Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.07.2012, 15:17   #1
dk-jule
 
2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) - Standard

2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)



Hey,

hier ein zweites Thema, da auch der Rechner meines Freundes mit dem GVU Trojaner befallen war.
Es ist die Webcam Version des Trojaners (d.h. auf dem GVU Screen ershceint rechts oben ein Webcambild desjenigen, der gerade vorm Laptop sitzt... die Webcam vom Rechner ging automatisch an und zeigte mich mit tollem Gesichtsausdruck.. )

Rechner:
Win 7 64bit Version

Ist der Rechner jetzt sauber?
Die Entfernung mit Kaspersky Rescue Disk 10 hatte nicht funktioniert.
Ich habe den Rechner via 'abgesichertem Modus mit Eingabeauffroderung' auf den letzten Systemherstellungspunkt zurückgesetzt.

Beste Grüße und vielen Dank im Voraus,
Julia


anbei die Log Files:
OTL / Extras
Malwarebytes Scan (Quick Scan)
CCleaner (Liste installierter Programme)

OTL.txt
Code:
ATTFilter
OTL logfile created on: 07.07.2012 15:49:54 - Run 1
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 51,03% Memory free
7,73 Gb Paging File | 5,34 Gb Available in Paging File | 69,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 474,62 Gb Free Space | 79,62% Space Free | Partition Type: NTFS
Drive F: | 7,45 Gb Total Space | 1,95 Gb Free Space | 26,14% Space Free | Partition Type: FAT32
 
Computer Name: SLOWY-LAPTOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\program files (x86)\avira\antivir desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe (Synaptics Incorporated)
PRC - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)
PRC - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\06269663e6482bc4ceeb48c2a7d1ad34\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\SysWOW64\SynTPEnhPS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ScrybeUpdater) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 6E E5 3E D1 3F CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9BBC9A74-B28E-4005-B3AF-F2D477619A8C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BBC9A74-B28E-4005-B3AF-F2D477619A8C}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{693F8FD7-10A0-4C49-AF3B-0C3A7DACDBFF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b0476f03-5868-11e1-a422-f04da29b1743}\Shell - "" = AutoRun
O33 - MountPoints2\{b0476f03-5868-11e1-a422-f04da29b1743}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.07 15:49:33 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.07.07 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.07.07 15:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.07 15:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.07 15:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.07 15:48:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.07 15:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.07 15:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.07 15:38:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{16823E8C-A078-4C66-8943-AD21FB8449C7}
[2012.07.07 15:38:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C989013F-95AA-4EFA-8AE1-EDAA5ACD851B}
[2012.07.07 15:24:48 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.07.07 12:25:20 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.06 09:02:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BD658276-142E-484F-A398-E8C5188B962E}
[2012.07.06 09:02:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{865127F8-C981-47F8-A24E-0D9FC3E197F9}
[2012.07.05 10:34:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D5A3D1B2-7827-4597-BE49-11C346BB240B}
[2012.07.05 10:34:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9D8BC2F7-6850-4272-A77C-5496FB95998C}
[2012.07.04 10:01:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A520C90F-833B-4938-BE2C-5DD8307E92B5}
[2012.07.04 10:01:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4F8BBA10-4E6D-4973-8ED9-C38E8EAD6122}
[2012.07.03 22:00:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{25472629-CDB2-498D-BC22-8A468897252C}
[2012.07.03 22:00:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D0DCF4FB-3A62-4325-8E1F-325F47F1DD8F}
[2012.07.03 10:25:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Skype
[2012.07.03 10:25:23 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.03 10:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.03 10:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.03 10:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.07.03 08:41:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AEAB6F4D-68F0-400B-B006-61F499F48ADD}
[2012.07.03 08:41:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E20E0B88-963F-4109-A719-EFDBF7D564D8}
[2012.07.02 07:20:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{71D9A49F-4963-49F3-A66F-4DB42FD772ED}
[2012.07.02 07:20:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E663E06E-2A63-4EC3-9ABF-31FF1D5B4DD9}
[2012.07.01 12:45:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BDD86BAB-13D3-4A09-A7EA-2ED2DF6756D9}
[2012.07.01 12:45:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8BCADFC1-A24C-4CA7-8CF6-74478859557F}
[2012.06.30 20:53:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4F32F56F-ED59-4A0A-902F-CF04AA27D8B3}
[2012.06.30 20:53:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5A0C917D-1371-4F2C-98C9-692FB628300E}
[2012.06.30 08:52:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{49F7F8ED-006D-4578-950B-E99F36D7FC08}
[2012.06.30 08:52:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BA4D338A-565C-46D5-89D8-0346C4F2FF9F}
[2012.06.29 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5E0D07A8-710A-417C-A449-1A3DAD0C0DCB}
[2012.06.29 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A82E456A-1EC4-4F37-892A-05C473CADD07}
[2012.06.28 23:32:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BDFF3426-26C9-41F0-A8BF-ECC57F8DEA6A}
[2012.06.28 23:31:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2F80A2AD-C649-4F06-8689-0D3DDEB85FC7}
[2012.06.28 11:31:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D8035D53-EB6B-4D05-ABC0-FD2FD553A136}
[2012.06.28 11:31:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AAFE1ECA-AF5B-4CA8-8EAB-A70242BDBCF8}
[2012.06.27 11:13:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5FF2287D-10D0-492A-B0CD-A55073DC8FCB}
[2012.06.27 11:13:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{27F79668-4BA2-4BC9-B588-A4D9101217AA}
[2012.06.25 10:52:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{99ACA8E4-8ED9-45C0-AD22-CDD1F4B0A4A2}
[2012.06.25 10:52:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E05AD055-6C07-42A4-9668-672511EC25CC}
[2012.06.24 20:19:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2C358A6F-9CB3-41A1-87CC-B0E26312C7F8}
[2012.06.24 20:19:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ED604B5C-55A4-4696-873A-0409AE7B85B0}
[2012.06.24 08:18:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D2C1B0AF-7719-45B9-BDF8-067879A8A1AB}
[2012.06.24 08:18:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{76896CF5-ECA3-4C06-A75B-FBE23446BBDB}
[2012.06.23 11:48:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{348CBD21-59D9-41E9-BBEF-FBA38774C81D}
[2012.06.23 11:48:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BA1DDF4F-C4C7-4CC6-AB96-BFC7519D6A5A}
[2012.06.23 10:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.23 10:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.23 10:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.06.23 10:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.23 10:00:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\olsztyn
[2012.06.22 23:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2012.06.22 23:47:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EBFA8C02-E603-4441-AEDA-A05CC67486C7}
[2012.06.22 23:47:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D00AB6B6-271B-4621-9B3A-1933A0CF4F11}
[2012.06.22 11:01:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0F26B8B4-82B7-4B83-AD24-E95CF99EFFE7}
[2012.06.22 11:01:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4028A972-6237-4BD8-9336-6D24C9B88DA1}
[2012.06.21 22:56:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{28819102-577D-454B-9A64-BF2340E6010A}
[2012.06.21 22:56:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{98C8FFB8-81C8-4982-8F42-C6FAC9C229DA}
[2012.06.21 12:31:47 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.06.21 12:29:48 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012.06.21 12:25:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{060C4CC9-0215-430B-88F3-EDEE0921356E}
[2012.06.21 12:25:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0D112525-2541-46C2-B69A-C7B7D4DE81E5}
[2012.06.21 09:42:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F02CD3E8-5BEF-4090-A2E3-201611BAAAB5}
[2012.06.21 09:42:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{47326FE9-A6FC-43DE-88FC-C450E30990E8}
[2012.06.21 08:40:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AE7556BA-4132-4605-90FD-B5CF82ABFB8D}
[2012.06.21 08:40:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{60CD9344-08F7-421A-A957-E125AB70E218}
[2012.06.20 22:50:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{06D6EB4D-BDAC-456D-B1D6-4A10A280F63F}
[2012.06.20 22:50:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{435AA412-2369-4A01-9432-D2E11627DD86}
[2012.06.20 15:19:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B99E259B-75FE-4B1C-9F8A-E56244552575}
[2012.06.20 15:19:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{34AC5A90-7F4E-49DE-A55D-16EDD3140A6C}
[2012.06.20 13:48:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6DD76D90-DCC2-49E4-80FF-6B3D3FF13809}
[2012.06.20 13:48:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F3D6DA0F-26AB-474C-AECD-A2CA41C69D04}
[2012.06.20 10:58:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{37B7CF3F-9016-4177-A011-42838556BB02}
[2012.06.20 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A52DD540-196E-497B-B93B-BBDDA8205303}
[2012.06.19 22:38:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BE11BF7D-98DF-404D-A7F9-4142A9C3A5C6}
[2012.06.19 22:37:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B31E87B0-087D-4326-B87F-19CBB9F72A6D}
[2012.06.19 14:45:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{79EDE67B-02B5-4E3E-B4B4-F3F6C58F1CD9}
[2012.06.19 14:44:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4CAE7961-448E-44A1-8EDE-38427C4ED3BE}
[2012.06.19 12:55:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A6E426D5-9E73-498A-A989-4478AD55D9A1}
[2012.06.19 12:55:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{37E50F05-35CD-474B-8167-4E63189264BC}
[2012.06.19 09:43:57 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.19 09:43:57 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.19 09:43:57 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.19 09:43:44 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.19 09:43:44 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.19 09:43:44 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.19 09:43:31 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.19 09:43:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.19 09:40:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C3D27DB1-833B-4F78-BC06-912466737C4E}
[2012.06.19 09:40:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DDD9F5EF-BBF5-4070-AF65-98C2D5E91E24}
[2012.06.17 12:54:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8B1A0318-672A-44AC-8DAD-58A42287F77D}
[2012.06.16 20:40:55 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\irish
[2012.06.16 10:45:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4637A8C4-F42C-4CB6-A764-4AF24547E022}
[2012.06.15 10:04:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F41EF9F2-DA06-4D7C-BBBA-F0AB4C4F9C7D}
[2012.06.14 17:04:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1D6BA126-B650-4C4F-BCF4-D94114E35E8E}
[2012.06.14 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{419C3EC8-1C7D-46AA-85A4-4BB8375F2A2B}
[2012.06.14 16:44:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DF9C6D2D-ED48-47B2-BE9B-C2C96D9536F9}
[2012.06.14 16:43:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2D715485-1C56-4A4B-8539-1A365947212A}
[2012.06.14 14:24:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2E4A029D-97EA-48B5-BC4E-801CA9379174}
[2012.06.14 14:23:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7DA252F6-99D5-4ED1-95F9-345424E8AB82}
[2012.06.14 13:42:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F0294073-1162-404E-B300-82D87360A9E6}
[2012.06.14 13:42:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{576A2875-BEDC-4BDA-8CAA-B552D41B6124}
[2012.06.14 10:27:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6BDE1944-6410-4C01-8324-16934AFFE5E2}
[2012.06.14 10:27:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AC5E3806-4164-486B-8F5A-FDE48BC06501}
[2012.06.13 21:12:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DE9776FC-3AE8-46B0-B723-2BB317B3A20D}
[2012.06.13 21:12:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2F921977-6258-4288-A3DC-F80E9F643549}
[2012.06.13 20:31:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5757FCBE-A8F0-4E03-BE72-22B27A1D48AC}
[2012.06.13 20:31:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{21189E7C-A3A8-4407-98B5-334A8C1BBB28}
[2012.06.13 18:35:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8D3C3400-B99C-4B0B-906B-F95F562E3026}
[2012.06.13 18:34:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{61985E19-BFB8-4B70-B72E-65F194AD42FD}
[2012.06.13 14:28:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5831BD6E-F733-45F3-9D4D-8710A9B282C4}
[2012.06.13 14:28:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{443C62F2-8DCF-46FD-93D0-4C0B9F9D4D42}
[2012.06.13 13:03:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{768680F9-5951-4A3A-9EAF-FE1E6EFA6976}
[2012.06.13 13:02:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{208F66E3-4F1E-4C37-B059-94F2963C1A6E}
[2012.06.13 12:01:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 12:01:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 12:01:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 12:01:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 12:01:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 12:01:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 12:01:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.13 12:01:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.13 12:01:17 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.13 12:01:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.13 12:01:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.13 12:01:16 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 12:01:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.13 10:01:47 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 10:01:46 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.13 10:01:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 10:01:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 10:01:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 10:01:36 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 10:01:33 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.13 10:01:30 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.13 10:01:29 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.13 09:47:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7BAC72B2-0E6A-4569-894D-EF14C87AA762}
[2012.06.13 09:46:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9B148FE7-24A8-4044-A644-401DEA7074DE}
[2012.06.12 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{697ED71B-8157-4F93-9E43-A62002C772D1}
[2012.06.12 18:14:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CE9A7A2A-9D65-4ED7-A44A-BB52735B4D9E}
[2012.06.12 16:52:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C492A42C-D40B-4587-88BB-EE6D7CEBA2D1}
[2012.06.12 16:52:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3623CC06-891B-41D1-9085-7EC79585C1A4}
[2012.06.12 14:34:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6EC76C52-9599-4225-A731-ABACF3B17B9D}
[2012.06.12 14:34:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CEB0CB5F-3C83-43D9-AA8E-12A4091B5AF2}
[2012.06.12 11:11:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{949B9BB9-1F70-4B0E-81E6-DA702B2BCABD}
[2012.06.12 11:11:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9E04D120-7861-47A3-89B7-D2BB57B7F8E8}
[2012.06.11 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A9486202-9C2D-4D06-BB9A-30E5866A4A60}
[2012.06.11 21:42:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6DA0E5D8-7B50-4103-9F66-A204840DE6FD}
[2012.06.11 18:13:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FE0ADAF2-EBC6-48F7-A856-DF058ECBE79F}
[2012.06.11 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8B832F81-A47C-4EF7-A2CA-FB58F0E2B42C}
[2012.06.11 11:35:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1BB6679C-2BCA-42E1-956F-AE4F0027FE94}
[2012.06.11 11:35:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{57F25263-EFDE-4D36-BC20-225DCC8F3471}
[2012.06.11 09:45:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F1421748-1099-4BC0-BB79-18B0D51A31C7}
[2012.06.11 09:44:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{012AC4D9-FE4A-4775-BEE9-7B0C1C84614C}
[2012.06.10 20:34:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F49014B1-59E8-412A-8107-60776A0FECB2}
[2012.06.10 20:34:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{02CE511A-48DA-4FD1-89DA-55D821E926BD}
[2012.06.10 18:12:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8F993571-FFF3-438C-A46F-6E497F99E368}
[2012.06.10 18:12:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{14268F5A-BCAD-49B1-BA4D-FBBACB83A49B}
[2012.06.10 13:03:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5F1B3F1C-0772-40D8-81D2-C5BB0C90CCAA}
[2012.06.10 13:03:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F669104F-B760-407A-83E8-9ACFDE13AFCD}
[2012.06.08 19:58:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{58FB11E2-3653-4663-B983-B409900F2EC5}
[2012.06.08 19:58:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AC13C6C5-5924-409C-AB76-3C48785F95EE}
[2012.06.08 15:57:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{786339A5-6F75-4FDD-B400-79CC25C946A2}
[2012.06.08 15:57:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1E580D5E-DDB5-4385-A9C2-B566D08E477D}
[2012.06.08 13:21:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8A22479C-DC6F-4538-AB94-10229401FF75}
[2012.06.08 13:21:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3879910E-0A94-49C3-8E65-64CDB5DAB968}
[2012.06.08 09:21:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ECE86E08-AE15-4B27-BA19-12EE3E7EE632}
[2012.06.08 09:21:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7495338C-43BC-4D8F-AC54-772238BAF96A}
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.07 15:50:46 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.07 15:50:46 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.07 15:50:46 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.07 15:50:46 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.07 15:50:46 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.07 15:50:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.07.07 15:48:36 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.07 15:48:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.07 15:44:39 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.07 15:44:39 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.07 15:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.07 15:38:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.07 15:37:53 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.07 15:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.07 15:37:17 | 3113,230,336 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.07 15:31:28 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.07 15:29:26 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2012.07.05 18:44:07 | 000,184,670 | ---- | M] () -- C:\Users\User\Desktop\Bayern_Vermessung.pdf
[2012.07.05 18:43:53 | 000,038,418 | ---- | M] () -- C:\Users\User\Desktop\GISFachkraft.pdf
[2012.07.03 10:33:41 | 000,060,055 | ---- | M] () -- C:\Users\User\Desktop\skype.jpg
[2012.07.03 10:25:23 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.25 18:33:18 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.24 08:39:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.24 08:39:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.23 10:09:35 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.17 17:24:45 | 000,283,767 | ---- | M] () -- C:\Users\User\Desktop\Mahnung.pdf
[2012.06.13 13:01:14 | 000,435,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.07.07 15:48:36 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.07 15:48:23 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.07 15:29:26 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2012.07.06 19:33:25 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.05 18:44:07 | 000,184,670 | ---- | C] () -- C:\Users\User\Desktop\Bayern_Vermessung.pdf
[2012.07.05 18:43:53 | 000,038,418 | ---- | C] () -- C:\Users\User\Desktop\GISFachkraft.pdf
[2012.07.03 10:34:22 | 000,060,055 | ---- | C] () -- C:\Users\User\Desktop\skype.jpg
[2012.07.03 10:25:23 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.23 10:09:35 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.17 17:24:44 | 000,283,767 | ---- | C] () -- C:\Users\User\Desktop\Mahnung.pdf
[2012.01.24 17:06:10 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.30 18:15:58 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011.07.14 22:02:34 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.07.07 19:49:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.26 15:39:54 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.02.16 12:16:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2012.02.16 12:10:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Pro
[2012.04.23 09:36:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Downloaded Installations
[2012.06.16 20:43:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2012.06.03 13:14:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.11 17:38:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2012.02.16 12:41:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin
[2012.03.14 14:13:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PCDr
[2011.09.15 14:59:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SharePod
[2012.03.13 18:57:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Simfy
[2011.07.14 22:06:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Synaptics
[2012.01.26 12:33:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Titanium
[2011.12.31 00:58:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\tmp
[2011.07.12 20:28:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
[2012.01.24 16:44:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions
[2011.09.19 19:27:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Xilisoft
[2012.06.25 18:33:18 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.07.03 15:41:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.07 15:50:01 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 07.07.2012 15:49:54 - Run 1
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 51,03% Memory free
7,73 Gb Paging File | 5,34 Gb Available in Paging File | 69,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 474,62 Gb Free Space | 79,62% Space Free | Partition Type: NTFS
Drive F: | 7,45 Gb Total Space | 1,95 Gb Free Space | 26,14% Space Free | Partition Type: FAT32
 
Computer Name: SLOWY-LAPTOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0647EC19-88CB-4247-B203-231589DC8E2C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{11D827EA-CD66-44AA-A333-C16592950FD6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2EDB247E-438C-41F2-A918-CAFDB630D672}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2EF91754-4ED3-40E3-8D8C-88A637C2AB9F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{37A6C23E-1AA6-409A-BD39-1196289B4A5D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3BAF7C5E-EF7F-450C-B0A7-65B565391455}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3F281DBF-53EA-4094-8338-2D6797F221AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{459D0368-4340-4C0E-8135-4A99DA357362}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5D401CD7-2DC3-48E4-BEF2-24339EC312B6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{640552A9-E121-43CC-A3E9-B44295AE97B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{74EAAAB4-A91C-4B85-AA15-43DA4F6B13F8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{89AFF692-98D7-4CFE-A05B-909AD825CEB0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9297198F-2AFE-4752-9440-237F02DD08EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A2D2D10A-4BB5-4C8C-A126-C77BC6223599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AEA03DC9-BCD7-4497-A015-4D0803753760}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B368BA1A-28B6-4950-92A4-38DBDE21587C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BAD2D0EF-EB85-4BA1-9FA8-F86CAA96FF62}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C38C3F17-B0AC-4709-8E40-6C8BC3302D60}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C7E47663-98D5-4A3A-9C5E-BC5D1949C1F4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D2BC0868-D5C8-4DA3-9E83-53BAD6732699}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D2EE3934-629C-412C-B251-698732859D7A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D8D56E55-E093-4CFF-AC07-8351F5E3CCCC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E251ABD1-F97A-4300-8F3B-66756C93BA37}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E7D6A3A1-5503-4BDE-9D94-B858DA1BC302}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F151FBFB-5509-4982-9209-A7F9E2EC86D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FD899067-DC71-4A1C-8572-6DB3E3012736}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0193DA55-622D-4035-AD4A-70DAC1F829F2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{0E0C4097-C48B-4C13-A203-8F71DF20317D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0F8C9164-8A2C-4EB4-AD1B-C0E1D2F7D11A}" = protocol=6 | dir=out | app=system | 
"{19321F1E-B7BE-4E9B-8395-8AE9732A065C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1A634BC9-3CE2-49A9-AD7F-1BEA39B60472}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1ACAADAF-0D7B-45F7-8F6F-2C9EE805F9DF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{202F6B99-D032-4991-8CE1-0C22E0AC58B0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{285C38C8-8D20-4F89-8321-1B7F161996D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{34438BF1-9C5E-4549-8FC9-7D4510F440A5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3C0F453A-7225-4A0C-A143-532BA9A6EE4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4326D249-0060-4EBE-B709-C94C042C77AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{478C299D-107E-408C-B8D1-6DDCC32B39C9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4F395A2B-5149-4A63-9D30-802BC8FF9186}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{51E6E308-1AB5-48B6-A183-F830D919ECE8}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{53897C8C-8DFF-4D63-A930-3C4E59E158C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{59E8592F-802E-4B41-A0DD-6A5F6605F129}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{73951D19-8AE2-4AFA-A4D1-4C26E6B0F5D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{83B5B402-C8EA-4E21-8DA3-D243C5617008}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{857BE93B-4930-4CD7-B108-9C6BAE92E41D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{87F62BC3-7F42-4FF8-89A1-672379272687}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8839573A-283C-4834-9A68-D70FE5BF2203}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8F140529-5D2B-4FAD-95C4-6DC1D27F85A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{95339CD1-932A-48E8-96F3-AF1C3598EC5D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{987FFCA1-3B16-4E56-827B-B26183CFA61B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{996C8736-EA93-4FF8-870A-D07D2568A5A3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{A3E86297-85DE-43B1-9F99-63B7378570B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A5E2EF4C-0823-4BD7-B096-EA2C0CB098BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE22F492-4BEF-4AF1-9162-1DE683D768FD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C391F9B4-3BFF-4C11-8E16-90041CD5D8DF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C454C70A-228C-4F22-9584-70F9CA252F46}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D04E6BD9-48D9-4FBF-8389-D5A0DE15BF12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D0F8B3ED-9350-4FA6-B55B-8C90C512C01E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D3232226-DCE0-4F05-A94A-8477A7976131}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{D72659A5-B6AB-4548-9092-01DDE9E5A98C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DFD174D6-FE3C-4B27-BFC1-20716F28E297}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FB14D546-B61A-4D15-A5CC-F461A7865AD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{5D219FA2-27D9-4B2D-9479-E40780A86954}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{8A45E2F9-76DC-4C6F-BECA-25122DBC3964}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe | 
"TCP Query User{AF045C69-43A0-49EE-9AC2-AEC30B3FFD67}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{F51027AE-5D8B-438D-A1D2-7E3A3E556F14}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{FFB01EE7-1B59-4640-9AF3-A947F2CB66C7}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{520C02FD-3C5A-4545-BEB8-38DADBF0E5CC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{65DC2CF6-142C-4FC3-AD9F-7A3B817D415C}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe | 
"UDP Query User{AF0E4CB4-C7F7-49DE-96C0-F33A453263F1}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{EB1FDCE0-F706-49C3-8F67-8E65708A6849}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{F3720A5D-DA26-4B3D-86D2-841620180529}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi-Software
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F59A8AC-1D7B-8578-38F7-8F5166FA8580}" = ccc-utility64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF5745D9-C0A7-4D40-2900-AD093F232827}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501)
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{1B2BDFB3-3786-A62F-F498-83F9EE3FBD0F}" = CCC Help Japanese
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{20068980-5702-5CA7-F335-6592852F7F59}" = CCC Help Italian
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{302188C7-ADCF-4328-8E2E-FE9DCC2F40BD}" = Hauppauge TV Tuner Driver
"{3031A053-DC97-4D03-9179-BF6F98F63FA2}" = Wunderlist
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D6F16CA-13B8-6425-A71A-B91DB3E14F51}" = CCC Help Danish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE43CB4-9FB5-82E1-780C-9D38E2F1391E}" = CCC Help Dutch
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{597BBBD5-8A69-CF88-2DE3-67194CE5C071}" = Catalyst Control Center Graphics Previews Common
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7677040A-E5AA-998C-8810-59F0B5D3E0A8}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC90569-A7DB-5EA0-A9FE-0C5799A28B11}" = CCC Help Chinese Traditional
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DEB7DD7-FC6D-76C6-712D-40968A736963}" = CCC Help Swedish
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92531F24-21E5-C8EC-30E6-D56536FD61C7}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0080-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BC422FB-175A-0191-C141-B8B453DAF06E}" = Catalyst Control Center Graphics Previews Vista
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1C21906-351B-685E-7263-A4C30DF381E0}" = CCC Help German
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB6EE148-B13E-C19D-2732-CD0EB23C39B8}" = CCC Help Portuguese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B834524D-C302-F626-87D6-5E7352FBE502}" = simfy
"{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}" = ccc-core-static
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D11D2A79-78FA-EA15-CC16-8F24817EAED2}" = CCC Help Korean
"{D165A6B1-6985-072E-969E-333D759D6777}" = CCC Help Spanish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}" = Dell Digital Delivery
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF28B648-9636-5DE8-A072-54A5323B0CDA}" = CCC Help Norwegian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8DEB138-8DAC-EB25-87CE-D38A2C1C35CE}" = CCC Help French
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F393B7C2-136F-2956-30A3-1099C8394B51}" = CCC Help Chinese Standard
"{F6F4AF75-109A-638B-80D5-87283B00CD5E}" = Catalyst Control Center Localization All
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB46EFDE-44F4-83F1-3044-68F5E95E3D4E}" = CCC Help English
"{FBCCCFB0-D89D-C91F-B9B1-8AB1760C1DD0}" = CCC Help Russian
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Dock" = Dell Dock
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Central" = Dell Webcam Central
"Dell Webcam Manager" = Dell Webcam Manager
"DVDFab 8 Qt_is1" = DVDFab 8.1.1.2 (08/08/2011) Qt
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.908
"Free Studio_is1" = Free Studio version 5.1.5
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Hauppauge TV Tuner Diagnostics" = Hauppauge TV Tuner Diagnostics (1.2.7076)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"pdfsam" = pdfsam
"PS3 Media Server" = PS3 Media Server
"Simfy" = simfy
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"SP-Downloader" = SP-Downloader
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.07.2012 11:26:25 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1076
 
Error - 06.07.2012 11:26:26 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.07.2012 11:26:26 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2121
 
Error - 06.07.2012 11:26:26 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2121
 
Error - 06.07.2012 11:26:27 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.07.2012 11:26:27 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3135
 
Error - 06.07.2012 11:26:27 | Computer Name = Slowy-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3135
 
Error - 06.07.2012 12:48:43 | Computer Name = Slowy-Laptop | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16446 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1548    Startzeit: 01cd5b5918910626    Endzeit: 0    Anwendungspfad: 
C:\Program Files (x86)\internet explorer\iexplore.exe    Berichts-ID:   
 
Error - 06.07.2012 12:50:27 | Computer Name = Slowy-Laptop | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16446 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 180c    Startzeit: 01cd5b9738347102    Endzeit: 0    Anwendungspfad: 
C:\Program Files (x86)\internet explorer\iexplore.exe    Berichts-ID:   
 
Error - 06.07.2012 12:51:46 | Computer Name = Slowy-Laptop | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16446 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1b60    Startzeit: 01cd5b9772031be2    Endzeit: 0    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
[ System Events ]
Error - 07.07.2012 09:32:38 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.07.2012 09:32:38 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst 
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 07.07.2012 09:32:38 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.07.2012 09:32:38 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.07.2012 09:32:38 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.07.2012 09:32:38 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  avipbb  avkmgr  DfsC  discache  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx  vwififlt  Wanarpv6
WfpLwf
 
Error - 07.07.2012 09:34:00 | Computer Name = Slowy-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 07.07.2012 09:37:26 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Planer" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%305.
 
Error - 07.07.2012 09:37:27 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%303.
 
Error - 07.07.2012 09:47:52 | Computer Name = Slowy-Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%303.
 
 
< End of report >
         

Malwarebytes (Quick Scan)

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: SLOWY-LAPTOP [Administrator]

Schutz: Aktiviert

07.07.2012 15:50:45
mbam-log-2012-07-07 (15-50-45).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 198120
Laufzeit: 3 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

CCleaner (Liste installierter Programme)

Code:
ATTFilter
Adobe AIR	Adobe Systems Incorporated	13.03.2012		3.1.0.4880
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	11.06.2012	6,00MB	11.3.300.257
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	24.06.2012	6,00MB	11.3.300.262
Adobe Reader X (10.1.0) - Deutsch	Adobe Systems Incorporated	12.07.2011	118MB	10.1.0
Advanced Audio FX Engine	Creative Technology Ltd	14.03.2012		1.12.05
Advanced Video FX Engine		14.03.2012		
Apple Application Support	Apple Inc.	23.06.2012	61,0MB	2.1.9
Apple Mobile Device Support	Apple Inc.	23.06.2012	24,5MB	5.2.0.6
Apple Software Update	Apple Inc.	23.01.2012	2,38MB	2.1.3.127
ATI Catalyst Install Manager	ATI Technologies, Inc.	14.03.2012	22,3MB	3.0.778.0
Avira Free Antivirus	Avira	09.05.2012	104MB	12.0.0.1125
Bonjour	Apple Inc.	23.01.2012	2,04MB	3.0.0.10
CCleaner	Piriform	22.06.2012		3.20
Cisco EAP-FAST Module	Cisco Systems, Inc.	14.03.2012	1,55MB	2.2.14
Cisco LEAP Module	Cisco Systems, Inc.	14.03.2012	644KB	1.0.19
Cisco PEAP Module	Cisco Systems, Inc.	14.03.2012	1,23MB	1.1.6
DAEMON Tools Lite	DT Soft Ltd	16.02.2012		4.45.3.0297
Dell Digital Delivery	Dell Products, LP	22.06.2012	2,41MB	2.2.2000.0
Dell Dock	Stardock Corporation	11.07.2011		2.0
Dell Dock				
Dell Driver Download Manager	Dell Inc	14.03.2012		3.0.0.0
Dell Resource CD	Ihr Firmenname	13.03.2012	1,92MB	1.00.0000
Dell Support Center	Dell Inc.	14.03.2012	128MB	3.1.5907.23
Dell Webcam Center		14.03.2012		
Dell Webcam Central	Creative Technology Ltd	14.03.2012		1.40.05
Dell Webcam Manager		14.03.2012		
DVDFab 8.1.1.2 (08/08/2011) Qt	Fengtao Software Inc.	08.09.2011	49,4MB	
DW WLAN Card Utility	Dell Inc.			5.60.48.35
Fifa 12 (c) Electronic Arts version 1		16.02.2012		1
Free Audio CD to MP3 Converter version 1.3.12.908	DVDVideoSoft Ltd.	24.01.2012	50,8MB	
Free Studio version 5.1.5	DVDVideoSoft Limited.	08.08.2011	329MB	
Free YouTube Download version 3.1.27.508	DVDVideoSoft Ltd.	03.06.2012	82,1MB	3.1.27.508
Free YouTube to MP3 Converter version 3.11.24.608	DVDVideoSoft Ltd.	16.06.2012	90,1MB	3.11.24.608
Google Earth Plug-in	Google	16.11.2011	40,8MB	6.1.0.5001
Hauppauge TV Tuner Diagnostics (1.2.7076)	Hauppauge Computer Works, Inc.	14.03.2012		1.2.7076
iCloud	Apple Inc.	15.03.2012	33,2MB	1.1.0.40
IDT Audio	IDT	14.03.2012		1.0.6289.0
Image Resizer Powertoy Clone for Windows (64 bit)	Brice Lambson	31.07.2011	303KB	2.1.1
Intel(R) Control Center	Intel Corporation			1.2.1.1007
Intel(R) Management Engine Components	Intel Corporation			6.0.0.1179
Intel(R) PROSet/Wireless WiFi-Software	Intel Corporation	14.03.2012	138MB	13.02.0000
Intel(R) Rapid Storage Technology	Intel Corporation			9.6.4.1002
iTunes	Apple Inc.	23.06.2012	182MB	10.6.3.25
Java(TM) 6 Update 31	Oracle	04.03.2012	95,1MB	6.0.310
Java(TM) 7 Update 1 (64-bit)	Oracle	22.11.2011	93,3MB	7.0.10
Live! Cam Avatar	Creative Technology Ltd.	14.03.2012		1.0
Live! Cam Avatar Creator	Creative Technology Ltd.	14.03.2012		4.6.0817.1
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	07.07.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	15.07.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	24.01.2012	2,93MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	24.01.2012	51,9MB	4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	24.01.2012	10,6MB	4.0.30319
Microsoft Office Outlook Connector	Microsoft Corporation	24.01.2012	3,38MB	14.0.6106.5001
Microsoft Office Professional Plus 2010	Microsoft Corporation	25.01.2012		14.0.6029.1000
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit	Microsoft Corporation	21.06.2012	1,38MB	14.0.5120.5000
Microsoft Silverlight	Microsoft Corporation	09.05.2012	100MB	4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	11.07.2011	1,69MB	3.1.0000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	25.09.2011	2,69MB	8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	15.03.2012	572KB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	14.03.2012	252KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	11.07.2011	784KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	12.07.2011	788KB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	19.09.2011	1,42MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	11.07.2011	596KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	12.07.2011	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	17.02.2012	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	01.11.2011	12,2MB	10.0.40219
Modem Diagnostic Tool	Dell	14.03.2012	1,22MB	1.0.28.0
No23 Recorder	No23	13.03.2012	3,18MB	2.1.0.3
OpenOffice.org 3.3	OpenOffice.org	11.07.2011	414MB	3.3.9567
pdfsam		05.05.2012		2.2.1
PS3 Media Server	PS3 Media Server	19.09.2011	142MB	1.40.0
Quickset64	Dell Inc.	27.09.2011	5,70MB	10.5.0
QuickTime	Apple Inc.	15.03.2012	73,2MB	7.71.80.42
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	14.03.2012		6.1.7600.30127
Roxio Burn	Roxio	14.03.2012	36,1MB	1.01
simfy	simfy GmbH	13.03.2012		1.6.5
Skype™ 5.10	Skype Technologies S.A.	03.07.2012	19,4MB	5.10.114
SP-Downloader		19.09.2011		
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe	Synaptics Inc.	14.07.2011	14,0MB	1.6.5.17120
Synaptics Pointing Device Driver	Synaptics Incorporated	14.07.2011	46,4MB	15.2.20.0
Veoh Web Player	Veoh Networks, Inc.	25.11.2011		1.1.2.0000
VirtualDJ Home FREE	Atomix Productions	28.12.2011	48,3MB	7.0.5
VLC media player 1.1.10	VideoLAN	11.07.2011		1.1.10
WIDCOMM Bluetooth Software	Broadcom Corporation	14.03.2012	144MB	6.2.1.1100
Winamp	Nullsoft, Inc	11.07.2011		5.62 
Winamp Erkennungs-Plug-in	Nullsoft, Inc	11.07.2011	63,0KB	1.0.0.1
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501)	Broadcom Corporation	14.03.2012		03/24/2010 6.3.0.2501
Windows Live Essentials	Microsoft Corporation	21.06.2012		15.4.3555.0308
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	11.07.2011	5,57MB	15.4.5722.2
WinRAR 4.01 (32-Bit)	win.rar GmbH	25.09.2011		4.01.0
Wunderlist	None provided	26.01.2012	42,3MB	1.2.4
         

Alt 11.07.2012, 18:25   #2
t'john
/// Helfer-Team
 
2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) - Standard

2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:
ATTFilter
:OTL
MOD - C:\Windows\SysWOW64\SynTPEnhPS.dll () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {9BBC9A74-B28E-4005-B3AF-F2D477619A8C} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{9BBC9A74-B28E-4005-B3AF-F2D477619A8C}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () 
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{b0476f03-5868-11e1-a422-f04da29b1743}\Shell - "" = AutoRun 
O33 - MountPoints2\{b0476f03-5868-11e1-a422-f04da29b1743}\Shell\AutoRun\command - "" = E:\setup.exe 
[2012.07.07 15:38:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{16823E8C-A078-4C66-8943-AD21FB8449C7} 
[2012.07.07 15:38:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C989013F-95AA-4EFA-8AE1-EDAA5ACD851B} 
[2012.07.07 15:38:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.07 15:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.07 15:37:53 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.07 15:31:28 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad 
[2012.07.06 19:33:25 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad 
 
:Files
E:\setup.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\go_0molg.pad
 
:Commands
ipconfig /flushdns /c
[emptytemp]
[emptyflash]
[resethosts]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 13.07.2012, 18:05   #3
dk-jule
 
2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) - Standard

2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)



hey, danke für deine Mühe. Anbei das Logfile.

Beste Grüße,
Jule


Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BBC9A74-B28E-4005-B3AF-F2D477619A8C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BBC9A74-B28E-4005-B3AF-F2D477619A8C}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
File C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Desktop Disc Tool deleted successfully.
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe moved successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0476f03-5868-11e1-a422-f04da29b1743}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0476f03-5868-11e1-a422-f04da29b1743}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0476f03-5868-11e1-a422-f04da29b1743}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0476f03-5868-11e1-a422-f04da29b1743}\ not found.
File E:\setup.exe not found.
C:\Users\User\AppData\Local\{16823E8C-A078-4C66-8943-AD21FB8449C7} folder moved successfully.
C:\Users\User\AppData\Local\{C989013F-95AA-4EFA-8AE1-EDAA5ACD851B} folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\ProgramData\go_0molg.pad moved successfully.
File C:\ProgramData\go_0molg.pad not found.
========== FILES ==========
File\Folder E:\setup.exe not found.
File\Folder C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File\Folder C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File\Folder C:\ProgramData\go_0molg.pad not found.
========== COMMANDS ==========
Error: Unable to interpret <ipconfig /flushdns /c> in the current context!
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: User
->Temp folder emptied: 895840049 bytes
->Temporary Internet Files folder emptied: 942355701 bytes
->Java cache emptied: 759202 bytes
->Flash cache emptied: 264513 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 379056799 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 639 bytes
RecycleBin emptied: 253345737 bytes
 
Total Files Cleaned = 2.357,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: User
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 07132012_185128

Files\Folders moved on Reboot...
File\Folder C:\Users\User\AppData\Local\Temp\OICE_B307F93D-8F6F-4ABA-BE65-6ED4787F44C5.0\C4936DB6. not found!
File\Folder C:\Users\User\AppData\Local\Temp\OICE_6C5B9F5A-97A6-48B2-ABED-F00B61493B82.0\B76659A5. not found!
File\Folder C:\Users\User\AppData\Local\Temp\OICE_5C7C0E55-A485-4A08-A0EE-E49E327BEC0B.0\E6362D4F. not found!
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
__________________

Alt 13.07.2012, 19:39   #4
t'john
/// Helfer-Team
 
2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) - Standard

2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)



Sehr gut!

Wie laeuft der Rechner?


1. Schritt

Neue Version! Bitte neu runterladen!
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 13.07.2012, 23:19   #5
dk-jule
 
2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) - Standard

2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)



hey,

scheint gut zu laufen.
wozu dient dieser adwcleaner?

hier die Logdatei:
Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/14/2012 at 00:16:56
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - SLOWY-LAPTOP
# Running from : C:\Users\User\Desktop\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\WiseConvert
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\WiseConvert
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\S
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [6868 octets] - [14/07/2012 00:16:56]

########## EOF - C:\AdwCleaner[R1].txt - [6996 octets] ##########
         


Alt 14.07.2012, 09:41   #6
t'john
/// Helfer-Team
 
2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) - Standard

2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)



Wo ist das Malwarebytes Log? http://www.trojaner-board.de/118792-...tml#post864102


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
--> 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)

Alt 14.07.2012, 18:05   #7
dk-jule
 
2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) - Standard

2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)



sorry, das hatte ich verpeilt mit anzuhängen.

nach dem Neustart durch adwcleaner kam ein pop up von Windows mit der Anfrage, ob ich Daemon Tools Lite Helper erlauben möchte Einstellungen am Computer zu verändern. Was hat dieses Programm auf sich? Hab "nein" angeklickt.


here we go Malware Bytes Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.13.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: SLOWY-LAPTOP [Administrator]

Schutz: Deaktiviert

13.07.2012 22:44:01
mbam-log-2012-07-13 (22-44-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 391093
Laufzeit: 59 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
adwcleaner Log nach "Delete":
Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/14/2012 at 19:06:38
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - SLOWY-LAPTOP
# Running from : C:\Users\User\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\WiseConvert
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\WiseConvert
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [6939 octets] - [14/07/2012 00:16:56]
AdwCleaner[S1].txt - [5032 octets] - [14/07/2012 19:06:38]

########## EOF - C:\AdwCleaner[S1].txt - [5160 octets] ##########
         

Geändert von dk-jule (14.07.2012 um 18:16 Uhr) Grund: neues Log File

Alt 14.07.2012, 19:36   #8
t'john
/// Helfer-Team
 
2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) - Standard

2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)



Sehr gut!

Dann bist Du sauber und entlassen


Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 15.07.2012, 16:15   #9
dk-jule
 
2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) - Standard

2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)



herzlichen Dank t'john für die kompetente Hilfe!

Beste Grüße,
Jule

Antwort

Themen zu 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)
avira, bho, browser, cftmon.lnk, converter, diagnostics, document, firefox, flash player, google earth, go_0molg.pad, gvu trojaner, gvu trojaner entfernen, gvu trojaner mit webcam, heuristiks/extra, heuristiks/shuriken, home, iexplore.exe, install.exe, ip-hilfsdienst, langs, logfile, microsoft office word, mp3, realtek, registry, searchscopes, security, software, svchost.exe, system, trojaner, usb 2.0, webcam gvu trojaner, webcamfenster, wpbt0.dll



Ähnliche Themen: 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)


  1. BDS/ZeroAccess - Trojaner gelöscht, nicht sicher ob System jetzt sauber ist
    Plagegeister aller Art und deren Bekämpfung - 31.03.2013 (4)
  2. ist GVU-Trojaner Infektion übertragbar? - kann ich dvon ausgehen, daß mein System jetzt sauber ist?
    Log-Analyse und Auswertung - 14.03.2013 (7)
  3. Groupon Trojaner mit Antivir gefunden. Ist mein Rechner jetzt wirklich sauber?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (9)
  4. Entfernung GVU Trojaner- Rechner nicht sauber nach DE Cleaner
    Plagegeister aller Art und deren Bekämpfung - 01.12.2012 (19)
  5. OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe
    Log-Analyse und Auswertung - 13.08.2012 (18)
  6. GVU Trojaner entfernt, System jetzt sauber?
    Log-Analyse und Auswertung - 07.08.2012 (32)
  7. System nicht sauber nach XP Security 2012 Entfernung
    Log-Analyse und Auswertung - 06.02.2012 (20)
  8. Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?
    Log-Analyse und Auswertung - 01.02.2012 (26)
  9. Malware gefunden mit Avast und Spybot SD. Ist mein Rechner jetzt sauber? inkl. logfiles
    Plagegeister aller Art und deren Bekämpfung - 05.09.2011 (37)
  10. Trojaner urlzone - System nach Neuaufsetzen jetzt sauber/sicher?
    Log-Analyse und Auswertung - 12.06.2011 (10)
  11. Conhost-Trojaner: Ist mein System jetzt sauber???
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (2)
  12. Trojaner eingefangen, weiß nicht ob System jetzt sauber...
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (23)
  13. Trojaner gehabt - System jetzt sauber? IE öffnet sich selbständig...
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (24)
  14. Rechner war mit dem Trojaner Antivirus Soft verseucht. Ist er jetzt wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2010 (11)
  15. 16 Trojaner entfernt, System jetzt sauber?
    Log-Analyse und Auswertung - 11.03.2010 (15)
  16. Mehrere Trojaner gefunden, System bereinigt, ist es jetzt sauber?
    Log-Analyse und Auswertung - 12.01.2010 (16)
  17. viren und trojaner? system jetzt sauber?
    Log-Analyse und Auswertung - 31.10.2008 (0)

Zum Thema 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) - Hey, hier ein zweites Thema, da auch der Rechner meines Freundes mit dem GVU Trojaner befallen war. Es ist die Webcam Version des Trojaners (d.h. auf dem GVU Screen ershceint - 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)...
Archiv
Du betrachtest: 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.