Google-Links führen zu falschen Seiten

benzenopi · 17.07.2013, 00:28

Hallo zusammen,

ich habe seit heute das Problem, dass mich Google-Links auf falsche Seiten (Werbung, Spam, Erotik etc.) führen. Nach kurzer Suche habe ich dieses Forum gefunden und hoffe, dass ihr mir weiterhelfen könnt!

Was ich bis jetzt unternommen habe:

1. Download von adwcleaner und Durchführen der Operation "Löschen". Problem besteht leider weiterhin.

2. Download von otl.exe und scan. Die beiden Logfiles befinden sich im Anhang.

Ich bedanke mich schon mal im Voraus für die Hilfe.

Viele Grüße
Alex

cosinus · 17.07.2013, 01:07

Hallo und

Zitat:

1. Download von adwcleaner und Durchführen der Operation "Löschen". Problem besteht leider weiterhin.

Log dazu bitte nachreichen. Alles grundsätzlich in CODE-Tags posten, siehe unten. Nur wenn Logs zu groß gezippt in den Anhang.

Zitat:

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

benzenopi · 17.07.2013, 08:10

Hallo,

hier die Log-Datei der Löschoperation mit adwcleaner:

Code:

ATTFilter

# AdwCleaner v2.305 - Datei am 17/07/2013 um 00:48:02 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Alexander - ALEXANDER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alexander\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Opera v12.16.1860.0

Datei : C:\Users\Alexander\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1822 octets] - [17/07/2013 00:46:59]
AdwCleaner[S1].txt - [1755 octets] - [17/07/2013 00:48:02]

########## EOF - C:\AdwCleaner[S1].txt - [1815 octets] ##########

Ich bin Student und habe meine Windows-Version über MSDNAA heruntergeladen. Da gab es - soweit ich weiß - damals nur die Professional-Version. Brauchen tue ich sie wahrscheinlich nicht, es ist aber definitiv mein privater Rechner.

Weitere LOG-Files habe ich nicht. Mein normaler Virenschutz (AVIRA) hat keinerlei Fund gemeldet oder Ähnliches.

Viele Grüße
Alex

cosinus · 17.07.2013, 14:24

Zitat:

C:\Users\Alexander\AppData\Roaming\shimengj.dll

Diese Datei bitte bei uns mal hochladen => http://www.trojaner-board.de/54791-a...tml#post349565

Anschließend bitte ein Log mit FRST machen: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

benzenopi · 17.07.2013, 14:51

Also das Erstellungsdatum der von dir genannten Datei würde perfekt zu dem Zeitpunkt passen, ab dem das Problem vorhanden war. Habe die Datei auf den Upload-Channel hochgeladen.

Nachfolgend die Ergebnisse des Scans mit FRST:

FRST.exe:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Alexander (administrator) on 17-07-2013 15:43:18
Running from C:\Users\Alexander\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Dropbox, Inc.) C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Creative Technology Ltd.) C:\Windows\OEM04Mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1211688 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe [425984 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [DILUTWPAXQ] - C:\Users\Alexander\AppData\Roaming\shimengj.dll [385024 2013-07-16] ()
MountPoints2: {0b2f5954-b7a6-11e1-ad0c-0023ae2ba1e8} - F:\Startme.exe
MountPoints2: {161bb213-b32c-11de-8b1a-0023ae2ba1e8} - F:\autorun.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OEM04Mon.exe] - C:\Windows\OEM04Mon.exe [36864 2007-06-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.faz.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {119C2F55-DB3F-4D61-823F-B50C881FA650} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll ()
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll ()
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll ()
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://asa1.rus.uni-stuttgart.de/CACHE/stc/10/binaries/vpnweb.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1294682106112
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://meetingsln.webex.com/client/WBXclient-T28L10NSP9-15980/nbr/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll ()
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [86016 2007-09-20] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [206112 2008-07-23] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2009-07-16] ()
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-09-11] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe [122880 2008-02-15] (IDT, Inc.)
S2 HP LaserJet Service; "C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
R3 OEM04Vfx; C:\Windows\System32\DRIVERS\OEM04Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM04Vid; C:\Windows\System32\DRIVERS\OEM04Vid.sys [265792 2007-10-10] (Creative Technology Ltd.)
S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [x]
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-17 15:43 - 2013-07-17 15:43 - 00000000 ____D C:\FRST
2013-07-17 15:42 - 2013-07-17 15:42 - 01778209 _____ (Farbar) C:\Users\Alexander\Desktop\FRST64.exe
2013-07-17 09:07 - 2013-07-17 09:07 - 00001013 _____ C:\AdwCleaner[R3].txt
2013-07-17 09:05 - 2013-07-17 09:05 - 00000954 _____ C:\AdwCleaner[R2].txt
2013-07-17 01:19 - 2013-07-17 01:19 - 00088068 _____ C:\Users\Alexander\Desktop\Extras.Txt
2013-07-17 01:17 - 2013-07-17 01:17 - 00075510 _____ C:\Users\Alexander\Desktop\OTL.Txt
2013-07-17 01:00 - 2013-07-17 01:00 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander\Desktop\OTL.exe
2013-07-17 00:48 - 2013-07-17 00:48 - 00001884 _____ C:\AdwCleaner[S1].txt
2013-07-17 00:46 - 2013-07-17 00:47 - 00001822 _____ C:\AdwCleaner[R1].txt
2013-07-17 00:46 - 2013-07-17 00:46 - 00662345 _____ C:\Users\Alexander\Desktop\adwcleaner.exe
2013-07-16 11:14 - 2013-07-16 11:14 - 00385024 __RSH C:\Users\Alexander\AppData\Roaming\shimengj.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 18:03 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 18:03 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 18:03 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 18:03 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 18:03 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 18:03 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 18:03 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 18:03 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 18:03 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 18:03 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 18:03 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 18:03 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 18:03 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 18:03 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 14:31 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 14:31 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 14:31 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 14:31 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 14:31 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 14:31 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 14:31 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 14:03 - 2013-07-11 14:03 - 11239973 _____ C:\Users\Alexander\Downloads\vid040-4-large-preview.wmv
2013-07-09 19:08 - 2013-07-09 19:08 - 00013965 ____N C:\Users\Alexander\Desktop\Checkliste Projekte.xlsx
2013-07-05 09:02 - 2013-07-05 09:02 - 00000000 ____D C:\Program Files (x86)\PDF24
2013-07-05 09:01 - 2013-07-05 09:02 - 15905080 _____ (Geek Software GmbH                                          ) C:\Users\Alexander\Downloads\pdf24-creator-5.6.0.exe
2013-07-04 20:12 - 2013-07-04 20:14 - 73566512 _____ (ChessBase GmbH) C:\Users\Alexander\Downloads\PlayChessV7Setup.exe
2013-07-03 17:16 - 2013-07-03 20:43 - 01053133 _____ C:\Users\Alexander\Desktop\Produktportfolio_3.pptx
2013-07-01 10:29 - 2013-07-01 10:29 - 00000000 ____D C:\Users\Alexander\.pdfsam
2013-07-01 10:03 - 2013-07-01 10:03 - 00000000 ____D C:\Program Files\PDF Split And Merge Basic
2013-07-01 09:53 - 2013-07-01 09:53 - 00000000 ____D C:\Users\Alexander\Downloads\pdfsam-v2_2_2
2013-07-01 09:48 - 2013-07-01 09:49 - 37108698 _____ C:\Users\Alexander\Downloads\pdfsam-v2_2_2.zip
2013-06-25 13:07 - 2013-06-25 13:06 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-25 13:06 - 2013-06-25 13:06 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-25 13:06 - 2013-06-25 13:06 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-25 13:06 - 2013-06-25 13:06 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 13:06 - 2013-06-25 13:06 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 14:09 - 2013-06-19 14:09 - 00237568 _____ (www.CompulsiveCode.com) C:\Users\Alexander\Downloads\JPEGtoPDF37.exe

==================== One Month Modified Files and Folders =======

2013-07-17 15:43 - 2013-07-17 15:43 - 00000000 ____D C:\FRST
2013-07-17 15:42 - 2013-07-17 15:42 - 01778209 _____ (Farbar) C:\Users\Alexander\Desktop\FRST64.exe
2013-07-17 15:37 - 2012-09-13 01:05 - 00000000 ____D C:\Users\Alexander\Documents\Outlook-Dateien
2013-07-17 15:32 - 2009-07-14 06:45 - 00013248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 15:32 - 2009-07-14 06:45 - 00013248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 15:25 - 2012-01-17 01:16 - 00000000 ___RD C:\Users\Alexander\Dropbox
2013-07-17 15:25 - 2012-01-17 01:14 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Dropbox
2013-07-17 15:24 - 2009-10-07 12:19 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-17 15:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-17 15:24 - 2009-07-14 06:51 - 00209715 _____ C:\Windows\setupact.log
2013-07-17 10:26 - 2009-10-06 20:50 - 01616534 _____ C:\Windows\WindowsUpdate.log
2013-07-17 10:20 - 2012-04-11 18:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-17 09:07 - 2013-07-17 09:07 - 00001013 _____ C:\AdwCleaner[R3].txt
2013-07-17 09:05 - 2013-07-17 09:05 - 00000954 _____ C:\AdwCleaner[R2].txt
2013-07-17 01:19 - 2013-07-17 01:19 - 00088068 _____ C:\Users\Alexander\Desktop\Extras.Txt
2013-07-17 01:17 - 2013-07-17 01:17 - 00075510 _____ C:\Users\Alexander\Desktop\OTL.Txt
2013-07-17 01:00 - 2013-07-17 01:00 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander\Desktop\OTL.exe
2013-07-17 00:48 - 2013-07-17 00:48 - 00001884 _____ C:\AdwCleaner[S1].txt
2013-07-17 00:47 - 2013-07-17 00:46 - 00001822 _____ C:\AdwCleaner[R1].txt
2013-07-17 00:46 - 2013-07-17 00:46 - 00662345 _____ C:\Users\Alexander\Desktop\adwcleaner.exe
2013-07-16 23:38 - 2010-09-13 20:41 - 00000000 ____D C:\Users\Alexander\Documents\ChessBase
2013-07-16 11:14 - 2013-07-16 11:14 - 00385024 __RSH C:\Users\Alexander\AppData\Roaming\shimengj.dll
2013-07-16 11:07 - 2012-04-11 18:00 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-16 11:07 - 2012-04-11 18:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-16 11:07 - 2011-05-17 18:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-16 11:07 - 2009-10-09 10:38 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Adobe
2013-07-15 21:43 - 2012-07-09 18:40 - 00000000 ____D C:\Users\Alexander\Documents\Pro Cycling Manager 2012
2013-07-15 20:28 - 2012-07-09 18:40 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Pro Cycling Manager 2012
2013-07-13 23:52 - 2010-09-13 20:12 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\ChessBase
2013-07-11 18:17 - 2009-07-14 06:45 - 00546360 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 18:15 - 2013-03-13 17:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 18:15 - 2013-03-13 17:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 18:15 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 18:15 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 18:15 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 18:14 - 2009-10-11 21:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 18:11 - 2009-07-14 19:58 - 00697082 _____ C:\Windows\system32\perfh007.dat
2013-07-11 18:11 - 2009-07-14 19:58 - 00148346 _____ C:\Windows\system32\perfc007.dat
2013-07-11 18:11 - 2009-07-14 07:13 - 01635332 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-11 18:05 - 2009-10-09 18:48 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 14:03 - 2013-07-11 14:03 - 11239973 _____ C:\Users\Alexander\Downloads\vid040-4-large-preview.wmv
2013-07-09 19:08 - 2013-07-09 19:08 - 00013965 ____N C:\Users\Alexander\Desktop\Checkliste Projekte.xlsx
2013-07-07 11:19 - 2012-11-09 01:38 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-05 09:29 - 2012-01-14 15:34 - 00000000 ____D C:\Users\Alexander\Documents\Bewerbung
2013-07-05 09:02 - 2013-07-05 09:02 - 00000000 ____D C:\Program Files (x86)\PDF24
2013-07-05 09:02 - 2013-07-05 09:01 - 15905080 _____ (Geek Software GmbH                                          ) C:\Users\Alexander\Downloads\pdf24-creator-5.6.0.exe
2013-07-04 20:16 - 2010-09-13 20:41 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\ChessBase
2013-07-04 20:16 - 2009-10-07 12:12 - 00144840 _____ C:\Users\ALEXAN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 20:15 - 2010-09-13 20:12 - 00000000 ____D C:\Program Files (x86)\ChessBase
2013-07-04 20:14 - 2013-07-04 20:12 - 73566512 _____ (ChessBase GmbH) C:\Users\Alexander\Downloads\PlayChessV7Setup.exe
2013-07-03 20:43 - 2013-07-03 17:16 - 01053133 _____ C:\Users\Alexander\Desktop\Produktportfolio_3.pptx
2013-07-01 10:29 - 2013-07-01 10:29 - 00000000 ____D C:\Users\Alexander\.pdfsam
2013-07-01 10:29 - 2009-10-06 20:56 - 00000000 ____D C:\Users\Alexander
2013-07-01 10:03 - 2013-07-01 10:03 - 00000000 ____D C:\Program Files\PDF Split And Merge Basic
2013-07-01 09:53 - 2013-07-01 09:53 - 00000000 ____D C:\Users\Alexander\Downloads\pdfsam-v2_2_2
2013-07-01 09:49 - 2013-07-01 09:48 - 37108698 _____ C:\Users\Alexander\Downloads\pdfsam-v2_2_2.zip
2013-06-28 16:30 - 2010-09-27 13:10 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Skype
2013-06-27 10:24 - 2013-05-07 12:13 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-25 13:06 - 2013-06-25 13:07 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-25 13:06 - 2013-06-25 13:06 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-25 13:06 - 2013-06-25 13:06 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-25 13:06 - 2013-06-25 13:06 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 13:06 - 2013-06-25 13:06 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-25 13:06 - 2012-06-16 17:38 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-06-25 13:06 - 2011-06-17 13:09 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-19 14:09 - 2013-06-19 14:09 - 00237568 _____ (www.CompulsiveCode.com) C:\Users\Alexander\Downloads\JPEGtoPDF37.exe
2013-06-18 18:43 - 2013-04-20 12:50 - 00014764 _____ C:\Users\Alexander\Documents\Inseratsaufrufe 118i.xlsx

Files to move or delete:
====================
C:\ProgramData\nvModes.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 13:28

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by Alexander at 2013-07-17 15:47:17
Running from C:\Users\Alexander\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.7.609)
Advanced Audio FX Engine (x32)
Advanced Video FX Engine (x32)
Avira Free Antivirus (x32 Version: 13.0.0.3882)
Broadcom Management Programs (Version: 10.15.01)
Cisco WebEx Meetings (x32)
Citavi (x32 Version: 3.1.15.0)
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0)
Company of Heroes (x32 Version: 2.602.0)
Counter-Strike (x32)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell Driver Download Manager (HKCU Version: 2.1.0.0)
Dell Resource CD (x32 Version: 1.00.0000)
Dell Touchpad (Version: 10.1.2.0)
Dell Webcam Center (x32)
Dell Webcam Manager (x32)
Doomsday (x32)
Dropbox (HKCU Version: 2.0.22)
eReg (x32 Version: 1.20.138.34)
Europa Universalis III (x32)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25))
Free FLV Converter V 7.5.0 (x32 Version: 7.5.0.0)
FUSSBALL MANAGER 10 (x32 Version: 2.0.0.7)
Hearts of Iron III (x32)
Hearts of Iron III: For the Motherland Version 3.05 (x32 Version: 3.05)
Hitman - Codename 47 (x32)
Hitman Blood Money (x32 Version: 1.0)
Hitman: Contracts (x32)
Holdem Manager 2 (x32)
HP LaserJet Professional CP1020 Series (x32)
HP Update (x32 Version: 5.002.006.003)
hppLaserJetService (x32 Version: 002.015.00599)
ID HWMonitor 1.20
IrfanView (remove only) (x32 Version: 4.35)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 23 (64-bit) (Version: 6.0.230)
Laptop Integrated Webcam Driver (1.03.01.1011)  
LECTURNITY Player (x32 Version: 4.0.0000)
Live! Cam Avatar (x32 Version: 1.0)
Live! Cam Avatar Creator (x32 Version: 4.6.0817.1)
Logitech SetPoint 6.51 (Version: 6.51.8)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
NVIDIA 3D Vision Treiber 314.07 (Version: 314.07)
NVIDIA Grafiktreiber 314.07 (Version: 314.07)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407)
NVIDIA Systemsteuerung 314.07 (Version: 314.07)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenVPN 2.1_rc19 (x32 Version: 2.1_rc19)
Opera 12.16 (x32 Version: 12.16.1860)
Origin (x32 Version: 8.2.4.465)
PANZERS - Phase1 (x32)
PDF Split And Merge Basic (Version: 2.2.2)
PDF24 Creator 5.6.0 (x32)
PDF-Viewer (Version: 2.0.42.7)
PlayChess  (x32 Version: )
PokerStars (x32)
PokerTracker 3 (remove only) (x32)
PostgreSQL 8.3 (x32 Version: 8.3)
PunkBuster Services (x32 Version: 0.989)
R for Windows x64 2.11.1 (Version: 2.11.1)
RICOH R5C83x/84x Media Driver x64 Ver.5.03.03 (x32 Version: 5.03.03)
Roxio Creator Audio (x32 Version: 3.7.0)
Roxio Creator Copy (x32 Version: 3.7.0)
Roxio Creator Data (x32 Version: 3.7.0)
Roxio Creator DE (x32 Version: 10.1)
Roxio Creator DE (x32 Version: 3.7.0)
Roxio Creator Tools (x32 Version: 3.7.0)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Roxio Update Manager (x32 Version: 6.0.0)
RuntimeLibsVC90 (x32 Version: 1.1.0)
Samsung_MonSetup (x32 Version: 1.00.0000)
Semper Fi 2.03 (x32)
SigmaTel Audio (x32 Version: 5.10.5210.0)
Skype Click to Call (x32 Version: 5.6.8442)
Skype™ 6.3 (x32 Version: 6.3.105)
Sony Ericsson Update Engine (x32 Version: 2.12.10.19)
Sony PC Companion 2.10.094 (x32 Version: 2.10.094)
Steam (x32 Version: 1.0.0.0)
Tour de France 2012 - Der offizielle Radsport-Manager Version 1 (x32 Version: 1.4.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Veetle TV (x32 Version: 0.9.18)
VLC media player 2.0.5 (Version: 2.0.5)
WinRAR

==================== Restore Points  =========================

21-06-2013 18:34:34 Windows Update
25-06-2013 11:03:36 Windows Update
25-06-2013 11:05:45 Installed Java 7 Update 25
01-07-2013 08:02:11 Installed PDF Split And Merge Basic
02-07-2013 11:56:13 Windows Update
09-07-2013 10:05:47 Windows Update
11-07-2013 15:54:31 Windows Update
16-07-2013 09:10:36 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {4581EB53-6467-4D83-97C7-BDC5D4399D0C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {4E9BDBE6-7224-44F1-8908-7DD1FF270DC3} - System32\Tasks\{997C4594-F63D-41B0-BAA8-D166C9006B52} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {5B856A1A-188B-4D8D-97F0-4C19A2443DAC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16] (Adobe Systems Incorporated)
Task: {611E6A67-600D-4508-9DF0-723342886054} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {A53A3C13-2483-4278-ACE1-BB89ACC6057E} - System32\Tasks\{A8CA403C-CE83-4CD0-92F6-DD8085352489} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {F754EABD-70BB-44CF-A222-AB259BCE9317} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {FE9D69D0-0C2D-4185-A153-F38984C88E83} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2013 00:20:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/16/2013 00:20:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/16/2013 00:19:41 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (07/15/2013 00:06:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/15/2013 00:06:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/15/2013 00:05:20 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (07/14/2013 01:10:32 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/14/2013 01:10:32 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/14/2013 01:09:40 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (07/13/2013 01:29:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (07/17/2013 03:27:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/17/2013 03:27:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/17/2013 03:24:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/17/2013 03:24:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP LaserJet Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/17/2013 09:00:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/17/2013 09:00:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/17/2013 08:58:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/17/2013 08:58:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP LaserJet Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/17/2013 00:52:45 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/17/2013 00:52:45 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (07/16/2013 00:20:33 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.11.1-x64\Tcl\bin64\tk85.dllc:\program files\R\r-2.11.1-x64\Tcl\bin64\tk85.dll9

Error: (07/16/2013 00:20:33 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.11.1-x64\Tcl\bin\tk85.dllc:\program files\R\r-2.11.1-x64\Tcl\bin\tk85.dll9

Error: (07/16/2013 00:19:41 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (07/15/2013 00:06:16 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.11.1-x64\Tcl\bin64\tk85.dllc:\program files\R\r-2.11.1-x64\Tcl\bin64\tk85.dll9

Error: (07/15/2013 00:06:16 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.11.1-x64\Tcl\bin\tk85.dllc:\program files\R\r-2.11.1-x64\Tcl\bin\tk85.dll9

Error: (07/15/2013 00:05:20 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (07/14/2013 01:10:32 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.11.1-x64\Tcl\bin64\tk85.dllc:\program files\R\r-2.11.1-x64\Tcl\bin64\tk85.dll9

Error: (07/14/2013 01:10:32 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.11.1-x64\Tcl\bin\tk85.dllc:\program files\R\r-2.11.1-x64\Tcl\bin\tk85.dll9

Error: (07/14/2013 01:09:40 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (07/13/2013 01:29:27 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.11.1-x64\Tcl\bin64\tk85.dllc:\program files\R\r-2.11.1-x64\Tcl\bin64\tk85.dll9


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 4094.04 MB
Available physical RAM: 2459.04 MB
Total Pagefile: 8186.25 MB
Available Pagefile: 6299.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.13 GB) (Free:297.07 GB) NTFS (Disk=0 Partition=3) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:15 GB) (Free:14.91 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B8000000)
Partition 1: (Not Active) - (Size=133 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=448 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended)

==================== End Of Log ============================

cosinus · 17.07.2013, 15:04

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKCU\...\Run: [DILUTWPAXQ] - C:\Users\Alexander\AppData\Roaming\shimengj.dll [385024 2013-07-16] ()
C:\ProgramData\nvModes.dat

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

benzenopi · 17.07.2013, 15:40

Log-Datei nach Ausführen deiner Anweisungen:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-07-2013 02
Ran by Alexander at 2013-07-17 16:39:15 Run:1
Running from C:\Users\Alexander\Desktop
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DILUTWPAXQ => Value deleted successfully.
C:\ProgramData\nvModes.dat => Moved successfully.

==== End of Fixlog ====

cosinus · 17.07.2013, 15:41

Zwischenstand: Besteht das Problem mit den Google-Links noch?

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

benzenopi · 17.07.2013, 21:53

Das Problem bestand vor der Ausführung der beiden von dir angewiesenen Aktionen weiterhin.

Ich habe dann die Aktionen durchgeführt.

GMER-Log

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-17 17:01:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9500325AS rev.0003DEM1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ALEXAN~1\AppData\Local\Temp\uxlyauog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                           fffff800037ab000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626                                                           fffff800037ab042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                      0000000072f01a22 2 bytes [F0, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                      0000000072f01ad0 2 bytes [F0, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                      0000000072f01b08 2 bytes [F0, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                      0000000072f01bba 2 bytes [F0, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                      0000000072f01bda 2 bytes [F0, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000077261465 2 bytes [26, 77]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000772614bb 2 bytes [26, 77]
.text     ...                                                                                                                          * 2
.text     C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077261465 2 bytes [26, 77]
.text     C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000772614bb 2 bytes [26, 77]
.text     ...                                                                                                                          * 2
.text     C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe[2896] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69     0000000077261465 2 bytes [26, 77]
.text     C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe[2896] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155    00000000772614bb 2 bytes [26, 77]
.text     ...                                                                                                                          * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\SysWOW64\rundll32.exe [3064:2092]                                                                                 000000000023f1d0
Thread    C:\Windows\SysWOW64\rundll32.exe [3064:2064]                                                                                 00000000001d3a80
Thread    C:\Windows\SysWOW64\rundll32.exe [3064:2180]                                                                                 00000000001d3a10
Thread    C:\Windows\SysWOW64\rundll32.exe [3064:4264]                                                                                 00000000020c96b7
Thread    C:\Windows\SysWOW64\rundll32.exe [3064:4268]                                                                                 00000000020c6874
Thread    C:\Windows\SysWOW64\rundll32.exe [3064:4272]                                                                                 00000000020c6dbc
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4164:4548]                                                               000007fefbca2a7c

---- EOF - GMER 2.1 ----

Malwarebytes-Log

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.17.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Alexander :: ALEXANDER-PC [administrator]

17.07.2013 17:12:30
mbar-log-2013-07-17 (17-12-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 319315
Time elapsed: 1 hour(s), 44 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Das Problem besteht seit diesen beiden Aktionen nicht mehr. Ich habe es aber nur ein paar Mal ausprobiert.

Wie kann ich sichergehen, dass es weg ist und dass es keine sonstigen Schäden angerichtet hat?

cosinus · 18.07.2013, 00:36

Wir sollten fast durch sein

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit FRST bitte:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

benzenopi · 18.07.2013, 21:18

So, Problem besteht weiterhin nicht mehr. Vielen vielen Dank schon mal dafür!!

Hier die Logs:

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Professional x64
Ran by Alexander on 18.07.2013 at 10:56:15,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{01DE5547-EF14-4DE8-9E27-89595646AF9C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{03A3D86C-8B8F-4503-8820-025F738AA263}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{03CA002A-389E-4885-83B8-F8396084506A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{040C5D2A-4C40-45B0-A9B1-03CF21A7D441}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{04234316-2496-4BF5-9273-91FF3B43CE29}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{05C7DF07-B552-49FB-B56C-4AE9097C1F5D}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{067FC30F-80BA-4747-A621-B7680E0B5A8C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{06A87FF7-2868-4B32-BD40-850D8AF7084C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0774C78E-C222-46B8-A690-FA2C4C384DCE}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{07B326C9-CB6A-4DFE-B5D5-85056E4DB306}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{088B8483-5B89-4EAC-A9B6-BFB83BD80FFE}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0893DC88-E73D-4810-B957-A91A643104E8}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0A114EB7-87AB-47FA-A48C-42A97BDFECA8}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0A725ECB-1FFF-4BB6-95BA-EE31E0911711}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0B54D97D-E747-493D-8197-B61832ACBE32}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0B761F49-D359-4183-A0E1-499BEF730825}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0C434F61-244B-4DF9-B4AA-4AE1AC1CD6A9}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0C7478D3-3F08-409A-B469-E8623B4247E4}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0D49A11C-80FB-41E1-91A3-FC31C3ECFFE4}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0D7D8E13-9310-4E19-BA82-5E0333374752}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0E095C3E-57FA-4BF3-BB4F-80935AB47214}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0E1C1E65-4E39-47FE-8B81-6DEE833DEF23}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0ED45F6A-472C-442B-A044-FBFDBF345D26}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0EE0E74E-30DA-45CD-AAA1-9CDB5A08C05D}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0F38B7B9-2A3F-48DE-8018-D17A15C8E23B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{0F42464E-59AB-4CB5-A6BC-2F03C6B5CE06}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{10E9BC73-44F9-41CD-83DD-4C999003B2AB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{11529F88-2FEC-4091-8D61-0427CCE29A59}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{11AD29CF-FDD5-42A4-B17A-3A9F1DAD0C4C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{132DEDB0-92E7-42DA-B43E-EBCB0F4EEA8F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{14012FBB-06BB-4C96-B2DD-C504E81D3B71}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{1402207F-24FB-42A3-A8C6-D9523898ED59}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{149F76FF-2D8B-4A69-A464-C937878FEBD7}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{174B2412-D3B3-4614-A8DE-B99868A05AE8}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{17A0EB1A-0D5C-444C-BC09-2C8EAD2037F5}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{17CFEFEC-4EFA-421B-A071-BA96D609C02A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{180DFDB9-63C0-44A1-9844-1CC41401882F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{18366719-C236-434B-90EF-B272F9A2BD50}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{18A5B0ED-C3F8-484E-8DC8-D12CFD735400}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{1AE6AFED-B18B-47A7-8D73-E8367E3BA61A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{1B81C05F-E380-4248-9F8B-2F00B0564CFB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{1B856AA2-970D-4BD1-ACE3-44E65C3FAA18}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{1D50F6F3-4A1A-4C63-AA7C-2733070CE36C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{1D59D363-286E-46BB-A55D-60DAF10F94A2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{1D6ADA36-4AC3-4607-BE73-5AD9E1B79C9F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{1F6AD8C1-EC37-4B45-8678-2800AD6247CB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{20174DBE-ED3D-4043-843F-6C45420F81E0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2059C89B-430D-45AD-9060-BE4C7436D113}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{20F1C25F-E1AB-4023-ACB6-55664284BA58}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{215373D0-87A0-409A-82BE-61BD8A1A196A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{217EFE47-51C1-4AD5-9514-D740A6F5AA2A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{22E47F57-20FC-4410-B975-3B16C20CB835}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{242986B3-E2F0-44B9-977E-A2ECF00E3175}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{246B1B8A-D934-4F11-A7BA-A2CEEBD7FA7F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{24C8EAE9-83E2-40FE-8DE5-45B8D1385D59}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2593593D-01EE-424A-8B16-213063DA6D9C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{25DFFDE6-9692-4D3E-B87A-D87CFBEBCD14}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{261FA5C2-2019-40D6-9945-FE72DE7BD099}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{26C26894-8E70-473A-A41D-6966B61A2648}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{26D06F25-5C9C-4A77-8A4B-86574D764136}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{27792904-6688-478B-B6BF-14933D6E49C0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{27ED03A4-0B4A-43D7-B519-91D60AA50233}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2918BF8E-A860-4782-A914-571ECE4A4CA7}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2930D337-F4B4-4290-8C84-76BB8F0E4AE3}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{293F1C32-E8A6-42E6-B508-A8E87A97DC4A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2A00401C-C3BB-4F40-AAD1-D86991EB45D1}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2A056309-3BBA-4208-AD82-0D144938B3AA}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2A1FA171-5D4D-4245-97D3-879B291F3830}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2A7ABDD2-2625-4939-92A0-9798CBC1E7AA}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2AD4D6A0-81C9-4EE7-9270-63A4AC633A23}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2C7D240C-6A00-4019-8C0D-6C25B7E1EA14}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2D06DA8E-CE6E-45BF-BF78-51EF7DAF4C7D}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2D1354DB-BB05-4B9F-BDF2-EB5350DC730F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2D5BFD3A-9547-41D5-BF41-0BAD348D0612}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2D73D601-B7CD-4C2A-AA85-E82DC7A50AA0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2D7DC7CD-55EB-45DA-86E3-C6E7919036F9}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{2EB7AF25-6970-43D6-9A27-C5277B98B3F7}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{30978A09-3272-48DF-A003-AD1BEBB7616E}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{30F00259-1664-478C-8B6C-65E24740F79B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3256E69F-EB1F-40B2-8794-77635D003784}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{327C52DC-C6C3-4C45-BC25-285E150E36D0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{32F48BAA-0203-42D5-B3E4-92542FC3117E}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{33411B51-858F-423A-96D5-DE2F85596F77}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{33F6C836-9182-458E-A4A5-4C0387D0104C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3493D851-28FA-4029-828B-7E6ADD14D17C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{34CFA47E-3353-4EE1-9A89-CFEECFB6976B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{35439EDD-2B02-4644-B967-7433D19FCE82}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{354E69E6-2535-4431-9785-6750DCBD1DF5}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{35A0673E-29CA-491B-B66D-0B68B5BC51FC}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{35D4C7B1-4B34-4607-ABCB-6628FF1981CA}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{364542A5-8234-4898-8561-9398FD03D0DD}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{374D9452-1D9B-4F2E-A372-D2B8F78F51FC}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{375A3AF3-51A7-4955-BE7F-44A32FB265E1}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{37905EEF-D602-4FB6-8BE8-446BB3CEDB6C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{38A95177-3D1E-48F3-8741-E483C79CDD2B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3A34ED2F-4283-4F40-9328-5A358FEE314E}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3A7F597B-F966-4F9B-A07F-AF0FC1B81B15}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3AF25159-74C7-44C2-8054-D6FE345C56F8}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3B0C6C1D-1A2C-4308-84AC-8231B22CEBE1}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3B3D0292-7D20-4436-A7B9-B86220CC438C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3C5328D1-1161-4854-BB96-0C0845125AE2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3CFAAF45-E01E-4619-B5C4-B68F48AC962B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3D06D1DC-0990-43D3-9A72-002814BDE6AA}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3D61FA44-77CB-4CB6-9293-37FE7AAC1703}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3D8C3FF7-8B39-4B27-BC33-BF8883410B28}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3E36D578-CB1F-413B-AF8C-AA580DD12C91}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{3E5D8662-6492-40AE-BC84-824F8C658368}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{404F18C8-2054-46F8-9765-B9D2A58C8556}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{40E4CBC0-2DAD-4786-B349-B814A893F343}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{412DCD53-3A79-4B77-B3BD-7B1FCB2991A0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{41861DA6-1983-4C34-8E1F-FAFBE44BAFD5}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{420B0452-4577-43D5-8053-8A6AE5303E62}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{42215DD8-D45F-4DB4-BECD-548DE7EC1DA0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{432FB278-B0DA-43AD-95F1-5394FC2D9FB3}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{45F109CE-0ED2-4BD6-A7DF-4E585FB3D84A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{467FA288-7B26-42A4-8FD6-C03A89037B33}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{46CD50DB-3072-4C5F-9EE5-B07C068FA2CD}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{471D0AFF-9B0A-4313-911E-F951663A3D10}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{483B5F02-DE4B-4107-8961-273597DEBCB3}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{497A8439-810E-45E6-8D50-A5A1E1338E2D}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{4A433232-3FDD-4F9F-A55B-F3AB78B33FBD}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{4B455A89-8E36-46FE-96BC-122917772017}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{4CCD8FE8-BFA9-4AA0-96B0-B6BA364676FB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{4D5F4291-55FB-4565-B344-A69E65504FB4}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{4DB7AA16-CBE4-462E-BED4-824BFFE84A97}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{4DCFA0AB-3CF9-4B33-B7D3-4A394674A65D}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{4F3BA717-FE2A-4AE8-BA4A-7016A89CA376}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{4F5FB581-600C-4D2D-9D9B-34DF46FB90EC}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{51239845-2B90-4F1A-BF2E-D1551E5D75AA}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{520454EE-6313-4320-A269-F58063A3C31A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{52135C96-B7DE-4DEE-9F75-5C834F01E398}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{52CF04F8-21D7-485C-9BA6-575D153AAFFA}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{5396200E-F04D-4D20-A9A7-BCDDEA72E009}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{53AF6CE1-B7EC-4A02-8AFB-54A1CBB09518}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{54870832-C70D-44C2-AC19-68005FEFD5EC}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{54F74DCA-4C03-4051-92FF-FE50FAE1348F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{55D83588-8DC3-4167-AD45-490A7821671A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{56A080DD-0520-41FA-AA3E-81D8D798B5A9}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{5778EFA8-98F7-410B-A04D-5362E71C5D85}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{579F63CF-1B79-4926-8F7A-FBF54B9B616E}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{588CCCDA-FC08-42E4-8651-B40503B7EFCF}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{58B56BE4-ABB3-4F17-B095-E1C32E904B51}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{58C11642-0F26-4768-873A-64286CD02425}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{58E6A416-BBCA-4E9E-A1C1-0D2A1D6087A8}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{5AF54746-D351-4BF4-9B14-69E6E0D5513B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{5B40FA1D-D083-4A18-9864-38F14FAB2E0A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{5BAD68AF-9CBC-42C7-ADB3-9FF6B7B21261}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{5E39F3E2-B36C-4438-85E0-C7E54F1C37A6}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{5E3C12D4-28AA-4FED-9692-3F0A78086D7E}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{5E518B3E-AADC-4942-A521-D10F4E9E4F1A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{60073E0E-D4F9-4512-B39B-E044717A4D88}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6084DACA-ADCE-4CAF-8D15-2D5F1F56C48D}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{60A71A63-F3D4-4B5A-97B0-89E4C3FCEA41}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6129C8C7-CA6D-47D8-A140-F9DB3DB42FB2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{61769F2F-714F-4D30-9674-D421B96A9B0F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6210C6DC-AE5A-4E52-B9F7-9B5752A0DB98}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6370FD14-6507-41CA-BCC3-516085EDA711}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{63D952AB-0CF9-430E-8880-437B83D681AB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{642499B0-255D-4C1D-803F-092443E3B628}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{647C2A91-72C5-4318-83C1-EF33096E200D}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{65AFC541-86EB-43B1-B690-0EDCEF52B25A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{667464BF-5EB0-4B6C-AFF9-325D197606D0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6720A6F8-7AD4-4570-8885-BEABC4959D0B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{673EB613-E8A6-4FB2-B3D7-2628292BA5A9}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{67A7689F-8D33-4D12-B2A8-51BBE9430F18}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{684370B8-FCDA-405D-83E8-7B1950302ED0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6943667F-2C05-4AAF-950B-59EF06AE8EB6}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{69535B30-843B-43B1-A152-AB8956467120}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{69E6FAEF-55C7-4364-8ED6-AF1C52B9C5FC}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6A225445-D0DA-4CCE-87B1-B04FBD86FC7A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6B5D2D51-06BA-45E1-B23F-91A3B8F5F9A7}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6B88D1B7-7123-4C79-B773-339D957213CA}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6BFAFDC9-B153-4360-9B62-DF1A9164F6B9}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6C6DE02A-C992-4A24-AF81-9B52349E449A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6CD56489-C751-46AC-8CDE-B77FB7312BD8}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6E1551D2-530A-4225-A40C-33D2D53937AB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6FA1FF4F-1417-4E51-B321-B5A9D6E5B0FE}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{6FA488A4-8DB0-49E5-95E3-9A10B7773288}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{7453E8EC-E6DC-4495-8495-BE9B98DE1F8E}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{7489898B-AA9D-41A2-B563-8D5FE0B7112C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{74D2B620-A819-4D13-A80D-CDD7AD012D54}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{755AC498-B463-458B-AC80-4A38719B38F4}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{763E09BD-DE69-4479-9880-D8303C62DEAE}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{7676FCEC-A687-4753-96EB-09D48D98FA5D}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{76A6B199-8F25-4273-897B-02D6BBC87BD9}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{76EA7D04-5DCD-4E2B-8676-607EC8000188}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{775D2592-C952-45C1-9AA4-AAF754473876}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{77DDECD9-8E66-400E-BD5E-ECD202A06370}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{77F5C448-378F-4105-ACEA-DBE8124C6BE2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{78015499-AD1F-4AAC-93D6-AF4A28058B47}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{79C000C6-7937-4372-952C-1E6ABAC97516}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{79DA6267-1556-4F63-8599-A7AD1452C8EB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{7A25E9C8-CB5A-4D94-B13D-917528163E75}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{7AB5B87B-4478-4451-A2BE-87398AFD36F2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{7B51305F-D53D-462A-B511-083C672172FE}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{7B92DCBE-E936-4339-8F1A-3215C8EA444F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{7C1751F7-6EAE-486F-8E9D-46DD5EC9FDCD}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{7D57B4D7-A3B2-47FA-A642-04596C4CD5A6}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{7DB0E37F-61FE-4350-8697-5D5A227F8C77}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{7DB6800E-00D0-4755-9B54-4CC0AEC01E22}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{7EC428EA-BEEE-422B-AF80-2E07039F5214}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{7FF154CF-4468-4838-9E39-8C970DE48254}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{801C1981-F28F-40A1-A8C2-FF822682A03A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{82056037-0D52-483C-BF34-B7A70099EF86}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{827E68EF-0CCE-4437-A9C2-1A8C52FFBB79}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{82F14BDF-B8A3-43C0-AC1C-3C78CABF6814}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{83AAE9B7-CAD2-4E3E-9664-9FF0E4233773}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8516EE16-4B5A-4957-AFDE-69B508D06E65}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8563D089-1E0A-48FD-A585-1B14E4D82320}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8638E021-2270-4A9A-AFEA-5C83826136FB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{86BC1FCA-F18E-46DB-99B4-89C4561DF3AF}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8712A4FC-9601-473B-9C81-2EFD3939A7E2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{879A1E43-9D57-41BE-B2DB-B403EBD334C2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{887765CD-54EE-476B-9C66-F98A422CA070}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{88896B36-EEA9-4510-A2F5-123E27BADE1C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{88B9963A-B6F9-4989-9838-8B4177141E83}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{88DE8F34-BE7A-485B-A5AF-7D33B91288EB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{89869B98-EC7B-4AE0-B31F-0DD288BEED14}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{89B312CE-752A-4903-96EC-9C77D6AAADE8}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{89C39C61-DEDF-4128-8E71-4DBD466D51E7}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8A999F0F-B3A0-4239-86CF-A96B34C76B90}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8B114351-AD86-4839-BBAB-7976F0AB185C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8B84E7EB-E69B-4224-BC44-02B660BC114B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8BEFAE6D-D58B-492C-A925-63F9D94A200B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8C82910E-DD60-48FA-A2C2-04FD8214882E}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8CC2B669-BB42-4A68-9156-D2B6C9C43F35}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8D0B7D42-FC7F-46EB-A264-B0E8178F3648}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8D24E043-9DAE-4FAE-A07F-49A4D840701F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8EEA131A-2E30-4295-B52B-8D14DBDCE1D7}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8FD17792-3093-4256-8575-AC76DAB25F92}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8FE148B8-0DEE-4750-A882-2E4CF0B9F433}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{8FF80EB6-3559-4A75-9A89-6E7B00AA1D6B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{918327E8-9363-41C7-B981-6C4941A67CFD}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{91A546B7-D77C-47E8-ADA3-E4985AFE51A3}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{92698316-B2E6-493C-842F-57A411C989AB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{942867BB-6378-41E1-929F-C0E6F6238C0C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{9519D9A7-37F4-409A-AC4E-5FE5EDA89C0C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{953057A9-6B15-4A6E-A3B5-E9AF1B882538}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{958C4CDE-517C-4A94-88B1-AB4A7EE87B39}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{95B42856-8650-4DC5-B67E-5730F23ACE1E}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{95E20F3C-F0F8-42CD-992C-D30619487BA3}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{9683CC78-54AC-4B0D-BC24-F3A01964531F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{96F02F42-7D45-424B-BD04-94649641E799}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{98358ABD-C7F7-4987-A7C2-2408F21171A7}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{988A1257-F414-46EB-A116-E2F7F3DD3B39}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{99814FA8-7941-4656-8C6B-FEF381532BD4}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{9AE4FF6D-5AF4-497A-8BCC-868997C3D6BB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{9B90F2AD-411E-47E2-9626-B7ACDA895341}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{9C648DB2-ACCD-4B60-A9F8-E7FDEC7923A2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{9CA25ADF-78A8-4DE6-86DF-691C3482948C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{9D04FCCA-3262-4C71-A69A-0E442382F485}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{9D2BA605-8E7A-4138-9F83-D7BF478FA37B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{9D7BC647-845F-4A32-9AB2-16512F24C726}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{9FFF9655-4B6B-4552-80BD-C1CE587ECDBC}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A0802C4C-81F4-42EC-A934-985CF0984DC2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A0B25902-ACDD-4EB0-AB59-6DEB26CF4C31}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A2248E0E-8021-4415-89C3-0FA2D7FFF782}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A42BACDB-9030-4C39-BBC6-7EEA9EAE871C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A4D9EDBE-F899-455D-A7BD-81BC5368F534}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A59E12EF-29DA-4138-A637-95B669869DEE}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A60CCB4F-D3DA-45F3-992E-50D8DB79A49E}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A618A2FA-3D1C-47EB-96D5-0ECC2BA47452}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A6EA8DED-AA15-4870-A1C6-C01B73AFC248}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A72C72AB-6AAB-4348-94FC-9FC8A757E2F6}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A7A4FFAA-4267-4E3D-95F2-E446102BCD8B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A8107F16-E255-46C1-BBE1-F07E724693F6}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A83261B8-961C-40E7-8E71-3ED6B24C1222}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A87C2795-1F3D-42AA-8EC5-F284D32C417A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A980CB15-0DFF-4C43-BB7D-06E7D0CEB9EB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A9D2CB14-7016-4039-B589-6DB0BB687D6A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{A9E6F724-39D7-4CB0-8D3A-C0051D171C85}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{AA2C8AE2-2A39-49D8-9720-310740EF5BD6}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{AA560D39-ED65-43EE-9B79-B41A1F8A81D0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{AAE32F3A-9683-4BF6-A54F-04C61C82CD51}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{AB0252CA-B202-45DA-A899-B44AEC832478}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{AB65E212-A6EC-4845-9749-105DFE8E7439}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{AB7DBA62-E867-4DD2-835C-6879E59CEA4F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{ABC522AC-8C47-42E3-BE25-67169327F0A2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{ABC6D658-A37C-48FA-9645-7339013F0716}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{ABD9A5F7-0F6E-4B17-B94C-8E90EC173945}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{AC96E426-7050-4742-B5C7-BBF7FABD7E84}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{ACB3BB13-042E-4B46-BF40-32CDC8D5688F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{ACB4E58A-2B6B-47DE-B6C2-4E051608E0B9}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{AD6B1565-954C-4835-BCB3-3F97A06E4D59}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B02F96E5-F2EE-425A-8D04-2DB2D239C902}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B093D111-08B1-4EC6-9555-9DD361CD1EC8}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B098111C-4229-4B7A-A76A-AA5B21B7F488}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B1F0C714-68A6-4357-9CDE-8598E35C36C0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B1FE5992-5D3E-4198-AB79-809142D296A3}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B4C06D44-7B5C-4AEA-811D-3AF917C6FD9A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B5E615DC-23A7-479D-A076-4468C635D3A0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B6E4A0E9-F096-4F99-8140-DF53A44882ED}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B82437CD-F8B7-46B6-8393-49C5A5DF1593}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B8278592-9327-4656-B0EA-95BFD064384E}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B8CFC468-1BCD-447E-9A98-029BF8076D02}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B918AD6A-C3F3-45DC-9991-5AE77F694FB3}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B94A5921-DE84-4734-9B52-4A1DAF8E1493}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B95916E6-12FE-4112-97BD-1077E7600EF6}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B996B24C-EFEF-477A-A975-F5900091A9C4}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{B9CECF47-0336-42F0-916F-E95A099DEA1F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{BBDAD9B3-8548-44CC-9D6B-89B4B2AA809A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{BC7709E3-174F-4D3D-84BD-7006620AEB85}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{BD009FB1-F59E-4C93-A220-2874D533EC76}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{BE0E05EB-BAC1-4A1E-AC88-98DFB31FD132}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{BE2868E5-B532-4E5C-99AD-6EBB713D2C80}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{BEC63345-9E60-49EA-A2B6-FE74B0F1E204}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{BF2402F5-68BB-4A15-A919-0462911A3E49}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{BF2D481A-2AEB-4426-9BFB-2815E2183D52}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{BF56B0B3-8CBB-4EA2-9D67-29D71891E4B1}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{BFE76E11-C64F-45CF-819A-C0BF213A1910}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C065C638-F77D-42BF-97BF-055C2EFDFABB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C0A412D1-BD5E-439B-8EAE-25AD65151EFE}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C1383FA9-E0DF-4817-BB71-AA9680933FE9}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C1CA8A0D-5339-496D-A22C-3734CB7265DB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C25EB417-998D-45B5-AFFB-867507E644CD}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C3548281-3A8B-4E37-B56C-A81FAB1886B0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C36945D7-EBB3-43F7-BD67-8559C194DA13}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C3775C94-B3DE-4D69-BDF7-F42854F30BB0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C4119BB4-041D-463D-83B1-F562DA9A1E97}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C4EB8757-CCC0-4805-9544-5EA57784BD51}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C4F38262-C7F5-4B5D-A2E4-BE255B45CFF6}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C568320F-12F5-4FA4-AA9E-1A3CE393171F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C5E2FD39-54C1-47CA-A405-FA551D0DFCAA}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C5E671D1-F57F-4477-AA18-027522A685A5}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C5F57C0F-B491-4672-AD75-E9FB927A0C26}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C5F71313-5B96-48F8-931C-184779E03A85}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C63EBBC3-1473-4C1B-A6C4-FA448C5B2008}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C65FB3DC-4462-4353-B027-3C50B1E4C7AE}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{C7062668-9936-4DC5-B781-89765577CBBD}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{CA07B7C7-8F56-4CAF-845C-B94145096F5F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{CABAD7CB-0BC3-4217-B87F-2B213B373820}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{CAEDF8F2-E01C-4774-BA01-C296166F94BD}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{CB325376-91AE-4E43-AAE7-7497CE52FA78}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{CB4A1FCC-EE09-4CF3-8B92-DB2C80643977}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{CB701683-B004-481C-B11B-985DD1DF184C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{CB97F939-9753-4E50-A386-562339CE6791}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{CBF83712-425A-42A8-9088-B761D90EF315}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{CCB6E6AB-43B1-472A-B9B5-3B797C58878D}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{CD3AF17C-276C-4F52-9D9C-4280F4A3B014}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{CD7EBE99-A5DC-47FA-8915-C7546BDAFFAF}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{CE181357-C53C-4F37-A586-1DBD87C18B83}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{CF0C94C5-005E-493E-9FF7-3E3E6F7D8990}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{D108C148-8EA7-4EF6-9A00-1D2BFD9E3B1A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{D185B325-9E6A-460A-803A-E9189C63E61F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{D1E30DD6-63F5-46E8-9828-5C3CA4C558B0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{D1ED5300-20B2-4B83-A0D8-5C123E153BDD}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{D38C41E8-1EC9-43B2-AFD8-E13399778D5D}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{D4385078-A3EE-424F-A780-187719084EED}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{D5CED748-F221-4DB2-8081-1FB72401BE39}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{D90EC994-47F8-4289-929C-A1943524A12B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{D913576B-0AB2-41C1-9B64-9C45B9FA98EB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{D9792308-D0F8-44F7-9589-2EA3E53B0046}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{D99B7B47-5462-4742-8579-5E5AC060D5A3}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{D9C313A4-54BE-4DFC-953D-54F55F3F5FB3}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DA9CC4B9-659E-4317-9C90-95C7F3A50489}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DB9FD89A-C684-4F54-958C-F62866B1D5F2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DBFD5525-E372-4AB4-BA43-D1233DCFAB97}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DC307AC6-E107-459B-8F18-5E6F3E20D2D8}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DC31679B-8184-444E-AFCA-FAE283FA5C2F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DC6FB15C-0142-4558-A4D0-5A069BC26060}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DC9E3DA6-34F4-4382-86B7-8B610219D783}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DD358F74-9A66-4739-AC45-03A558047A4F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DD39E2C0-35DD-40B2-A7EE-805A4CAFC164}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DD56792A-D589-40E0-A3C5-8FA249785813}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DDD39A77-0500-49E5-9E7A-7FE8139E65AC}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DE0D2429-8057-4A6A-B59E-167581CB2C2B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DE6E087E-2118-4905-BE1D-3A0588A65EE7}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DEDFD94F-DA24-46CB-8989-2BDDC6E63D11}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{DF483193-65E4-4B70-88A6-B9429A2BB7CC}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E0E9A0B9-C8A1-459E-BF2B-520B275D04E3}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E0F808DB-7ED1-4F72-8064-23A42FEDEA57}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E1B67A6B-868C-41B5-85E5-CC3A95D4CB3B}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E21F06EA-2B97-4D70-B8AD-D23D2B4787CD}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E31A4FF8-EC07-4C12-9871-8471EB420BF2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E39F631B-FBC2-4573-BB31-7E206175AD2C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E40FEBEA-02C9-4B3C-AAAD-94E01C57F0C4}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E412466A-373A-4DD0-BE78-4EC142B85CD3}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E4139539-1874-4FAA-97B0-1FA38CFF3C0F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E47839D0-2E86-43EB-AAE1-381899CAC07A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E4F0F8D8-A97D-44DE-B275-7675D4529C0F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E557C97D-E29D-4012-B54C-41C5FAD38221}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E5B74B46-E6BF-4C13-AFC4-DF42A93AA7E2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E6039FF7-7596-4F34-847D-C43D00791870}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E74E0AB6-6035-4A81-92AC-0EA9A2E911B0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E77D8EAB-5C47-4D05-9D6D-40917DDBD236}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E84CC1E2-ECBA-4445-A74F-4ECB468FF227}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E894A7DE-B0F1-485C-95D1-77E379EA29BC}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E92F06A3-2E58-47E7-A675-DADF5E91CD8A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{E9FD3C11-F74F-4516-8E1C-FEF29F8BC937}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{EA32F865-1494-4277-974B-23D285ABFD77}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{EA7746D0-E271-45AA-B8CB-A9EF836A5A20}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{EAD459CD-1DA7-446A-8C46-B5D97C15C6FA}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{EB6F4BCD-0707-4460-915A-C3DFD5B6D518}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{EBBBD98D-4814-4906-AC4B-EB61A381EF82}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{EC01BD15-E383-45F1-8F1A-1010DCF1CECC}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{ECD0E89D-A886-43ED-8850-5D4DCF511D73}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{ECEA5F9F-43E1-4A3C-ABFE-DA8940C32BE6}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{ED463AF6-FB16-4406-9DF5-4C6432BD2290}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{EE5D70D0-FE6C-460B-A773-ADFA799E3A0C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{EE86B744-66A2-4A60-918E-8414B5038612}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{EE90695E-4A9F-4C1E-8EA9-C9F77982EE6F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{EEA5EF2E-C451-4554-8548-7840386B133A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F142DE2C-1565-4779-9B6F-87197109EDD9}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F1A58542-8830-42F0-84E9-DE3DE6209A6C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F1B07D6F-B240-4B0C-91C9-D0CC0D76EF76}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F356CDDA-D834-47E2-9D43-AD573C55FCA6}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F3AAC11E-AB87-49E8-AAF8-119A865543DE}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F3B01B40-DE1C-4EFF-81FB-017025AD4191}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F3F01BAE-7CE1-4E0D-A727-56D1D48FD543}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F41D735E-79C4-4806-9641-9B5E88A957A3}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F45365BE-43D8-45BB-9EF0-C8DFE48CA96C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F73B8F25-24FF-414E-87C4-EAB5AB838851}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F7A8E810-6108-4719-BED3-271683B69977}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F7DA4396-58BF-4174-8E29-7FB63D90D186}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F85F4156-D3F4-48A1-817F-54B6BD3E8359}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F892B426-6214-41AD-89BF-B5E20A8FE652}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F8E64841-8530-407A-BAF3-9915FC88B10E}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F91A17C2-8C6A-40A4-83C7-51792100097A}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F945175E-21E5-409D-9DF4-5D2731C71C92}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F983899F-55C9-44F4-9AA9-48BCFA7879D2}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{F9F05D12-8F42-4068-97A9-2E233D7AACAD}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FA54B27D-8751-46ED-B1E0-C907A50CB679}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FA708BD0-1A08-457E-9661-CB14F6ABE07D}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FAD99C8E-0703-4EA5-9C81-44275A4A2F61}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FBEB08C3-9552-447F-85B9-21EE71C042C0}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FC1E28C9-8D3A-4169-B9EA-9024DB1AF332}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FC75259E-70DA-4EDF-B2E0-092399D75ECB}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FC9C70E5-432B-462C-9966-C093869AE299}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FD51E4D9-B150-4E59-A46E-1ADA7F707904}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FD8BA569-219F-4CD5-942F-1F61D794CC7F}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FDDFFDB0-BF2E-4290-9BAC-90B18B161F27}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FE0A3A22-F334-46AA-9482-5AB937FD6E83}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FE9296AA-4DC8-43BA-A399-5817642CCEAC}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FEBCB79E-AB76-418D-B529-39A9FF6B169C}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FEE119CE-6FF7-4A7F-BABE-832B8F27941E}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FF165569-092B-4B31-AA77-353FC40B5996}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FF2ACBBD-31C3-4FAA-B895-1BCD2E5459D1}
Successfully deleted: [Empty Folder] C:\Users\Alexander\appdata\local\{FF799CC8-8DFD-4060-9F33-155765E93120}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.07.2013 at 11:01:25,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdWCleaner:

Code:

ATTFilter

# AdwCleaner v2.305 - Datei am 18/07/2013 um 22:04:49 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Alexander - ALEXANDER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alexander\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Opera v12.16.1860.0

Datei : C:\Users\Alexander\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1822 octets] - [17/07/2013 00:46:59]
AdwCleaner[R2].txt - [954 octets] - [17/07/2013 09:05:37]
AdwCleaner[R3].txt - [1013 octets] - [17/07/2013 09:07:27]
AdwCleaner[S1].txt - [1884 octets] - [17/07/2013 00:48:02]
AdwCleaner[S2].txt - [948 octets] - [18/07/2013 22:04:49]

########## EOF - C:\AdwCleaner[S2].txt - [1007 octets] ##########

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Alexander (administrator) on 18-07-2013 22:09:50
Running from C:\Users\Alexander\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Dropbox, Inc.) C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Creative Technology Ltd.) C:\Windows\OEM04Mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1211688 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe [425984 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
MountPoints2: {0b2f5954-b7a6-11e1-ad0c-0023ae2ba1e8} - F:\Startme.exe
MountPoints2: {161bb213-b32c-11de-8b1a-0023ae2ba1e8} - F:\autorun.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OEM04Mon.exe] - C:\Windows\OEM04Mon.exe [36864 2007-06-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.faz.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {119C2F55-DB3F-4D61-823F-B50C881FA650} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll ()
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll ()
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll ()
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://asa1.rus.uni-stuttgart.de/CACHE/stc/10/binaries/vpnweb.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1294682106112
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://meetingsln.webex.com/client/WBXclient-T28L10NSP9-15980/nbr/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll ()
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [86016 2007-09-20] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [206112 2008-07-23] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2009-07-16] ()
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-09-11] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe [122880 2008-02-15] (IDT, Inc.)
S2 HP LaserJet Service; "C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
R3 OEM04Vfx; C:\Windows\System32\DRIVERS\OEM04Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM04Vid; C:\Windows\System32\DRIVERS\OEM04Vid.sys [265792 2007-10-10] (Creative Technology Ltd.)
S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [x]
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-18 22:07 - 2013-07-18 22:07 - 00001076 _____ C:\Users\Alexander\Desktop\AdwCleaner[S2].txt
2013-07-18 22:04 - 2013-07-18 22:05 - 00001076 _____ C:\AdwCleaner[S2].txt
2013-07-18 11:01 - 2013-07-18 11:01 - 00049015 _____ C:\Users\Alexander\Desktop\JRT.txt
2013-07-18 10:56 - 2013-07-18 10:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-18 10:55 - 2013-07-18 10:55 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\Alexander\Desktop\JRT.exe
2013-07-17 17:12 - 2013-07-17 22:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-17 17:09 - 2013-07-17 17:09 - 00000000 ____D C:\Users\Alexander\Desktop\mbar-1.06.0.1004
2013-07-17 17:09 - 2013-07-17 17:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-17 17:08 - 2013-07-17 17:09 - 13399154 _____ C:\Users\Alexander\Desktop\mbar-1.06.0.1004.zip
2013-07-17 17:01 - 2013-07-17 17:01 - 00004177 _____ C:\Users\Alexander\Desktop\Gmer.log
2013-07-17 16:47 - 2013-07-17 16:47 - 00377856 _____ C:\Users\Alexander\Desktop\gmer_2.1.19163.exe
2013-07-17 15:47 - 2013-07-17 15:47 - 00020065 _____ C:\Users\Alexander\Desktop\Addition.txt
2013-07-17 15:43 - 2013-07-17 15:43 - 00000000 ____D C:\FRST
2013-07-17 15:42 - 2013-07-17 15:42 - 01778209 _____ (Farbar) C:\Users\Alexander\Desktop\FRST64.exe
2013-07-17 09:07 - 2013-07-17 09:07 - 00001013 _____ C:\AdwCleaner[R3].txt
2013-07-17 09:05 - 2013-07-17 09:05 - 00000954 _____ C:\AdwCleaner[R2].txt
2013-07-17 01:19 - 2013-07-17 01:19 - 00088068 _____ C:\Users\Alexander\Desktop\Extras.Txt
2013-07-17 01:17 - 2013-07-17 01:17 - 00075510 _____ C:\Users\Alexander\Desktop\OTL.Txt
2013-07-17 01:00 - 2013-07-17 01:00 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander\Desktop\OTL.exe
2013-07-17 00:48 - 2013-07-17 00:48 - 00001884 _____ C:\AdwCleaner[S1].txt
2013-07-17 00:46 - 2013-07-17 00:47 - 00001822 _____ C:\AdwCleaner[R1].txt
2013-07-17 00:46 - 2013-07-17 00:46 - 00662345 _____ C:\Users\Alexander\Desktop\adwcleaner.exe
2013-07-16 11:14 - 2013-07-16 11:14 - 00385024 __RSH C:\Users\Alexander\AppData\Roaming\shimengj.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 18:03 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 18:03 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 18:03 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 18:03 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 18:03 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 18:03 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 18:03 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 18:03 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 18:03 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 18:03 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 18:03 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 18:03 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 18:03 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 18:03 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 18:03 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 18:03 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 14:31 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 14:31 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 14:31 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 14:31 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 14:31 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 14:31 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 14:31 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 14:03 - 2013-07-11 14:03 - 11239973 _____ C:\Users\Alexander\Downloads\vid040-4-large-preview.wmv
2013-07-09 19:08 - 2013-07-09 19:08 - 00013965 ____N C:\Users\Alexander\Desktop\Checkliste Projekte.xlsx
2013-07-05 09:02 - 2013-07-05 09:02 - 00000000 ____D C:\Program Files (x86)\PDF24
2013-07-05 09:01 - 2013-07-05 09:02 - 15905080 _____ (Geek Software GmbH                                          ) C:\Users\Alexander\Downloads\pdf24-creator-5.6.0.exe
2013-07-04 20:12 - 2013-07-04 20:14 - 73566512 _____ (ChessBase GmbH) C:\Users\Alexander\Downloads\PlayChessV7Setup.exe
2013-07-03 17:16 - 2013-07-03 20:43 - 01053133 _____ C:\Users\Alexander\Desktop\Produktportfolio_3.pptx
2013-07-01 10:29 - 2013-07-01 10:29 - 00000000 ____D C:\Users\Alexander\.pdfsam
2013-07-01 10:03 - 2013-07-01 10:03 - 00000000 ____D C:\Program Files\PDF Split And Merge Basic
2013-07-01 09:53 - 2013-07-01 09:53 - 00000000 ____D C:\Users\Alexander\Downloads\pdfsam-v2_2_2
2013-07-01 09:48 - 2013-07-01 09:49 - 37108698 _____ C:\Users\Alexander\Downloads\pdfsam-v2_2_2.zip
2013-06-25 13:07 - 2013-06-25 13:06 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-25 13:06 - 2013-06-25 13:06 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-25 13:06 - 2013-06-25 13:06 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-25 13:06 - 2013-06-25 13:06 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 13:06 - 2013-06-25 13:06 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 14:09 - 2013-06-19 14:09 - 00237568 _____ (www.CompulsiveCode.com) C:\Users\Alexander\Downloads\JPEGtoPDF37.exe

==================== One Month Modified Files and Folders =======

2013-07-18 22:07 - 2013-07-18 22:07 - 00001076 _____ C:\Users\Alexander\Desktop\AdwCleaner[S2].txt
2013-07-18 22:07 - 2012-01-17 01:16 - 00000000 ___RD C:\Users\Alexander\Dropbox
2013-07-18 22:07 - 2012-01-17 01:14 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Dropbox
2013-07-18 22:06 - 2009-10-07 12:19 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-18 22:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-18 22:06 - 2009-07-14 06:51 - 00209883 _____ C:\Windows\setupact.log
2013-07-18 22:05 - 2013-07-18 22:04 - 00001076 _____ C:\AdwCleaner[S2].txt
2013-07-18 22:05 - 2009-10-06 20:50 - 01672874 _____ C:\Windows\WindowsUpdate.log
2013-07-18 21:20 - 2012-04-11 18:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-18 19:24 - 2012-09-13 01:05 - 00000000 ____D C:\Users\Alexander\Documents\Outlook-Dateien
2013-07-18 13:11 - 2012-01-17 19:29 - 01642510 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-18 13:11 - 2009-07-14 19:58 - 00700630 _____ C:\Windows\system32\perfh007.dat
2013-07-18 13:11 - 2009-07-14 19:58 - 00149394 _____ C:\Windows\system32\perfc007.dat
2013-07-18 11:01 - 2013-07-18 11:01 - 00049015 _____ C:\Users\Alexander\Desktop\JRT.txt
2013-07-18 10:56 - 2013-07-18 10:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-18 10:55 - 2013-07-18 10:55 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\Alexander\Desktop\JRT.exe
2013-07-18 08:30 - 2009-07-14 06:45 - 00013248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-18 08:30 - 2009-07-14 06:45 - 00013248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 22:48 - 2013-07-17 17:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-17 17:09 - 2013-07-17 17:09 - 00000000 ____D C:\Users\Alexander\Desktop\mbar-1.06.0.1004
2013-07-17 17:09 - 2013-07-17 17:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-17 17:09 - 2013-07-17 17:08 - 13399154 _____ C:\Users\Alexander\Desktop\mbar-1.06.0.1004.zip
2013-07-17 17:01 - 2013-07-17 17:01 - 00004177 _____ C:\Users\Alexander\Desktop\Gmer.log
2013-07-17 16:47 - 2013-07-17 16:47 - 00377856 _____ C:\Users\Alexander\Desktop\gmer_2.1.19163.exe
2013-07-17 15:47 - 2013-07-17 15:47 - 00020065 _____ C:\Users\Alexander\Desktop\Addition.txt
2013-07-17 15:43 - 2013-07-17 15:43 - 00000000 ____D C:\FRST
2013-07-17 15:42 - 2013-07-17 15:42 - 01778209 _____ (Farbar) C:\Users\Alexander\Desktop\FRST64.exe
2013-07-17 09:07 - 2013-07-17 09:07 - 00001013 _____ C:\AdwCleaner[R3].txt
2013-07-17 09:05 - 2013-07-17 09:05 - 00000954 _____ C:\AdwCleaner[R2].txt
2013-07-17 01:19 - 2013-07-17 01:19 - 00088068 _____ C:\Users\Alexander\Desktop\Extras.Txt
2013-07-17 01:17 - 2013-07-17 01:17 - 00075510 _____ C:\Users\Alexander\Desktop\OTL.Txt
2013-07-17 01:00 - 2013-07-17 01:00 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander\Desktop\OTL.exe
2013-07-17 00:48 - 2013-07-17 00:48 - 00001884 _____ C:\AdwCleaner[S1].txt
2013-07-17 00:47 - 2013-07-17 00:46 - 00001822 _____ C:\AdwCleaner[R1].txt
2013-07-17 00:46 - 2013-07-17 00:46 - 00662345 _____ C:\Users\Alexander\Desktop\adwcleaner.exe
2013-07-16 23:38 - 2010-09-13 20:41 - 00000000 ____D C:\Users\Alexander\Documents\ChessBase
2013-07-16 11:14 - 2013-07-16 11:14 - 00385024 __RSH C:\Users\Alexander\AppData\Roaming\shimengj.dll
2013-07-16 11:07 - 2012-04-11 18:00 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-16 11:07 - 2012-04-11 18:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-16 11:07 - 2011-05-17 18:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-16 11:07 - 2009-10-09 10:38 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Adobe
2013-07-15 21:43 - 2012-07-09 18:40 - 00000000 ____D C:\Users\Alexander\Documents\Pro Cycling Manager 2012
2013-07-15 20:28 - 2012-07-09 18:40 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Pro Cycling Manager 2012
2013-07-13 23:52 - 2010-09-13 20:12 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\ChessBase
2013-07-11 18:17 - 2009-07-14 06:45 - 00546360 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 18:15 - 2013-03-13 17:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 18:15 - 2013-03-13 17:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 18:15 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 18:15 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 18:15 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 18:14 - 2009-10-11 21:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 18:11 - 2009-07-14 07:13 - 01635332 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-11 18:05 - 2009-10-09 18:48 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 14:03 - 2013-07-11 14:03 - 11239973 _____ C:\Users\Alexander\Downloads\vid040-4-large-preview.wmv
2013-07-09 19:08 - 2013-07-09 19:08 - 00013965 ____N C:\Users\Alexander\Desktop\Checkliste Projekte.xlsx
2013-07-07 11:19 - 2012-11-09 01:38 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-05 09:29 - 2012-01-14 15:34 - 00000000 ____D C:\Users\Alexander\Documents\Bewerbung
2013-07-05 09:02 - 2013-07-05 09:02 - 00000000 ____D C:\Program Files (x86)\PDF24
2013-07-05 09:02 - 2013-07-05 09:01 - 15905080 _____ (Geek Software GmbH                                          ) C:\Users\Alexander\Downloads\pdf24-creator-5.6.0.exe
2013-07-04 20:16 - 2010-09-13 20:41 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\ChessBase
2013-07-04 20:16 - 2009-10-07 12:12 - 00144840 _____ C:\Users\ALEXAN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-04 20:15 - 2010-09-13 20:12 - 00000000 ____D C:\Program Files (x86)\ChessBase
2013-07-04 20:14 - 2013-07-04 20:12 - 73566512 _____ (ChessBase GmbH) C:\Users\Alexander\Downloads\PlayChessV7Setup.exe
2013-07-03 20:43 - 2013-07-03 17:16 - 01053133 _____ C:\Users\Alexander\Desktop\Produktportfolio_3.pptx
2013-07-01 10:29 - 2013-07-01 10:29 - 00000000 ____D C:\Users\Alexander\.pdfsam
2013-07-01 10:29 - 2009-10-06 20:56 - 00000000 ____D C:\Users\Alexander
2013-07-01 10:03 - 2013-07-01 10:03 - 00000000 ____D C:\Program Files\PDF Split And Merge Basic
2013-07-01 09:53 - 2013-07-01 09:53 - 00000000 ____D C:\Users\Alexander\Downloads\pdfsam-v2_2_2
2013-07-01 09:49 - 2013-07-01 09:48 - 37108698 _____ C:\Users\Alexander\Downloads\pdfsam-v2_2_2.zip
2013-06-28 16:30 - 2010-09-27 13:10 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Skype
2013-06-27 10:24 - 2013-05-07 12:13 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-25 13:06 - 2013-06-25 13:07 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-25 13:06 - 2013-06-25 13:06 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-25 13:06 - 2013-06-25 13:06 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-25 13:06 - 2013-06-25 13:06 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 13:06 - 2013-06-25 13:06 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-25 13:06 - 2012-06-16 17:38 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-06-25 13:06 - 2011-06-17 13:09 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-19 14:09 - 2013-06-19 14:09 - 00237568 _____ (www.CompulsiveCode.com) C:\Users\Alexander\Downloads\JPEGtoPDF37.exe
2013-06-18 18:43 - 2013-04-20 12:50 - 00014764 _____ C:\Users\Alexander\Documents\Inseratsaufrufe 118i.xlsx

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 13:28

==================== End Of Log ============================

--- --- ---

cosinus · 18.07.2013, 21:23

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Alexander\AppData\Roaming\shimengj.dll

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

benzenopi · 18.07.2013, 21:30

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-07-2013 02
Ran by Alexander at 2013-07-18 22:29:06 Run:2
Running from C:\Users\Alexander\Desktop
Boot Mode: Normal
==============================================

C:\Users\Alexander\AppData\Roaming\shimengj.dll => Moved successfully.

==== End of Fixlog ====

cosinus · 18.07.2013, 21:35

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

benzenopi · 19.07.2013, 18:10

Da der MBAM-Vollscan auch keine Funde gemeldet hat, belasse ich es jetzt mal dabei.

Wie schon gesagt noch einmal vielen Dank für die Hilfe! Toll, dass es so ein Forum gibt und großen Respekt für eure Arbeit!!

mbam-Log (zur Info)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Alexander :: ALEXANDER-PC [Administrator]

19.07.2013 14:37:15
mbam-log-2013-07-19 (14-37-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 606648
Laufzeit: 2 Stunde(n), 16 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)