Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner 2.07

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 07.08.2012, 12:22   #1
R3BEL
 
GVU Trojaner 2.07 - Standard

GVU Trojaner 2.07



Hallo liebes Trojaner-Board Team,

mein Arbeitslaptop hat sich den wunderbaren GVU Trojaner 2.07 ( Webcam-Version) eingefangen.
Ich weiß OS plattmachen und neuaufsetzten ist das einfachste bei so einem Trojaner allerdings sind wichtige Datein auf meinem System weshalb ich auf euch zurückgreifen möchte.

OTL.txt
Code:
ATTFilter
OTL logfile created on: 7/30/2012 10:20:23 PM - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Pia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.85 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 61.34% Memory free
7.71 Gb Paging File | 6.03 Gb Available in Paging File | 78.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.00 Gb Total Space | 178.45 Gb Free Space | 77.25% Space Free | Partition Type: NTFS
Drive D: | 345.07 Gb Total Space | 209.88 Gb Free Space | 60.82% Space Free | Partition Type: NTFS
Drive F: | 1.97 Gb Total Space | 1.69 Gb Free Space | 85.80% Space Free | Partition Type: FAT
 
Computer Name: PIA15 | User Name: Pia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/30 20:57:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Pia\Desktop\OTL.exe
PRC - [2012/03/04 15:43:47 | 001,693,120 | ---- | M] (Discordia, LTD) -- C:\Program Files (x86)\Searchcore Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/07/11 14:09:53 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
PRC - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/05 10:08:56 | 003,241,840 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2010/01/15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/07/28 14:02:47 | 000,276,392 | ---- | M] () -- C:\Users\Pia\AppData\Local\Temp\g7i0ol_kaz.exe
MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/07/07 20:50:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/07/08 10:08:48 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/11 14:09:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/06/01 08:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/14 22:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/11 14:09:54 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/11 14:09:54 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/06/14 20:44:23 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/21 03:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/07 21:30:10 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/07 20:15:44 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/17 06:34:44 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/10 21:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/21 06:02:40 | 001,377,840 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/22 04:51:46 | 003,062,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/26 09:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/08/05 03:00:19 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110807.002\EX64.SYS -- (NAVEX15)
DRV - [2011/08/05 03:00:19 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110807.002\ENG64.SYS -- (NAVENG)
DRV - [2011/07/28 03:33:48 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/07/28 03:33:48 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/23 02:27:21 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110723.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/07/08 16:35:42 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110805.030\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/25 14:57:46 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/home.php?ref=hp [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchcore.net/426
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchcore.net/426"
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=161111&systemid=426&sr=0&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011/10/02 18:39:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_10_1 [2012/07/30 22:12:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/08 10:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles/jhel0iwz.default\extensions\specialsavings@superfish.com [2012/04/26 19:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/08 10:08:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/04/26 19:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pia\AppData\Roaming\mozilla\Extensions
[2012/05/02 19:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\jhel0iwz.default\extensions
[2012/04/26 19:41:19 | 000,000,000 | ---D | M] (Searchcore Toolbar) -- C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\jhel0iwz.default\extensions\{af6ac4f2-9825-4fb6-a600-92bc5361f209}
[2012/04/26 19:41:04 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Pia\AppData\Roaming\mozilla\Firefox\Profiles\jhel0iwz.default\extensions\specialsavings@superfish.com
[2012/04/26 19:41:15 | 000,002,525 | ---- | M] () -- C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\jhel0iwz.default\searchplugins\Search_Results.xml
[2012/05/06 08:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/04/29 20:11:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/08 10:08:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/08 10:08:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/08 10:08:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/08 10:08:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/08 10:08:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/26 19:41:15 | 000,002,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/07/08 10:08:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/08 10:08:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.searchcore.net/426
CHR - Extension: No name found = C:\Users\Pia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Pia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: No name found = C:\Users\Pia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (DataMngr) - {7DA17D5A-5718-4130-A605-FC316C827836} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Discordia , LTD)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DataMngr) - {7DA17D5A-5718-4130-A605-FC316C827836} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Discordia , LTD)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchcoredtx.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchcoredtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Discordia, LTD)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Pia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F140D16-DABE-4812-A8D8-45818BDF77BF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F27C0B94-38B3-412C-87B5-05FAB074023D}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Discordia, LTD)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/30 22:19:52 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Pia\Desktop\OTL.exe
[2012/07/11 13:54:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/07/11 13:54:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/07/11 13:54:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/07/11 13:54:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/07/11 13:54:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/07/11 13:54:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/07/11 13:54:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/07/11 13:54:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/07/11 13:54:09 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/07/11 13:54:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/07/11 13:54:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/07/11 13:54:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/07/11 13:54:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/07/11 13:12:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012/07/11 13:12:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012/07/11 13:12:25 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012/07/11 13:12:20 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012/07/11 13:12:19 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012/07/08 20:14:58 | 000,000,000 | ---D | C] -- C:\Users\Pia\Desktop\Pia
[1 C:\Users\Pia\Pictures\Documents\*.tmp files -> C:\Users\Pia\Pictures\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/30 22:19:30 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 22:19:30 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 22:19:19 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/30 22:10:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/30 22:10:32 | 4137,861,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/30 21:37:29 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/30 21:31:20 | 000,659,238 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/07/30 21:31:20 | 000,620,384 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/30 21:31:20 | 000,132,776 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/07/30 21:31:20 | 000,108,566 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/30 21:31:19 | 001,512,418 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/30 21:00:05 | 000,001,130 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-76830181-1066914796-2057996457-1001UA.job
[2012/07/30 20:57:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Pia\Desktop\OTL.exe
[2012/07/30 20:17:28 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad
[2012/07/30 20:11:13 | 000,001,108 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-76830181-1066914796-2057996457-1001Core.job
[2012/07/28 14:02:48 | 000,001,881 | ---- | M] () -- C:\Users\Pia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/12 02:15:17 | 000,352,328 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Pia\Pictures\Documents\*.tmp files -> C:\Users\Pia\Pictures\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/28 14:02:48 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad
[2012/07/28 14:02:48 | 000,001,881 | ---- | C] () -- C:\Users\Pia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/05/03 22:30:12 | 000,000,429 | ---- | C] () -- C:\Users\Pia\.picasa.ini
[2012/01/17 21:18:13 | 000,186,520 | ---- | C] () -- C:\windows\hpoins21.dat
[2012/01/17 21:18:13 | 000,007,262 | ---- | C] () -- C:\windows\hpomdl21.dat
[2011/05/11 15:14:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/06 15:11:43 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/08/17 20:53:19 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010/08/17 06:09:26 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/08/17 06:02:02 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/08/17 05:12:01 | 000,002,076 | ---- | C] () -- C:\windows\HotFixList.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:268F887D
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2430E4FC

< End of report >
         

OTL-Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 7/30/2012 10:20:23 PM - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Pia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.85 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 61.34% Memory free
7.71 Gb Paging File | 6.03 Gb Available in Paging File | 78.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.00 Gb Total Space | 178.45 Gb Free Space | 77.25% Space Free | Partition Type: NTFS
Drive D: | 345.07 Gb Total Space | 209.88 Gb Free Space | 60.82% Space Free | Partition Type: NTFS
Drive F: | 1.97 Gb Total Space | 1.69 Gb Free Space | 85.80% Space Free | Partition Type: FAT
 
Computer Name: PIA15 | User Name: Pia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FEFD41-E3A2-41BE-BA3D-6EA18F6BBA44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{117756C8-93D0-4EEE-91EB-4E5C3F5C10C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{25E48ABC-ADF1-468C-BF67-AA98265EFDC2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{32167BF6-5DA8-4DB6-AF0C-4480A9CBD06E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3AFDC12E-08C2-46F2-92AB-681874CFF171}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3D0379C7-753D-44E7-B3B5-BE2DB58F5A03}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E269C95-2CE2-4C7B-B3BD-65FC60FFC9BF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{468EF2AE-9068-46C9-9819-BC9FE79EB3B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6797F42E-DCDF-4C01-B818-56995850DDD6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{72F76CE0-CD73-453D-9D52-406B7D32D0F0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{730B5970-E9D7-4A54-886B-F02F7A8DD125}" = rport=445 | protocol=6 | dir=out | app=system | 
"{76E959FA-64D7-4DE1-9369-8BDDBBB27FAF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7E61B9DF-E075-4BDB-AE4A-0A4C8538DB83}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8461487B-48F1-49A2-A95A-E7CDA9090044}" = rport=139 | protocol=6 | dir=out | app=system | 
"{89D85FAD-BB11-46A5-93FB-CBB6C7CD394B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A3002B1C-E61D-4FFB-8764-A8C74DFF3737}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C00617B0-C86D-4829-8E7C-8445C1D86D9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D1985213-1BA6-4B16-A334-721305FEDD49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D8229F09-BD98-497E-BA90-52AF02F8EA5B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E6A1A805-D84A-460D-BE2D-39D780676932}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EB81A88A-E0B3-42B1-BBE2-4F4A838A12EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EC8C7348-D6C8-496E-808B-DDB78BE5778A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F2AF3E62-E7C8-4D8F-923B-16D308E0D6D2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FB81BDFE-3EED-401F-B3C2-FF9B58460FF9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FBA0A765-9A2E-4D4E-8044-9D0CE2B475FC}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EB6AC1-FB68-4E6F-9B74-32C054A087D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0C67475B-5708-4211-9351-F41DBEA8C9F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{1621D560-279D-4555-BA70-98D1031B9D13}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{17686B0E-EF3D-418B-9764-77C1012DEEC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2AFA47B0-63AE-4C13-9D5E-419AC7E9A567}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CA030DD-F1ED-4435-93B2-759AEDD5BD2D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3FAE7767-F080-4CED-95ED-71182928195C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{487B8B08-963A-4739-8A1D-59CBBCCC2469}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{49272ABC-09D6-47C6-A122-A4C67683B422}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4FFF22BF-60DD-45D0-8038-FEF51F0D6128}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5139E8EB-7191-4347-B55A-2DD6106FF516}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5168D5FF-12A5-4DC9-940F-8398897D88E7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{61AFE7BB-0DFC-4EDF-9491-3C4EE22392D0}" = protocol=17 | dir=in | app=c:\program files (x86)\searchcore toolbar\datamngr\toolbar\dtuser.exe | 
"{64511B25-A530-4F0A-A98E-3B945EE89331}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{6D645697-7364-4327-BEFD-959784484975}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6D71CA3E-CED4-4EF0-9121-82642199EC74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6E413230-3B9A-4B14-9F67-A3948D091B7C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7362871B-082E-4DB9-9E59-CF9199BED7CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7AA392A6-B460-49E4-B41C-88B34F53A1BF}" = protocol=6 | dir=out | app=system | 
"{7BFBC99A-5117-4D6E-976B-1E477EF444B7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{962F8A56-7E51-44B1-A1EF-22A6DE1DED65}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{96607D5C-4C53-4371-9CBB-75DEC8583A14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A09D20D8-6991-4AAF-B9F4-FA2975DC0F80}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{A715D113-6701-4061-A476-C538E73E27AC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{AA2CF3E3-11DA-4C7C-858E-BF221408D70E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B106008B-F0B2-4F22-8F42-32424626E9F8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{B53B9B40-BE6B-46C1-8282-84AFF0D732F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E454DD8A-F0AE-4A49-BC09-7C3EC72C55A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E5D18CF6-9AF9-4B2A-984A-7A9E55AF4578}" = dir=in | app=c:\users\pia\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{F18EB141-1E38-465D-A07E-FF60DF00FC90}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F63F2334-845B-44DE-A63D-C9B7600F8425}" = protocol=6 | dir=in | app=c:\program files (x86)\searchcore toolbar\datamngr\toolbar\dtuser.exe | 
"{F96DB9C1-0DBB-4A95-A8FD-A4E6A6074103}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FD931E78-FE97-4E34-B164-A6BE45535F3E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"TCP Query User{ABB96FDA-E84A-470C-B6A9-8B2EF3CDF6EC}C:\program files (x86)\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe | 
"TCP Query User{E69705F6-1E22-45FE-87C6-721C3C3712F8}C:\program files (x86)\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe | 
"UDP Query User{B06428F2-EFAA-45CE-A918-FB492B174D55}C:\program files (x86)\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe | 
"UDP Query User{B77D206D-5823-462D-9E18-8921EBCE576B}C:\program files (x86)\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{240FCE0B-F553-4ab3-9C7B-3CD082FCA117}" = NetDeviceManager64
"{3850334B-82B7-4875-BEFD-CB91F2527565}" = 64 Bit HP CIO Components Installer
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5635224E-675C-B94C-43EE-70BCD39BF30B}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8924153C-F29D-3F27-3AAB-389F3B661AD4}" = ccc-utility64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02F3B756-11B3-8077-7FA7-709DDDBAEFD3}" = CCC Help French
"{0620AFAE-46B1-AECB-0D8D-DC6884F72BF5}" = Catalyst Control Center Localization All
"{0DFD17F6-0EFB-3CBA-0692-ED193A6F847A}" = CCC Help Norwegian
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11060D31-08ED-8F55-BB38-0F194E0FE68E}" = CCC Help German
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21F22617-30EA-55D0-C023-574DEFA72935}" = CCC Help English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24691EC2-44CA-88CE-D7D8-673C9C21DABB}" = CCC Help Czech
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2ABC63E9-8E74-F261-4937-C49438279633}" = ccc-core-static
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41EB4D8C-797B-88DA-9CFD-C265BDEF3BE7}" = CCC Help Greek
"{42B49E02-8422-4B41-BABA-2B282E997462}" = Moorhuhn Kart 3 Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{559D1FDB-6D5C-4EF3-8F63-5E1E93A0A244}" = Easy Network Manager
"{56FD9B91-F0EE-A2AE-7289-28E3110C0D08}" = CCC Help Swedish
"{58240652-2AC8-80E3-B980-7E6F58D64CB3}" = CCC Help Japanese
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{690E2911-8512-65D8-1237-A0E43865F226}" = Catalyst Control Center Graphics Previews Common
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6C7CF28E-535B-D453-E935-524116E5D8F3}" = CCC Help Portuguese
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{765DB2B0-943A-1F96-AA98-0DE4BD5ECF98}" = Catalyst Control Center InstallProxy
"{77AA84F1-4A5F-34F6-E9FB-75B234E36748}" = CCC Help Korean
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{976A7F36-3904-3444-588F-A4A47DA7DAAA}" = CCC Help Hungarian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E77CE91-C520-6284-5340-2FED3E34537F}" = CCC Help Chinese Standard
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A4A3BD6D-F267-199A-F402-AC9D8C6A5A1F}" = CCC Help Thai
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4E5E04E-3738-2736-4925-267AB9A313B0}" = CCC Help Spanish
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7DB6FC7-631D-8767-A3DF-4B1467611D3C}" = CCC Help Turkish
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCE95123-10EF-BF71-EFCC-27413278630B}" = CCC Help Italian
"{BD2E478F-C249-FF8B-F544-E22061BA03C5}" = CCC Help Russian
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C96BDE6D-EA35-1445-1E08-634171AE3C82}" = CCC Help Chinese Traditional
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD048DE6-3FD4-F4C2-A98D-A185CA4D94BA}" = CCC Help Danish
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DD953122-ECF9-E725-AF9C-BA4C08AAC1B1}" = Catalyst Control Center Graphics Previews Vista
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E308B555-8434-4AF8-B66F-729897C75F93}" = BatteryLifeExtender
"{E912365F-9F51-C5A0-8153-FEFCFF276608}" = CCC Help Polish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F6AD00BA-3229-D390-84CA-685BFF2F6C21}" = CCC Help Dutch
"{FEF8EFCC-F745-9EB2-B313-9902D03A4C5D}" = CCC Help Finnish
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Updater Service" = Updater Service
"Windows Searchcore Toolbar" = Searchcore Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/7/2012 8:34:07 AM | Computer Name = Pia15 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
 mDNS_reentrancy (0)
 
Error - 7/7/2012 8:34:07 AM | Computer Name = Pia15 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) 
!= mDNS_reentrancy (0)
 
Error - 7/7/2012 8:34:37 AM | Computer Name = Pia15 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
 mDNS_reentrancy (0)
 
Error - 7/7/2012 8:34:37 AM | Computer Name = Pia15 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) 
!= mDNS_reentrancy (0)
 
Error - 7/7/2012 2:12:51 PM | Computer Name = Pia15 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
 mDNS_reentrancy (0)
 
Error - 7/7/2012 2:12:51 PM | Computer Name = Pia15 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) 
!= mDNS_reentrancy (0)
 
Error - 7/12/2012 10:34:07 AM | Computer Name = Pia15 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
 mDNS_reentrancy (0)
 
Error - 7/12/2012 10:34:07 AM | Computer Name = Pia15 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) 
!= mDNS_reentrancy (0)
 
Error - 7/12/2012 10:34:43 AM | Computer Name = Pia15 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_HPSLPSVC, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000005300530043
ID
 des fehlerhaften Prozesses: 0xaa0  Startzeit der fehlerhaften Anwendung: 0x01cd5fc3afbf598e
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: b7c66122-cc2e-11e1-a0a6-002454cc0948
 
Error - 7/13/2012 2:54:31 AM | Computer Name = Pia15 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_HPSLPSVC, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000005300530043
ID
 des fehlerhaften Prozesses: 0x1b74  Startzeit der fehlerhaften Anwendung: 0x01cd603b7a3fec46
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 982110c8-ccb7-11e1-a0a6-002454cc0948
 
[ Media Center Events ]
Error - 5/2/2012 9:17:03 AM | Computer Name = Pia15 | Source = MCUpdate | ID = 0
Description = 15:17:03 - Fehler beim Herstellen der Internetverbindung.  15:17:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 5/2/2012 9:17:09 AM | Computer Name = Pia15 | Source = MCUpdate | ID = 0
Description = 15:17:08 - Fehler beim Herstellen der Internetverbindung.  15:17:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 6/6/2012 4:25:28 AM | Computer Name = Pia15 | Source = MCUpdate | ID = 0
Description = 10:25:27 - Fehler beim Herstellen der Internetverbindung.  10:25:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 6/6/2012 4:25:38 AM | Computer Name = Pia15 | Source = MCUpdate | ID = 0
Description = 10:25:33 - Fehler beim Herstellen der Internetverbindung.  10:25:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 6/6/2012 8:02:52 AM | Computer Name = Pia15 | Source = MCUpdate | ID = 0
Description = 14:02:52 - Fehler beim Herstellen der Internetverbindung.  14:02:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 6/6/2012 8:02:59 AM | Computer Name = Pia15 | Source = MCUpdate | ID = 0
Description = 14:02:57 - Fehler beim Herstellen der Internetverbindung.  14:02:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/30/2012 3:24:41 PM | Computer Name = Pia15 | Source = MCUpdate | ID = 0
Description = 21:24:41 - Fehler beim Herstellen der Internetverbindung.  21:24:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/30/2012 3:24:51 PM | Computer Name = Pia15 | Source = MCUpdate | ID = 0
Description = 21:24:46 - Fehler beim Herstellen der Internetverbindung.  21:24:46 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/30/2012 4:24:58 PM | Computer Name = Pia15 | Source = MCUpdate | ID = 0
Description = 22:24:58 - Fehler beim Herstellen der Internetverbindung.  22:24:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/30/2012 4:25:06 PM | Computer Name = Pia15 | Source = MCUpdate | ID = 0
Description = 22:25:03 - Fehler beim Herstellen der Internetverbindung.  22:25:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 7/30/2012 4:09:57 PM | Computer Name = Pia15 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit
 dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 7/30/2012 4:09:57 PM | Computer Name = Pia15 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 7/30/2012 4:09:57 PM | Computer Name = Pia15 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "netprofm" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 7/30/2012 4:09:57 PM | Computer Name = Pia15 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Netzwerklistendienst" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1069
 
Error - 7/30/2012 4:09:57 PM | Computer Name = Pia15 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 7/30/2012 4:09:57 PM | Computer Name = Pia15 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 7/30/2012 4:09:57 PM | Computer Name = Pia15 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Network Devices Support" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%109
 
Error - 7/30/2012 4:09:57 PM | Computer Name = Pia15 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpqcxs08" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1115
 
Error - 7/30/2012 4:09:57 PM | Computer Name = Pia15 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Anwendungsinformationen" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1115
 
Error - 7/30/2012 4:12:19 PM | Computer Name = Pia15 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
 
 
< End of report >
         
Vielen Dank im Vorraus
lg R3BEL

Alt 07.08.2012, 14:47   #2
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 - Standard

GVU Trojaner 2.07





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
MOD - [2012/07/28 14:02:47 | 000,276,392 | ---- | M] () -- C:\Users\Pia\AppData\Local\Temp\g7i0ol_kaz.exe 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms} 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox 
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms} 
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} 
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultenginename: "Search Results" 
FF - prefs.js..browser.search.order.1: "Search Results" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.startup.homepage: "http://www.searchcore.net/426" 
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=161111&systemid=426&sr=0&q=" 
FF - prefs.js..network.proxy.no_proxies_on: "*.local" 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) 
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) 
O4 - HKCU..\Run: [Facebook Update] C:\Users\Pia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found 
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found 
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
[2012/07/28 14:02:48 | 000,001,881 | ---- | M] () -- C:\Users\Pia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:268F887D 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2430E4FC 

[2012/07/30 22:19:30 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 
[2012/07/30 22:19:30 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 
[2012/07/30 22:19:19 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012/07/30 21:37:29 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012/07/30 21:00:05 | 000,001,130 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-76830181-1066914796-2057996457-1001UA.job 
[2012/07/30 20:17:28 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad 
[2012/07/30 20:11:13 | 000,001,108 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-76830181-1066914796-2057996457-1001Core.job 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 08.08.2012, 11:52   #3
R3BEL
 
GVU Trojaner 2.07 - Standard

GVU Trojaner 2.07



Hier die Log-File:

Code:
ATTFilter
All processes killed
========== OTL ==========
Releasing module C:\Users\Pia\AppData\Local\Temp\g7i0ol_kaz.exe
C:\Users\Pia\AppData\Local\Temp\g7i0ol_kaz.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.searchcore.net/426" removed from browser.startup.homepage
Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=161111&systemid=426&sr=0&q=" removed from keyword.URL
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Pia\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Users\Pia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
ADS C:\ProgramData\Temp:268F887D deleted successfully.
ADS C:\ProgramData\Temp:2430E4FC deleted successfully.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-76830181-1066914796-2057996457-1001UA.job moved successfully.
C:\ProgramData\zak_lo0i7g.pad moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-76830181-1066914796-2057996457-1001Core.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Pia\Desktop\cmd.bat deleted successfully.
C:\Users\Pia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Pia
->Temp folder emptied: 1241318 bytes
->Temporary Internet Files folder emptied: 10947344 bytes
->Java cache emptied: 536829 bytes
->FireFox cache emptied: 54813795 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 810 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1192670 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 2340 bytes
 
Total Files Cleaned = 66.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Pia
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 08082012_124435

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll scheduled to be moved on reboot.
File\Folder C:\Users\Pia\AppData\Local\Temp\OICE_80BB1A1D-62A8-4E17-978A-77B87BFA4C16.0\52A94122. not found!
C:\Users\Pia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Pia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Pia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\windows\temp\TMP000000110ED40950370B1A59 moved successfully.

PendingFileRenameOperations files...
[2012/06/07 14:46:24 | 000,436,192 | R--- | M] (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll : MD5=3656CEB53172661E261C95EC71944FB4
File C:\Users\Pia\AppData\Local\Temp\OICE_80BB1A1D-62A8-4E17-978A-77B87BFA4C16.0\52A94122. not found!
File C:\Users\Pia\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Pia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Pia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!
File C:\windows\temp\TMP000000110ED40950370B1A59 not found!

Registry entries deleted on Reboot...
         
Lg
R3BEL
__________________

Alt 08.08.2012, 15:13   #4
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 - Standard

GVU Trojaner 2.07



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 08.08.2012, 18:07   #5
R3BEL
 
GVU Trojaner 2.07 - Standard

GVU Trojaner 2.07



mhm nachdem ich den OTL Fix benutzt haben wurde der Windowskey deaktiviert und der Code auf der Rückseite meines Laptops wird als ungültig gelistet. Was soll ich dagegen unternehmen ?

Malware fand zwei Viren. Diese haben ich auch entfernt durch das Programm.

Hier der adwlog:

Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/08/2012 at 18:59:45
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Pia - PIA15
# Running from : C:\Users\Pia\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\IBUpdaterService
File Found : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\jhel0iwz.default\searchplugins\Search_Results.xml
File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

***** [Registry] *****

Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\DataMngr_Toolbar
[x64] Key Found : HKLM\SOFTWARE\DataMngr

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AF6AC4F2-9825-4FB6-A600-92BC5361F209}]
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchcore.net/426

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Pia\AppData\Roaming\Mozilla\Firefox\Profiles\jhel0iwz.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.60

File : C:\Users\Pia\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :         "name" : "Search Results",
Found :         "search_url" : "hxxp://dts.search-results.com/sr?src=crb&appid=161111&systemid=426&sr=0&q={s[...]
Found :     "homepage" : "hxxp://www.searchcore.net/426",

*************************

AdwCleaner[R1].txt - [2718 octets] - [08/08/2012 18:59:45]

########## EOF - C:\AdwCleaner[R1].txt - [2846 octets] ##########
         


Alt 08.08.2012, 19:21   #6
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 - Standard

GVU Trojaner 2.07



Zitat:
Zitat von R3BEL Beitrag anzeigen
mhm nachdem ich den OTL Fix benutzt haben wurde der Windowskey deaktiviert und der Code auf der Rückseite meines Laptops wird als ungültig gelistet.
Wer sagt das?
Mache eine telefonische Aktivierung



Zitat:
Malware fand zwei Viren. Diese haben ich auch entfernt durch das Programm.
Wo ist das Log?
(Reiter Scan-Berichte)
__________________
--> GVU Trojaner 2.07

Alt 24.08.2012, 02:39   #7
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 - Standard

GVU Trojaner 2.07



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU Trojaner 2.07
antivir, audacity, autorun, avira, bho, bonjour, document, error, firefox, flash player, google, helper, home, install.exe, installation, limited.com/facebook, logfile, mozilla, plug-in, realtek, registry, rundll, scan, searchcore, security, software, superfish.com, svchost.exe, symantec, system, trojaner, trojaner-board, unlock, windows, wsearch



Zum Thema GVU Trojaner 2.07 - Hallo liebes Trojaner-Board Team, mein Arbeitslaptop hat sich den wunderbaren GVU Trojaner 2.07 ( Webcam-Version) eingefangen. Ich weiß OS plattmachen und neuaufsetzten ist das einfachste bei so einem Trojaner allerdings - GVU Trojaner 2.07...
Archiv
Du betrachtest: GVU Trojaner 2.07 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.