-19 12:48 - 2013-06-19 12:44 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\MacDevet\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-19 12:47 - 2013-06-19 12:47 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 12:47 - 2013-06-19 12:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 12:46 - 2013-06-19 12:46 - 00001067 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-18 18:12 - 2011-11-28 10:22 - 00000000 ____D C:\Program Files\1&1 Surf-Stick
2013-06-18 18:12 - 2011-07-25 12:41 - 00000000 ____D C:\ProgramData\WinClon
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-06-18 17:51 - 2013-06-18 17:51 - 00003416 ____N C:\bootsqm.dat
2013-06-13 03:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 03:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 03:02 - 2011-11-28 22:41 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 14:05 - 2013-04-20 14:56 - 00000000 ____D C:\hbbk
2013-06-09 10:09 - 2013-04-26 19:08 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\BabSolution
2013-06-08 13:42 - 2013-06-13 03:09 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-13 03:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 08:29 - 2010-11-20 23:01 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-03 22:59 - 2012-05-24 22:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-03 17:27 - 2013-01-19 21:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-30 12:12 - 2009-07-14 06:33 - 00287832 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 12:11 - 2013-04-26 19:09 - 00000000 ____D C:\Program Files\Common Files\Umbrella
2013-05-30 12:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-05-30 12:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-05-30 12:02 - 2013-05-30 11:38 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-05-30 11:45 - 2013-05-25 07:12 - 00015155 ____A C:\Windows\IE10_main.log
2013-05-30 11:35 - 2013-05-30 11:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-30 11:35 - 2013-05-30 11:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-30 11:35 - 2013-05-30 11:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-30 11:35 - 2013-05-30 11:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-30 11:35 - 2013-05-30 11:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-30 11:34 - 2013-05-30 11:34 - 00000016 ____A C:\Users\MacDevet\persistent_state
2013-05-30 11:34 - 2013-05-30 11:34 - 00000000 ____D C:\Users\MacDevet\Zero G Registry
2013-05-30 11:34 - 2013-05-30 11:32 - 10211989 ____A (Zero G Software, Inc.) C:\Users\MacDevet\Downloads\Deflectex.exe
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-05-25 07:24 - 2013-05-25 07:24 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 00:04
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2013 Ran by MacDevet at 2013-06-19 15:08:31 Run: Running from C:\Users\MacDevet\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= ???? ??? Windows Live (Version: 15.4.3502.0922) ???? Windows Live (Version: 15.4.3502.0922) ?????? ??????? ?? Windows Live (Version: 15.4.3502.0922) ???????? ?????????? Windows Live (Version: 15.4.3502.0922) ?????????? Windows Live (Version: 15.4.3502.0922) ??????????? ?? Windows Live (Version: 15.4.3502.0922) „Windows Live Essentials“ (Version: 15.4.3502.0922) „Windows Live Mail“ (Version: 15.4.3502.0922) „Windows Live Messenger“ (Version: 15.4.3502.0922) „Windows Live“ fotogalerija (Version: 15.4.3502.0922) 1&1 Surf-Stick (Version: 1.0.0.2) Adobe Flash Player 11 ActiveX (Version: 11.7.700.202) Adobe Flash Player 11 Plugin (Version: 11.4.402.287) Adobe Reader 9.5.4 - Deutsch (Version: 9.5.4) Advanced MP3/WMA Recorder Alice Greenfingers Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) Atheros Client Installation Program (Version: 9.0) Audacity 1.3.13 (Unicode) Avira Free Antivirus (Version: 12.1.9.1236) BatteryLifeExtender (Version: 1.0.11) Bonjour (Version: 3.0.0.10) Broadcom 802.11 Network Adapter (Version: 5.60.48.55) ChargeableUSB (Version: 1.0.0.0) CyberLink YouCam (Version: 2.0.3911) D3DX10 (Version: 15.4.2368.0902) Deflectex (Version: 1.0.0.0) Delta Chrome Toolbar Delta toolbar (Version: 1.8.16.16) Easy Content Share (Version: 1.0) Easy Display Manager (Version: 3.2) Easy Network Manager (Version: 4.4.7) Easy Resolution Manager (Version: 1.1.0) Easy SpeedUp Manager (Version: 2.1.1.1) EasyBatteryManager (Version: 4.0.0.4) EasyFileShare (Version: 1.0.11) ETDWare PS/2-X86 8.0.7.2_WHQL (Version: 8.0.7.2) Fast Booting SW (Version: 1.8.0.0) Fotogalerija Windows Live (Version: 15.4.3502.0922) Free M4a to MP3 Converter 7.1 Free YouTube to MP3 Converter version 3.11.30.903 (Version: 3.11.30.903) Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922) Galería fotográfica de Windows Live (Version: 15.4.3502.0922) Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922) Galerie de photos Windows Live (Version: 15.4.3502.0922) Galerie foto Windows Live (Version: 15.4.3502.0922) GanttProject GIMP 2.6.12 (Version: 2.6.12) Hercules DJ Products Series drivers (Version: 6.HDJS.2012) HP Deskjet 3520 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0) HP Deskjet 3520 series Hilfe (Version: 27.0.0) HP Deskjet 3520 series Setup Guide (Version: 27.0.0) HP Photo Creations (Version: 1.0.0.7702) HP Update (Version: 5.003.003.001) HPDiagnosticAlert (Version: 1.00.0000) Iminent (Version: 6.17.41.0) Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2117) Intel(R) Rapid Storage Technology (Version: 10.1.0.1008) iTunes (Version: 11.0.2.26) Java 7 Update 17 (Version: 7.0.170) Java Auto Updater (Version: 2.1.9.0) JavaFX 2.1.1 (Version: 2.1.1) Junk Mail filter update (Version: 15.4.3502.0922) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Marvell Miniport Driver (Version: 11.29.1.3) McAfee Security Scan Plus (Version: 3.0.318.3) Mesh Runtime (Version: 15.4.5722.2) MF Shutdown Manager 2.1.0 (Version: 2.1.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office 2010 (Version: 14.0.4763.1000) Microsoft Silverlight (Version: 4.1.10329.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MixiDJ Toolbar (Version: 1.8.4.1) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) Mozilla Thunderbird 11.0.1 (x86 de) (Version: 11.0.1) MSVCRT (Version: 15.4.2862.0708) Native Instruments Controller Editor Native Instruments Controller Editor (Version: 1.3.4.630) Native Instruments Service Center Native Instruments Service Center (Version: 2.2.5.596) Native Instruments Traktor 2 Native Instruments Traktor 2 (Version: 2.0.1.10169) No23 Recorder (Version: 2.1.0.3) OpenOffice.org 3.3 (Version: 3.3.9567) Optimizer Pro v3.0 (Version: 3.0) PhotoScape Poczta uslugi Windows Live (Version: 15.4.3502.0922) Podstawowe programy Windows Live (Version: 15.4.3502.0922) Pošta Windows Live (Version: 15.4.3502.0922) Raccolta foto di Windows Live (Version: 15.4.3502.0922) Realtek High Definition Audio Driver (Version: 6.0.1.6400) REALTEK PCIE Wireless LAN Software (Version: 0136.10.0325) S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922) Samsung Recovery Solution 4 (Version: 4.0.0.6) Samsung Support Center (Version: 1.1.24) Samsung Update Plus (Version: 2.0) Skype Click to Call (Version: 5.9.9216) Skype™ 5.10 (Version: 5.10.116) SpeedUpMyPC (Version: 5.3.4.5) StarterBackgroundChanger (Version: 0.8.0.0) STRATO HiDrive (remove only) TeamSpeak 3 Client User Guide (Version: 1.3) VirtualDJ Home FREE (Version: 7.3) VirtualDJ LE (DJ4Set) (Version: 7.0.5) VLC media player 2.0.2 (Version: 2.0.2) WAV To MP3 V2 WIDCOMM Bluetooth Software (Version: 6.3.0.6200) Windows Live ?? (Version: 15.4.3502.0922) Windows Live ?? ??? (Version: 15.4.3502.0922) Windows Live ??? (Version: 15.4.3502.0922) Windows Live ??? (Version: 15.4.3508.1109) Windows Live ???? (Version: 15.4.3502.0922) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live fotoattelu galerija (Version: 15.4.3502.0922) Windows Live Fotogaléria (Version: 15.4.3502.0922) Windows Live Fotogalerie (Version: 15.4.3502.0922) Windows Live Foto-galerija (Version: 15.4.3502.0922) Windows Live Fotogalleri (Version: 15.4.3502.0922) Windows Live Fotograf Galerisi (Version: 15.4.3502.0922) Windows Live Fotótár (Version: 15.4.3502.0922) Windows Live Galeria de Fotos (Version: 15.4.3502.0922) Windows Live Galerija fotografija (Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Messenger (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Pošta (Version: 15.4.3502.0922) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live Temel Parçalar (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Windows Liven asennustyökalu (Version: 15.4.3502.0922) Windows Liven sähköposti (Version: 15.4.3502.0922) Windows Liven valokuvavalikoima (Version: 15.4.3502.0922) ==================== Restore Points ========================= 02-06-2013 17:00:37 Windows-Sicherung 05-06-2013 21:35:50 Windows Update 09-06-2013 08:10:35 Windows Update 09-06-2013 17:00:39 Windows-Sicherung 13-06-2013 01:00:20 Windows Update 16-06-2013 17:55:18 Windows-Sicherung 19-06-2013 10:49:50 Windows Update ==================== Scheduled Tasks (whitelisted) ============= Task: {0C8A775D-3AE3-48FB-B9A5-CA1EE52A2348} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {0D64B43B-1A5A-4BB3-A3BA-2F4C1394647E} - System32\Tasks\SpeedUpMyPC => C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe [2013-01-08] (Uniblue Systems Ltd) Task: {14C3DDE0-D665-42C7-855A-BB436F7EA8A3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {19056CAD-90EA-4ACB-84FF-8CD0D65BC044} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {21999BFF-6B17-4C02-9CA5-01EED812EE39} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {389B1777-C122-46F3-A6EC-858A28BFAF7E} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.) Task: {435B9152-E045-49A0-9802-3FE20CDF60B2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics) Task: {466303E5-0805-44EC-8595-C63AFDEA3A21} - System32\Tasks\ChkWiz4VistaWin7 => C:\Sysprep\ChkWiz4VistaWin7.exe No File Task: {4D9DB629-9B67-4EAD-83D8-19BDAF3F1A89} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {67FA9649-111A-4C53-B4F7-07301BC82D53} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SFB\SmartRestarter.exe [2010-06-03] (Samsung Electronics Co., Ltd.) Task: {70EADF9A-5485-4ED7-97F5-879363B7F031} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.) Task: {748E5CA0-91B9-40B1-9127-C5CC09C9E964} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe No File Task: {9F764301-640E-4B52-B52C-13E6C45D1D1F} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.) Task: {AC8DE7C8-AEE0-44F4-B06B-9667FF756D78} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.) Task: {C7BF5F5C-9F99-4622-9629-FE2A16969A2C} - System32\Tasks\spmonitor => C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-01-08] (Uniblue Systems Ltd) Task: {D239326B-C51F-46BE-8387-4E7F37E345CD} - System32\Tasks\EPUpdater => C:\Users\MacDevet\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File Task: {F623BB0F-E7EE-4669-BC38-24FDC8A96392} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] () ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/19/2013 01:47:30 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00012288 ID des fehlerhaften Prozesses: 0x136c Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0 Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1 Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2 Berichtskennung: gmer_2.1.19163.exe3 Error: (06/19/2013 01:20:11 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 01:18:24 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) Description: Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error: (06/19/2013 00:43:17 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 00:41:18 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) Description: Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error: (06/18/2013 06:13:35 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) Description: Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error: (06/18/2013 06:10:02 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/18/2013 06:02:40 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/18/2013 05:55:54 PM) (Source: Iminent) (User: ) Description: Unexpected exception. System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner) bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner) bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks) bei System.Delegate.DynamicInvokeImpl(Object[] args) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler) Error: (06/18/2013 05:55:09 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/19/2013 01:18:32 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (06/19/2013 01:18:24 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error: (06/19/2013 00:41:23 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (06/19/2013 00:41:18 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error: (06/18/2013 06:13:39 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (06/18/2013 06:13:35 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error: (06/18/2013 06:09:38 PM) (Source: DCOM) (User: ) Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (06/18/2013 06:08:22 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD avipbb avkmgr cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SABI spldr ssmdrv tdx vwififlt Wanarpv6 WfpLwf Error: (06/18/2013 06:08:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (06/18/2013 06:08:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (06/19/2013 01:47:30 PM) (Source: Application Error)(User: ) Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c000000500012288136c01ce6ce253d3292bC:\Users\MacDevet\Downloads\gmer_2.1.19163.exeC:\Users\MacDevet\Downloads\gmer_2.1.19163.exe05490d43-d8d6-11e2-80d2-e81132d25d27 Error: (06/19/2013 01:20:11 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 01:18:24 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT) Description: 0x35 Error: (06/19/2013 00:43:17 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 00:41:18 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT) Description: 0x35 Error: (06/18/2013 06:13:35 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT) Description: 0x35 Error: (06/18/2013 06:10:02 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/18/2013 06:02:40 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/18/2013 05:55:54 PM) (Source: Iminent)(User: ) Description: Unexpected exception. System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner) bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner) bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks) bei System.Delegate.DynamicInvokeImpl(Object[] args) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler) Error: (06/18/2013 05:55:09 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 84% Total physical RAM: 1013.3 MB Available physical RAM: 157.11 MB Total Pagefile: 2075.57 MB Available Pagefile: 924.58 MB Total Virtual: 2047.88 MB Available Virtual: 1900.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:112 GB) (Free:27.65 GB) NTFS Drive d: () (Fixed) (Total:165.99 GB) (Free:19.39 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: CD3D43EB) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended) ==================== End Of Log ============================ Devet |
|
19.06.2013, 14:38
| #4 | |
| /// the machine /// TB-Ausbilder | GVU Trojaner; weitere Schritte nach SystemwiederherstellungCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.06.2013, 15:17
| #5 |
| | GVU Trojaner; weitere Schritte nach Systemwiederherstellung Hier der aktuelle file. Code:
ATTFilter ComboFix 13-06-18.02 - MacDevet 19.06.2013 15:52:40.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1013.25 [GMT 2:00]
ausgeführt von:: c:\users\MacDevet\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Windows Live\Messenger\msacm32.dll
c:\programdata\FullRemove.exe
c:\users\MacDevet\AppData\Local\lame_enc.dll
c:\users\MacDevet\AppData\Local\no23xwrapper.dll
c:\users\MacDevet\AppData\Local\ogg.dll
c:\users\MacDevet\AppData\Local\vorbis.dll
c:\users\MacDevet\AppData\Local\vorbisenc.dll
c:\users\MacDevet\AppData\Local\vorbisfile.dll
c:\users\MacDevet\AppData\Roaming\BabMaint.exe
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-19 bis 2013-06-19 ))))))))))))))))))))))))))))))
.
.
2013-06-19 14:09 . 2013-06-19 14:10 -------- d-----w- c:\users\MacDevet\AppData\Local\temp
2013-06-19 14:09 . 2013-06-19 14:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-19 13:06 . 2013-06-19 13:06 -------- d-----w- C:\FRST
2013-06-19 10:54 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6F5878C-F306-4CA9-BE10-0E5B654B1E35}\mpengine.dll
2013-06-19 10:47 . 2013-06-19 10:47 -------- d-----w- c:\users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 10:46 . 2013-06-19 10:46 -------- d-----w- c:\programdata\Malwarebytes
2013-06-19 10:46 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-19 10:46 . 2013-06-19 10:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-19 10:46 . 2013-06-19 10:46 -------- d-----w- c:\users\MacDevet\AppData\Local\Programs
2013-06-13 01:09 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-13 01:09 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 17:39 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 17:39 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 17:39 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 17:39 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 17:39 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 17:39 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 17:39 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 17:39 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 17:37 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-03 15:27 . 2013-06-03 15:27 262552 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-30 09:50 . 2013-05-30 09:50 -------- d-----w- c:\program files\Explorationen
2013-05-30 09:38 . 2013-05-30 10:02 -------- d--h--w- c:\program files\Zero G Registry
2013-05-30 09:34 . 2013-05-30 09:34 -------- d-----w- c:\users\MacDevet\Zero G Registry
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 09:02 . 2012-05-17 08:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-18 09:02 . 2011-11-26 12:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-18 08:56 . 2010-06-24 02:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2011-11-26 12:03 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 13:45 . 2013-04-23 19:47 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-17 15:33 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 05:18 . 2013-05-17 15:33 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:14 . 2013-05-17 15:33 2347520 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3520 series (NET)"="c:\program files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-25 10119784]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2010-11-12 1812264]
"UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2012-11-26 2701720]
"Iminent"="c:\program files\Iminent\Iminent.exe" [2013-04-25 1074736]
"IminentMessenger"="c:\program files\Iminent\Iminent.Messengers.exe" [2013-04-25 884784]
.
c:\users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN26F1G47005SY;CONNECTION=NW;MONITOR=1; [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-21 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-13 297000]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 33320]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2012-10-30 200560]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2012-10-30 259440]
R3 HDJMidi;Hercules DJ 4Set MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2012-10-30 237936]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-29 9216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 10752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE [2012-09-06 16896]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-03-09 3857408]
S2 SProtection;SProtection;c:\program files\Common Files\Umbrella\umbrella.exe [2013-05-28 2839592]
S2 STRATO HiDrive Service;STRATO HiDrive Service;c:\program files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [2011-11-14 32768]
S2 UI Assistant Service;UI Assistant Service;c:\program files\1&1 Surf-Stick\AssistantServices.exe [2010-09-30 253264]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 116008]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-08-30 315680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - UXDOQKOB
*Deregistered* - uxdoqkob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-19 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\sump.exe [2013-04-26 09:27]
.
2013-06-19 c:\windows\Tasks\spmonitor.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-04-26 09:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mixidj.claro-search.com/?affID=121139&babsrc=HP_ss&mntrId=28337f2b00000000000000ff12bd7de4
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\MacDevet\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\
FF - ExtSQL: 2013-04-26 19:08; ffxtlbr@delta.com; c:\users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-04-26 19:10; webbooster@iminent.com; c:\program files\Iminent\webbooster@iminent.com
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=28337f2b00000000000000ff12bd7de4&q=
FF - user.js: extensions.BabylonToolbar.id - 28337f2b00000000000000ff12bd7de4
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15744
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.1017:03
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - uninst
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=120307
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar.newTab - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 28337f2b00000000000000ff12bd7de4
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15821
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1619:08
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.mixidj.tlbrSrchUrl -
FF - user.js: extensions.mixidj.id - 28337f2b00000000000000ff12bd7de4
FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
FF - user.js: extensions.mixidj.instlDay - 15821
FF - user.js: extensions.mixidj.vrsn - 1.8.4.1
FF - user.js: extensions.mixidj.vrsni - 1.8.4.1
FF - user.js: extensions.mixidj_i.vrsnTs - 1.8.4.119:14
FF - user.js: extensions.mixidj.prtnrId - mixidj
FF - user.js: extensions.mixidj.prdct - mixidj
FF - user.js: extensions.mixidj.aflt - babsst
FF - user.js: extensions.mixidj_i.smplGrp - none
FF - user.js: extensions.mixidj.tlbrId - base
FF - user.js: extensions.mixidj.instlRef - sst
FF - user.js: extensions.mixidj.dfltLng - en
FF - user.js: extensions.mixidj_i.excTlbr - false
FF - user.js: extensions.mixidj.excTlbr - false
FF - user.js: extensions.mixidj.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-19 16:15:32
ComboFix-quarantined-files.txt 2013-06-19 14:15
.
Vor Suchlauf: 16 Verzeichnis(se), 32.391.610.368 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 33.997.242.368 Bytes frei
.
- - End Of File - - 8B66152663615648BAFE63FA60C45B6A
2E5DEBB2116B3417023E0D6562D7ED07
Devet |
|
19.06.2013, 15:48
| #6 |
| /// the machine /// TB-Ausbilder | GVU Trojaner; weitere Schritte nach Systemwiederherstellung Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ --> GVU Trojaner; weitere Schritte nach Systemwiederherstellung |
|
19.06.2013, 16:16
| #7 |
| | GVU Trojaner; weitere Schritte nach Systemwiederherstellung Hier die aktuellen files. AdwClearner Code:
ATTFilter # AdwCleaner v2.303 - Datei am 19/06/2013 um 16:56:10 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : MacDevet - MACDEVET-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MacDevet\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : SProtection
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\searchplugins\delta.xml
Datei Gelöscht : C:\windows\Tasks\SpeedUpMyPC.job
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Common Files\Umbrella
Ordner Gelöscht : C:\Program Files\Delta
Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
Ordner Gelöscht : C:\Program Files\Iminent
Ordner Gelöscht : C:\Program Files\mixidj
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Ordner Gelöscht : C:\Users\MacDevet\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\MacDevet\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\MacDevet\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\MacDevet\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\MacDevet\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\windows\Installer\{7F1E694F-1880-4D5F-BD27-A0D0A5379864}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\59edddab36aee13
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\mixidj
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\59edddab36aee13
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\F496E1F70881F5D4DB720A0D5A738946
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\F496E1F70881F5D4DB720A0D5A738946
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\DomaIQ
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kpepfkjapeclaafmhoelccknpfedainn
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B4750D705E2564409328D661F3A08E1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26E983F1377593143A37E3BA1C65CB74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C036A97566BFD147A3318BA9E8EA65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CC84F27D09408149894EC0F9A7C017F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4BDFB2601A205D344828E68FC902CAE9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D010CDB0C7815A48A7F780C5F8AACA7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AFEEBDA8013CAA74C8052DC06F9F22D8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC063FFF6402E614191D191F0DE5C5B4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F18FD125C322BC84286AD21D8B685F2F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C8F66181D6DDD488BB6F772F71324A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F496E1F70881F5D4DB720A0D5A738946
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F1E694F-1880-4D5F-BD27-A0D0A5379864}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mixidj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\Software\mixidj
Schlüssel Gelöscht : HKLM\Software\Umbrella
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mixidj.claro-search.com/?affID=121139&babsrc=HP_ss&mntrId=28337f2b00000000000000ff12bd7de4 --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\prefs.js
C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\user.js ... Gelöscht !
Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=120307&babsrc=HP_ss&mntrId[...]
Gelöscht : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "28337f2b00000000000000ff12bd7de4");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15744");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1017:03:33");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=120307");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://mixidj.claro-search.com/?affID=121139&bab[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "28337f2b00000000000000ff12bd7de4");
Gelöscht : user_pref("extensions.delta.instlDay", "15821");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1619:08:15");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
*************************
AdwCleaner[S1].txt - [41185 octets] - [19/06/2013 16:56:10]
########## EOF - C:\AdwCleaner[S1].txt - [41246 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Starter x86
Ran by MacDevet on 19.06.2013 at 17:02:48,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\invalidprefs.js
Emptied folder: C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\minidumps [49 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.06.2013 at 17:08:42,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by MacDevet (administrator) on 19-06-2013 17:10:18
Running from C:\Users\MacDevet\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(STRATO) C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Uniblue Systems Ltd) C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\windows\system32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxtray.exe
(Intel Corporation) C:\windows\system32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10119784 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [1812264 2010-11-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UIExec] "C:\Program Files\1&1 Surf-Stick\UIExec.exe" [139088 2010-09-30] ()
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot [2701720 2012-11-26] (Hercules®)
HKCU\...\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN26F1G47005SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1 [1837672 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE [16896 2012-09-06] (Hercules®)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-03-09] (Native Instruments GmbH)
R2 STRATO HiDrive Service; C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-09] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-19] (Avira GmbH)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [200560 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [116008 2010-11-13] (ELAN Microelectronics Corp.)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [259440 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [237936 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-10-10] (Windows (R) 2003 DDK 3790 provider)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2010-10-07] (SAMSUNG ELECTRONICS)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2011-01-08] (The OpenVPN Project)
S3 catchme; \??\C:\Users\MacDevet\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-19 17:08 - 2013-06-19 17:09 - 00000880 ____A C:\Users\MacDevet\Desktop\JRT.txt
2013-06-19 17:02 - 2013-06-19 17:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 17:01 - 2013-06-19 17:01 - 00000000 ____D C:\JRT
2013-06-19 17:00 - 2013-06-19 17:00 - 00041316 ____A C:\Users\MacDevet\Desktop\AdwCleaner[S1].txt
2013-06-19 16:59 - 2013-06-19 17:00 - 00000252 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2013-06-19 16:56 - 2013-06-19 16:56 - 00041316 ____A C:\AdwCleaner[S1].txt
2013-06-19 16:53 - 2013-06-19 16:54 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\MacDevet\Desktop\JRT.exe
2013-06-19 16:52 - 2013-06-19 16:53 - 00648201 ____A C:\Users\MacDevet\Desktop\adwcleaner.exe
2013-06-19 16:15 - 2013-06-19 16:15 - 00015027 ____A C:\ComboFix.txt
2013-06-19 15:48 - 2013-06-19 16:15 - 00000000 ____D C:\Qoobox
2013-06-19 15:48 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-19 15:48 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-19 15:48 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-19 15:47 - 2013-06-19 16:12 - 00000000 ____D C:\Windows\erdnt
2013-06-19 15:45 - 2013-06-19 15:46 - 05081021 ____R (Swearware) C:\Users\MacDevet\Desktop\ComboFix.exe
2013-06-19 15:08 - 2013-06-19 15:09 - 00021085 ____A C:\Users\MacDevet\Desktop\Addition.txt
2013-06-19 15:06 - 2013-06-19 15:06 - 00000000 ____D C:\FRST
2013-06-19 15:05 - 2013-06-19 15:05 - 01367073 ____A (Farbar) C:\Users\MacDevet\Desktop\FRST.exe
2013-06-19 14:39 - 2013-06-19 14:39 - 00003128 ____A C:\Users\MacDevet\Desktop\GMER.log
2013-06-19 14:38 - 2013-06-19 14:38 - 00003128 ____A C:\Users\MacDevet\Documents\GMER.log
2013-06-19 13:41 - 2013-06-19 13:42 - 00095408 ____A C:\Users\MacDevet\Desktop\Extras.Txt
2013-06-19 13:37 - 2013-06-19 13:41 - 00064502 ____A C:\Users\MacDevet\Desktop\OTL.Txt
2013-06-19 13:14 - 2013-06-19 13:14 - 00377856 ____A C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
2013-06-19 13:12 - 2013-06-19 13:12 - 00602112 ____A (OldTimer Tools) C:\Users\MacDevet\Desktop\OTL.exe
2013-06-19 13:10 - 2013-06-19 13:11 - 00000478 ____A C:\Users\MacDevet\Desktop\defogger_disable.log
2013-06-19 13:10 - 2013-06-19 13:10 - 00000000 ____A C:\Users\MacDevet\defogger_reenable
2013-06-19 13:08 - 2013-06-19 13:08 - 00050477 ____A C:\Users\MacDevet\Desktop\Defogger.exe
2013-06-19 12:47 - 2013-06-19 12:47 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 12:46 - 2013-06-19 12:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 12:46 - 2013-06-19 12:46 - 00001067 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 12:46 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-19 12:44 - 2013-06-19 12:48 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\MacDevet\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-13 03:09 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 03:09 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 03:01 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:01 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:01 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:39 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 19:39 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 19:39 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 19:39 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 19:39 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 19:39 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 19:39 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 19:39 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 19:37 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-30 11:38 - 2013-05-30 12:02 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-05-30 11:35 - 2013-05-30 11:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-30 11:35 - 2013-05-30 11:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-30 11:35 - 2013-05-30 11:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-30 11:35 - 2013-05-30 11:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-30 11:35 - 2013-05-30 11:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-30 11:34 - 2013-05-30 11:34 - 00000016 ____A C:\Users\MacDevet\persistent_state
2013-05-30 11:34 - 2013-05-30 11:34 - 00000000 ____D C:\Users\MacDevet\Zero G Registry
2013-05-30 11:32 - 2013-05-30 11:34 - 10211989 ____A (Zero G Software, Inc.) C:\Users\MacDevet\Downloads\Deflectex.exe
2013-05-25 07:24 - 2013-05-25 07:24 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 07:12 - 2013-05-30 11:45 - 00015155 ____A C:\Windows\IE10_main.log
==================== One Month Modified Files and Folders ========
2013-06-19 17:09 - 2013-06-19 17:08 - 00000880 ____A C:\Users\MacDevet\Desktop\JRT.txt
2013-06-19 17:06 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 17:06 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 17:02 - 2013-06-19 17:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 17:01 - 2013-06-19 17:01 - 00000000 ____D C:\JRT
2013-06-19 17:00 - 2013-06-19 17:00 - 00041316 ____A C:\Users\MacDevet\Desktop\AdwCleaner[S1].txt
2013-06-19 17:00 - 2013-06-19 16:59 - 00000252 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2013-06-19 16:59 - 2013-04-26 19:15 - 00000330 ____A C:\Windows\Tasks\spmonitor.job
2013-06-19 16:58 - 2010-11-20 23:48 - 00341048 ____A C:\Windows\PFRO.log
2013-06-19 16:58 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 16:58 - 2009-07-14 06:39 - 00073990 ____A C:\Windows\setupact.log
2013-06-19 16:57 - 2011-07-26 04:16 - 01843684 ____A C:\Windows\WindowsUpdate.log
2013-06-19 16:56 - 2013-06-19 16:56 - 00041316 ____A C:\AdwCleaner[S1].txt
2013-06-19 16:54 - 2013-06-19 16:53 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\MacDevet\Desktop\JRT.exe
2013-06-19 16:53 - 2013-06-19 16:52 - 00648201 ____A C:\Users\MacDevet\Desktop\adwcleaner.exe
2013-06-19 16:15 - 2013-06-19 16:15 - 00015027 ____A C:\ComboFix.txt
2013-06-19 16:15 - 2013-06-19 15:48 - 00000000 ____D C:\Qoobox
2013-06-19 16:15 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-06-19 16:12 - 2013-06-19 15:47 - 00000000 ____D C:\Windows\erdnt
2013-06-19 16:10 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-06-19 15:46 - 2013-06-19 15:45 - 05081021 ____R (Swearware) C:\Users\MacDevet\Desktop\ComboFix.exe
2013-06-19 15:09 - 2013-06-19 15:08 - 00021085 ____A C:\Users\MacDevet\Desktop\Addition.txt
2013-06-19 15:06 - 2013-06-19 15:06 - 00000000 ____D C:\FRST
2013-06-19 15:05 - 2013-06-19 15:05 - 01367073 ____A (Farbar) C:\Users\MacDevet\Desktop\FRST.exe
2013-06-19 14:39 - 2013-06-19 14:39 - 00003128 ____A C:\Users\MacDevet\Desktop\GMER.log
2013-06-19 14:38 - 2013-06-19 14:38 - 00003128 ____A C:\Users\MacDevet\Documents\GMER.log
2013-06-19 13:48 - 2012-06-24 18:28 - 00000000 ____D C:\Users\MacDevet\AppData\Local\CrashDumps
2013-06-19 13:42 - 2013-06-19 13:41 - 00095408 ____A C:\Users\MacDevet\Desktop\Extras.Txt
2013-06-19 13:41 - 2013-06-19 13:37 - 00064502 ____A C:\Users\MacDevet\Desktop\OTL.Txt
2013-06-19 13:17 - 2011-07-25 13:39 - 00000000 ____D C:\Windows\ru
2013-06-19 13:14 - 2013-06-19 13:14 - 00377856 ____A C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
2013-06-19 13:12 - 2013-06-19 13:12 - 00602112 ____A (OldTimer Tools) C:\Users\MacDevet\Desktop\OTL.exe
2013-06-19 13:11 - 2013-06-19 13:10 - 00000478 ____A C:\Users\MacDevet\Desktop\defogger_disable.log
2013-06-19 13:10 - 2013-06-19 13:10 - 00000000 ____A C:\Users\MacDevet\defogger_reenable
2013-06-19 13:10 - 2011-11-26 13:24 - 00000000 ____D C:\users\MacDevet
2013-06-19 13:08 - 2013-06-19 13:08 - 00050477 ____A C:\Users\MacDevet\Desktop\Defogger.exe
2013-06-19 12:48 - 2013-06-19 12:44 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\MacDevet\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-19 12:47 - 2013-06-19 12:47 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 12:47 - 2013-06-19 12:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 12:46 - 2013-06-19 12:46 - 00001067 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-18 18:12 - 2011-11-28 10:22 - 00000000 ____D C:\Program Files\1&1 Surf-Stick
2013-06-18 18:12 - 2011-07-25 12:41 - 00000000 ____D C:\ProgramData\WinClon
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-06-13 03:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 03:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 03:02 - 2011-11-28 22:41 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 14:05 - 2013-04-20 14:56 - 00000000 ____D C:\hbbk
2013-06-08 13:42 - 2013-06-13 03:09 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-13 03:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 08:29 - 2010-11-20 23:01 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-03 22:59 - 2012-05-24 22:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-03 17:27 - 2013-01-19 21:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-30 12:12 - 2009-07-14 06:33 - 00287832 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 12:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-05-30 12:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-05-30 12:02 - 2013-05-30 11:38 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-05-30 11:45 - 2013-05-25 07:12 - 00015155 ____A C:\Windows\IE10_main.log
2013-05-30 11:35 - 2013-05-30 11:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-30 11:35 - 2013-05-30 11:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-30 11:35 - 2013-05-30 11:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-30 11:35 - 2013-05-30 11:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-30 11:35 - 2013-05-30 11:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-30 11:34 - 2013-05-30 11:34 - 00000016 ____A C:\Users\MacDevet\persistent_state
2013-05-30 11:34 - 2013-05-30 11:34 - 00000000 ____D C:\Users\MacDevet\Zero G Registry
2013-05-30 11:34 - 2013-05-30 11:32 - 10211989 ____A (Zero G Software, Inc.) C:\Users\MacDevet\Downloads\Deflectex.exe
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-05-25 07:24 - 2013-05-25 07:24 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 00:04
==================== End Of Log ============================
Gruß Devet |
|
19.06.2013, 18:49
| #8 |
| /// the machine /// TB-Ausbilder | GVU Trojaner; weitere Schritte nach Systemwiederherstellung Supi, jetzt noch Kontrollscan: ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.06.2013, 18:55
| #9 |
| | GVU Trojaner; weitere Schritte nach Systemwiederherstellung Online-check hat ein wenig länger gedauert, sorry. Hier der log-file Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5eea4a1a04c2d443b247748be4673ea6
# engine=14113
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-20 06:30:18
# local_time=2013-06-20 08:30:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 100 54249 237129508 46981 0
# compatibility_mode=5893 16776573 100 94 70554 123341009 0 0
# scanned=114835
# found=2
# cleaned=0
# scan_time=44189
sh=69CA38487338FE83C215275F62452D56D132FFFD ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\MacDevet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HF8MCDTD\ad1_bobiporn_xxx[1].htm"
sh=432A293ECD742A1E4184C1B631F4B2576F26B26F ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\MACDEVET-PC\Backup Set 2013-04-22 195614\Backup Files 2013-05-28 144913\Backup files 1.zip"
Bin mir aber nicht sicher ob das so sein muss. ;-) Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by MacDevet (administrator) on 20-06-2013 19:50:52
Running from C:\Users\MacDevet\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(STRATO) C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Uniblue Systems Ltd) C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\windows\system32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxtray.exe
(Intel Corporation) C:\windows\system32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10119784 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [1812264 2010-11-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UIExec] "C:\Program Files\1&1 Surf-Stick\UIExec.exe" [139088 2010-09-30] ()
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot [2701720 2012-11-26] (Hercules®)
HKCU\...\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN26F1G47005SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1 [1837672 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE [16896 2012-09-06] (Hercules®)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-03-09] (Native Instruments GmbH)
R2 STRATO HiDrive Service; C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-09] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-19] (Avira GmbH)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [200560 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [116008 2010-11-13] (ELAN Microelectronics Corp.)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [259440 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [237936 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-10-10] (Windows (R) 2003 DDK 3790 provider)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2010-10-07] (SAMSUNG ELECTRONICS)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2011-01-08] (The OpenVPN Project)
S3 catchme; \??\C:\Users\MacDevet\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-20 19:48 - 2013-06-20 19:48 - 00890839 ____A C:\Users\MacDevet\Desktop\SecurityCheck.exe
2013-06-19 20:07 - 2013-06-19 20:08 - 02347384 ____A (ESET) C:\Users\MacDevet\Desktop\esetsmartinstaller_enu.exe
2013-06-19 17:08 - 2013-06-19 17:09 - 00000880 ____A C:\Users\MacDevet\Desktop\JRT.txt
2013-06-19 17:02 - 2013-06-19 17:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 17:01 - 2013-06-19 17:01 - 00000000 ____D C:\JRT
2013-06-19 17:00 - 2013-06-19 17:00 - 00041316 ____A C:\Users\MacDevet\Desktop\AdwCleaner[S1].txt
2013-06-19 16:59 - 2013-06-19 17:00 - 00000252 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2013-06-19 16:56 - 2013-06-19 16:56 - 00041316 ____A C:\AdwCleaner[S1].txt
2013-06-19 16:53 - 2013-06-19 16:54 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\MacDevet\Desktop\JRT.exe
2013-06-19 16:52 - 2013-06-19 16:53 - 00648201 ____A C:\Users\MacDevet\Desktop\adwcleaner.exe
2013-06-19 16:15 - 2013-06-19 16:15 - 00015027 ____A C:\ComboFix.txt
2013-06-19 15:48 - 2013-06-19 16:15 - 00000000 ____D C:\Qoobox
2013-06-19 15:48 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-19 15:48 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-19 15:48 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-19 15:47 - 2013-06-19 16:12 - 00000000 ____D C:\Windows\erdnt
2013-06-19 15:45 - 2013-06-19 15:46 - 05081021 ____R (Swearware) C:\Users\MacDevet\Desktop\ComboFix.exe
2013-06-19 15:08 - 2013-06-19 15:09 - 00021085 ____A C:\Users\MacDevet\Desktop\Addition.txt
2013-06-19 15:06 - 2013-06-19 15:06 - 00000000 ____D C:\FRST
2013-06-19 15:05 - 2013-06-19 15:05 - 01367073 ____A (Farbar) C:\Users\MacDevet\Desktop\FRST.exe
2013-06-19 14:39 - 2013-06-19 14:39 - 00003128 ____A C:\Users\MacDevet\Desktop\GMER.log
2013-06-19 14:38 - 2013-06-19 14:38 - 00003128 ____A C:\Users\MacDevet\Documents\GMER.log
2013-06-19 13:41 - 2013-06-19 13:42 - 00095408 ____A C:\Users\MacDevet\Desktop\Extras.Txt
2013-06-19 13:37 - 2013-06-19 13:41 - 00064502 ____A C:\Users\MacDevet\Desktop\OTL.Txt
2013-06-19 13:14 - 2013-06-19 13:14 - 00377856 ____A C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
2013-06-19 13:12 - 2013-06-19 13:12 - 00602112 ____A (OldTimer Tools) C:\Users\MacDevet\Desktop\OTL.exe
2013-06-19 13:10 - 2013-06-19 13:11 - 00000478 ____A C:\Users\MacDevet\Desktop\defogger_disable.log
2013-06-19 13:10 - 2013-06-19 13:10 - 00000000 ____A C:\Users\MacDevet\defogger_reenable
2013-06-19 13:08 - 2013-06-19 13:08 - 00050477 ____A C:\Users\MacDevet\Desktop\Defogger.exe
2013-06-19 12:47 - 2013-06-19 12:47 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 12:46 - 2013-06-19 12:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 12:46 - 2013-06-19 12:46 - 00001067 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 12:46 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-19 12:44 - 2013-06-19 12:48 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\MacDevet\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-13 03:09 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 03:09 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 03:01 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:01 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:01 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:39 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 19:39 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 19:39 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 19:39 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 19:39 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 19:39 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 19:39 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 19:39 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 19:37 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-30 11:38 - 2013-05-30 12:02 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-05-30 11:35 - 2013-05-30 11:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-30 11:35 - 2013-05-30 11:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-30 11:35 - 2013-05-30 11:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-30 11:35 - 2013-05-30 11:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-30 11:35 - 2013-05-30 11:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-30 11:34 - 2013-05-30 11:34 - 00000016 ____A C:\Users\MacDevet\persistent_state
2013-05-30 11:34 - 2013-05-30 11:34 - 00000000 ____D C:\Users\MacDevet\Zero G Registry
2013-05-30 11:32 - 2013-05-30 11:34 - 10211989 ____A (Zero G Software, Inc.) C:\Users\MacDevet\Downloads\Deflectex.exe
2013-05-25 07:24 - 2013-05-25 07:24 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 07:12 - 2013-05-30 11:45 - 00015155 ____A C:\Windows\IE10_main.log
==================== One Month Modified Files and Folders ========
2013-06-20 19:48 - 2013-06-20 19:48 - 00890839 ____A C:\Users\MacDevet\Desktop\SecurityCheck.exe
2013-06-20 07:05 - 2011-07-26 04:16 - 01856317 ____A C:\Windows\WindowsUpdate.log
2013-06-19 20:08 - 2013-06-19 20:07 - 02347384 ____A (ESET) C:\Users\MacDevet\Desktop\esetsmartinstaller_enu.exe
2013-06-19 17:09 - 2013-06-19 17:08 - 00000880 ____A C:\Users\MacDevet\Desktop\JRT.txt
2013-06-19 17:06 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 17:06 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 17:02 - 2013-06-19 17:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 17:01 - 2013-06-19 17:01 - 00000000 ____D C:\JRT
2013-06-19 17:00 - 2013-06-19 17:00 - 00041316 ____A C:\Users\MacDevet\Desktop\AdwCleaner[S1].txt
2013-06-19 17:00 - 2013-06-19 16:59 - 00000252 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2013-06-19 16:59 - 2013-04-26 19:15 - 00000330 ____A C:\Windows\Tasks\spmonitor.job
2013-06-19 16:58 - 2010-11-20 23:48 - 00341048 ____A C:\Windows\PFRO.log
2013-06-19 16:58 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 16:58 - 2009-07-14 06:39 - 00073990 ____A C:\Windows\setupact.log
2013-06-19 16:56 - 2013-06-19 16:56 - 00041316 ____A C:\AdwCleaner[S1].txt
2013-06-19 16:54 - 2013-06-19 16:53 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\MacDevet\Desktop\JRT.exe
2013-06-19 16:53 - 2013-06-19 16:52 - 00648201 ____A C:\Users\MacDevet\Desktop\adwcleaner.exe
2013-06-19 16:15 - 2013-06-19 16:15 - 00015027 ____A C:\ComboFix.txt
2013-06-19 16:15 - 2013-06-19 15:48 - 00000000 ____D C:\Qoobox
2013-06-19 16:15 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-06-19 16:12 - 2013-06-19 15:47 - 00000000 ____D C:\Windows\erdnt
2013-06-19 16:10 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-06-19 15:46 - 2013-06-19 15:45 - 05081021 ____R (Swearware) C:\Users\MacDevet\Desktop\ComboFix.exe
2013-06-19 15:09 - 2013-06-19 15:08 - 00021085 ____A C:\Users\MacDevet\Desktop\Addition.txt
2013-06-19 15:06 - 2013-06-19 15:06 - 00000000 ____D C:\FRST
2013-06-19 15:05 - 2013-06-19 15:05 - 01367073 ____A (Farbar) C:\Users\MacDevet\Desktop\FRST.exe
2013-06-19 14:39 - 2013-06-19 14:39 - 00003128 ____A C:\Users\MacDevet\Desktop\GMER.log
2013-06-19 14:38 - 2013-06-19 14:38 - 00003128 ____A C:\Users\MacDevet\Documents\GMER.log
2013-06-19 13:48 - 2012-06-24 18:28 - 00000000 ____D C:\Users\MacDevet\AppData\Local\CrashDumps
2013-06-19 13:42 - 2013-06-19 13:41 - 00095408 ____A C:\Users\MacDevet\Desktop\Extras.Txt
2013-06-19 13:41 - 2013-06-19 13:37 - 00064502 ____A C:\Users\MacDevet\Desktop\OTL.Txt
2013-06-19 13:17 - 2011-07-25 13:39 - 00000000 ____D C:\Windows\ru
2013-06-19 13:14 - 2013-06-19 13:14 - 00377856 ____A C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
2013-06-19 13:12 - 2013-06-19 13:12 - 00602112 ____A (OldTimer Tools) C:\Users\MacDevet\Desktop\OTL.exe
2013-06-19 13:11 - 2013-06-19 13:10 - 00000478 ____A C:\Users\MacDevet\Desktop\defogger_disable.log
2013-06-19 13:10 - 2013-06-19 13:10 - 00000000 ____A C:\Users\MacDevet\defogger_reenable
2013-06-19 13:10 - 2011-11-26 13:24 - 00000000 ____D C:\users\MacDevet
2013-06-19 13:08 - 2013-06-19 13:08 - 00050477 ____A C:\Users\MacDevet\Desktop\Defogger.exe
2013-06-19 12:48 - 2013-06-19 12:44 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\MacDevet\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-19 12:47 - 2013-06-19 12:47 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 12:47 - 2013-06-19 12:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 12:46 - 2013-06-19 12:46 - 00001067 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-18 18:12 - 2011-11-28 10:22 - 00000000 ____D C:\Program Files\1&1 Surf-Stick
2013-06-18 18:12 - 2011-07-25 12:41 - 00000000 ____D C:\ProgramData\WinClon
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-06-13 03:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 03:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 03:02 - 2011-11-28 22:41 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 14:05 - 2013-04-20 14:56 - 00000000 ____D C:\hbbk
2013-06-08 13:42 - 2013-06-13 03:09 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-13 03:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 08:29 - 2010-11-20 23:01 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-03 22:59 - 2012-05-24 22:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-03 17:27 - 2013-01-19 21:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-30 12:12 - 2009-07-14 06:33 - 00287832 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 12:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-05-30 12:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-05-30 12:02 - 2013-05-30 11:38 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-05-30 11:45 - 2013-05-25 07:12 - 00015155 ____A C:\Windows\IE10_main.log
2013-05-30 11:35 - 2013-05-30 11:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-30 11:35 - 2013-05-30 11:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-30 11:35 - 2013-05-30 11:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-30 11:35 - 2013-05-30 11:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-30 11:35 - 2013-05-30 11:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-30 11:34 - 2013-05-30 11:34 - 00000016 ____A C:\Users\MacDevet\persistent_state
2013-05-30 11:34 - 2013-05-30 11:34 - 00000000 ____D C:\Users\MacDevet\Zero G Registry
2013-05-30 11:34 - 2013-05-30 11:32 - 10211989 ____A (Zero G Software, Inc.) C:\Users\MacDevet\Downloads\Deflectex.exe
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-05-25 07:24 - 2013-05-25 07:24 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 00:04
==================== End Of Log ============================
Gruß Devet |
|
21.06.2013, 07:33
| #10 |
| /// the machine /// TB-Ausbilder | GVU Trojaner; weitere Schritte nach Systemwiederherstellung Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.06.2013, 17:53
| #11 |
| | GVU Trojaner; weitere Schritte nach Systemwiederherstellung So, nach etwas abwesenheit jetzt endlich den TFC durchlaufen lassen. Scheint alles geklappt zu haben. Brauchst du jetzt noch irgendeinen Scan zur Kontrolle oder ist das Thema nun erledigt? Gruß Devet |
|
24.06.2013, 18:46
| #12 |
| /// the machine /// TB-Ausbilder | GVU Trojaner; weitere Schritte nach Systemwiederherstellung Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.06.2013, 18:52
| #13 |
| | GVU Trojaner; weitere Schritte nach Systemwiederherstellung So, alles durchgeführt und mir auch deine Tips zu Herzen genommen bzw. durchgeführt. Hat soweit alles funktioniert. Danke nochmals sehr für die super Hilfe. Gruß Devet |
|
26.06.2013, 19:43
| #14 |
| /// the machine /// TB-Ausbilder | GVU Trojaner; weitere Schritte nach Systemwiederherstellung Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu GVU Trojaner; weitere Schritte nach Systemwiederherstellung |
| antivir, autorun, avira, bho, bonjour, converter, delta chrome toolbar, down, error, fehler, firefox, flash player, home, install.exe, installation, logfile, mozilla, netzwerk, object, optimizer pro, plug-in, realtek, registry, scan, security, software, speedupmypc, sprotection, teamspeak, trojaner, windows, wlansvc |
Linear-Darstellung
