Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner; weitere Schritte nach Systemwiederherstellung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.06.2013, 13:51   #1
Devet
 
GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



Mahlzeit Forum,

Ich habe ein Netbook hier, welches mit dem GVU Trojaner verseucht ist.
Systemwiederherstellung ist bereits durchgeführt.

Nach eurer Anleitung wurde "defogger" ausgeführt.
Im Anschluss OTL durchlaufen lassen.

Code:
ATTFilter
OTL logfile created on: 6/19/2013 1:22:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MacDevet\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013.30 Mb Total Physical Memory | 187.28 Mb Available Physical Memory | 18.48% Memory free
1.99 Gb Paging File | 1.16 Gb Available in Paging File | 58.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 112.00 Gb Total Space | 27.88 Gb Free Space | 24.89% Space Free | Partition Type: NTFS
Drive D: | 165.99 Gb Total Space | 19.39 Gb Free Space | 11.68% Space Free | Partition Type: NTFS
 
Computer Name: MACDEVET-PC | User Name: MacDevet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/19 13:12:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MacDevet\Desktop\OTL.exe
PRC - [2013/05/28 14:41:16 | 002,839,592 | ---- | M] (Iminent) -- C:\Program Files\Common Files\Umbrella\umbrella.exe
PRC - [2013/01/08 11:27:24 | 000,026,600 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 11:56:40 | 000,197,152 | ---- | M] (PC Utilities Pro) -- C:\Program Files\Optimizer Pro\OptProSmartScan.exe
PRC - [2012/10/17 05:02:20 | 000,790,120 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
PRC - [2012/10/04 16:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/09/06 14:22:40 | 000,016,896 | ---- | M] (Hercules®) -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
PRC - [2012/08/08 22:57:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/09 19:13:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/11/15 01:49:06 | 000,032,768 | ---- | M] (STRATO) -- C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
PRC - [2011/03/09 13:08:44 | 003,857,408 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/07 11:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/12/23 03:30:20 | 000,608,648 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe
PRC - [2010/11/13 00:24:08 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2010/11/13 00:24:06 | 001,812,264 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/09/30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010/09/30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe
PRC - [2010/07/21 13:55:02 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/07/21 13:55:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/06/03 04:42:28 | 002,203,136 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SFB\SmartRestarter.exe
PRC - [2010/04/20 07:31:56 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe
MOD - [2010/04/20 07:31:56 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
MOD - [2010/02/03 07:19:20 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/06/03 17:27:32 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/28 14:41:16 | 002,839,592 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/09/06 14:22:40 | 000,016,896 | ---- | M] (Hercules®) [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/09 19:13:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 19:12:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/11/15 01:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service)
SRV - [2011/03/09 13:08:44 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010/09/30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/07/21 13:55:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/30 14:49:38 | 000,259,440 | ---- | M] (© Guillemot R&D, 2012. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV - [2012/10/30 14:49:36 | 000,200,560 | ---- | M] (© Guillemot R&D, 2012. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2012/10/30 14:49:34 | 000,237,936 | ---- | M] (© Guillemot R&D, 2012. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2012/05/09 19:13:07 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/09 19:13:07 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/10 09:38:08 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2011/01/08 01:22:22 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/08/30 16:45:48 | 000,315,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/10/29 20:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mixidj.claro-search.com/?affID=121139&babsrc=HP_ss&mntrId=28337f2b00000000000000ff12bd7de4
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://mixidj.claro-search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=28337f2b00000000000000ff12bd7de4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com [2013/04/26 19:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/04/11 11:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011/11/26 14:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MacDevet\AppData\Roaming\mozilla\Extensions
[2013/06/07 08:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MacDevet\AppData\Roaming\mozilla\Firefox\Profiles\xsa74xhd.default\extensions
[2013/04/26 19:08:11 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\MacDevet\AppData\Roaming\mozilla\Firefox\Profiles\xsa74xhd.default\extensions\ffxtlbr@delta.com
[2013/06/07 08:42:18 | 000,281,668 | ---- | M] () (No name found) -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/12/13 21:18:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/05/02 11:46:09 | 000,006,495 | ---- | M] () -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\searchplugins\babylon.xml
[2013/04/26 19:14:23 | 000,006,492 | ---- | M] () -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\searchplugins\BrowserProtect.xml
[2013/04/26 19:08:19 | 000,001,294 | ---- | M] () -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\searchplugins\delta.xml
[2013/06/03 17:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013/01/19 21:13:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/03 17:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013/06/03 17:27:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/01 17:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\updated\extensions
[2013/06/01 17:24:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/01 17:24:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/26 19:14:23 | 000,006,492 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKCU..\Run: [HP Deskjet 3520 series (NET)] C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MacDevet\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20678603-6457-40C7-9EDB-C474291B171F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F89CDBA6-69D6-4EAF-ABF5-58236C4D87E5}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/19 13:12:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MacDevet\Desktop\OTL.exe
[2013/06/19 12:47:19 | 000,000,000 | ---D | C] -- C:\Users\MacDevet\AppData\Roaming\Malwarebytes
[2013/06/19 12:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/19 12:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/19 12:46:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/06/19 12:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/19 12:46:22 | 000,000,000 | ---D | C] -- C:\Users\MacDevet\AppData\Local\Programs
[2013/05/30 11:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorationen
[2013/05/30 11:51:13 | 000,000,000 | ---D | C] -- C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Explorationen
[2013/05/30 11:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Explorationen
[2013/05/30 11:38:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2013/05/30 11:34:57 | 000,000,000 | ---D | C] -- C:\Users\MacDevet\Zero G Registry
[2007/08/13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\MacDevet\AppData\Local\CDRip.dll
[2007/01/18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\MacDevet\AppData\Local\No23 Recorder.exe
[2006/12/11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\MacDevet\AppData\Local\basscd.dll
[2006/12/11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\MacDevet\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/19 13:26:16 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/19 13:26:16 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/19 13:21:13 | 000,000,252 | ---- | M] () -- C:\windows\tasks\SpeedUpMyPC.job
[2013/06/19 13:19:35 | 000,001,938 | ---- | M] () -- C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
[2013/06/19 13:18:42 | 000,000,330 | ---- | M] () -- C:\windows\tasks\spmonitor.job
[2013/06/19 13:18:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/19 13:18:00 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/19 13:12:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MacDevet\Desktop\OTL.exe
[2013/06/19 13:10:40 | 000,000,000 | ---- | M] () -- C:\Users\MacDevet\defogger_reenable
[2013/06/19 13:08:49 | 000,050,477 | ---- | M] () -- C:\Users\MacDevet\Desktop\Defogger.exe
[2013/06/19 12:46:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/06/18 17:51:57 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2013/06/07 08:29:29 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/06/07 08:29:29 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/06/07 08:29:29 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/06/07 08:29:29 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/05/30 12:12:15 | 000,287,832 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/05/30 11:35:33 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2013/05/30 11:34:56 | 000,000,016 | ---- | M] () -- C:\Users\MacDevet\persistent_state
 
========== Files Created - No Company Name ==========
 
[2013/06/19 13:10:40 | 000,000,000 | ---- | C] () -- C:\Users\MacDevet\defogger_reenable
[2013/06/19 13:08:36 | 000,050,477 | ---- | C] () -- C:\Users\MacDevet\Desktop\Defogger.exe
[2013/06/19 12:46:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/06/18 17:51:57 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2013/05/30 11:35:33 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2013/05/30 11:34:56 | 000,000,016 | ---- | C] () -- C:\Users\MacDevet\persistent_state
[2013/04/27 12:58:52 | 000,114,176 | ---- | C] () -- C:\Users\MacDevet\AppData\Roaming\BabMaint.exe
[2012/12/08 18:57:41 | 000,001,428 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\RecConfig.xml
[2012/12/08 18:46:26 | 000,221,184 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2012/11/26 15:27:31 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/07/10 19:20:20 | 000,004,020 | ---- | C] () -- C:\Users\MacDevet\.ganttproject
[2012/04/09 16:45:55 | 000,002,067 | ---- | C] () -- C:\Users\MacDevet\.recently-used.xbel
[2012/02/25 19:24:33 | 000,003,584 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/05 20:25:40 | 000,001,407 | ---- | C] () -- C:\windows\SiInst.ini
[2011/11/28 22:43:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/11/26 13:26:50 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/07/25 22:45:46 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2011/07/25 22:45:46 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2011/07/25 22:45:46 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2011/07/25 22:45:46 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2011/07/25 12:45:37 | 000,000,888 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/07/25 12:26:37 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2007/08/13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\lame_enc.dll
[2006/10/26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\vorbisenc.dll
[2006/10/26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\vorbisfile.dll
[2006/10/26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\vorbis.dll
[2006/10/26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\ogg.dll
[2005/08/23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/12/28 20:05:30 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Audacity
[2013/06/09 10:09:26 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\BabSolution
[2013/02/08 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Babylon
[2012/09/05 17:57:34 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\DVDVideoSoft
[2012/01/02 03:09:51 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/04/09 16:45:56 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\gtk-2.0
[2013/04/26 19:11:53 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Iminent
[2012/04/16 20:39:21 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\MFSM-Tasks
[2011/12/19 19:57:07 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\OpenOffice.org
[2013/04/26 19:09:17 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Optimizer Pro
[2012/04/10 09:59:25 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\PhotoScape
[2011/11/27 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\RGE
[2012/07/12 20:30:28 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\STRATO
[2011/11/27 03:42:59 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Thunderbird
[2012/04/30 18:18:14 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Tific
[2012/04/27 19:19:22 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\TS3Client
[2013/04/26 19:14:47 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Uniblue
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:5C270C64

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 6/19/2013 1:22:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MacDevet\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013.30 Mb Total Physical Memory | 187.28 Mb Available Physical Memory | 18.48% Memory free
1.99 Gb Paging File | 1.16 Gb Available in Paging File | 58.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 112.00 Gb Total Space | 27.88 Gb Free Space | 24.89% Space Free | Partition Type: NTFS
Drive D: | 165.99 Gb Total Space | 19.39 Gb Free Space | 11.68% Space Free | Partition Type: NTFS
 
Computer Name: MACDEVET-PC | User Name: MacDevet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8BCE85E8-501D-4854-B33C-E76538DC888A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{983350F9-0F34-4399-AD7C-4B50A0ADAA20}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3917C760-A0E6-44DD-A3DA-F101DD52CF29}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe | 
"{42FEF731-9F49-4847-8D4E-AE9977B2EB2C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{563B790D-CD68-46FA-BD56-F1D82007714B}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe | 
"{84C9DA1D-F3C4-49CB-A366-616A9CF1584C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{84E72674-71BE-42CB-A980-0396DD5AF02D}" = dir=in | app=c:\program files\iminent\iminent.exe | 
"{8548F04D-727E-461B-B62A-53C9801F6369}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe | 
"{A1579116-0B13-4943-BA0C-9BD7983F423C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{A6CF250D-1978-4DA7-AD79-1CC0A00CCFE2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AF31531C-C2EB-4F7C-8282-6D503494F5E0}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{C50B0A73-B725-40E6-8438-FCF062C349CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DF082CED-199A-4D91-A0D9-D27CD2115193}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E70D5B8D-75E8-4587-A6B9-32DA83089A48}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe | 
"{F7894551-63D7-4A5E-9845-77DD0051473B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02E1EAF5-F1B6-41EC-B500-E6BC728A5E20}" = Windows Live Remote Service Resources
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{065241D0-A178-4F24-8A09-691761A8957B}" = Windows Live Remote Service Resources
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{071A7A87-F72C-4239-BAF8-92FF44EB82AF}" = Windows Live Remote Client Resources
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0891B708-EF3F-4D7E-9724-265245F46276}" = Windows Live Remote Service Resources
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A1651F1-7E0F-4613-93FE-967F5BC3C1B7}" = Windows Live Remote Service Resources
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{143DB9C9-3F0D-4DC7-A57B-A7E4F26FA12E}" = Windows Live Remote Client Resources
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18088C5C-323A-4E56-AA4A-6D3F2EE34102}" = Windows Live Remote Client Resources
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources
"{208762DE-34A1-44B1-B597-509C8D05D39E}" = Windows Live Remote Client Resources
"{20C21396-4F89-4044-806B-326C993A3996}" = Windows Live Remote Service Resources
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{244C5A67-39DC-4C6C-BF1B-BCC9D342A4C4}" = Windows Live Remote Client Resources
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2852BC06-B850-4518-97E6-CD136FE75683}" = Windows Live Remote Client Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B3EA5DA-D040-48FB-813F-1CF8C0123698}" = Windows Live Remote Client Resources
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{30E82CD5-6E97-4381-86EB-548202A6D5B7}" = Windows Live Remote Client Resources
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{354FF1E9-5D3F-4D91-A433-7626AC6B55EA}" = Windows Live Remote Service Resources
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BC3B1A5-30E3-4DDB-BE08-E7262B838B5F}" = Windows Live Remote Client Resources
"{3BFB2388-64EE-4AAA-9235-5FE725FED6DE}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{41B07C21-145D-496F-B029-0899514099C7}" = Windows Live Remote Service Resources
"{41B72CAF-036B-4E0A-8D22-F5DF7C970434}" = Windows Live Remote Client Resources
"{41E4FA4B-9376-4C32-AA46-65FCC0087CD5}" = Windows Live Remote Service Resources
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{448702D4-83DD-4EFC-B09B-94AD6CA0D978}" = Windows Live Remote Service Resources
"{454F5782-A4C3-480E-A629-D435795DEFD8}" = Windows Live Remote Client Resources
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F2F5589-0217-43A6-91E9-B0F172D32CC9}_is1" = MF Shutdown Manager 2.1.0
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{5008BC55-FD3D-4A32-A1B7-610E18F4D220}" = Windows Live Remote Service Resources
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5C8BC258-A629-4DF2-97D0-E106C2A9B1BD}" = Windows Live Remote Client Resources
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{61A5DE19-BE38-45AF-A9BC-73E49703315E}" = Windows Live Remote Service Resources
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6255D9FC-427F-4867-84DB-164DBEA0661F}" = Windows Live Remote Client Resources
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{66B0B400-22AB-47E6-8673-38A5D37F6331}" = Windows Live Remote Client Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6B953497-169C-4929-9AA9-A9F510347468}" = HP Deskjet 3520 series Hilfe
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7234BD6D-5394-4572-A87D-0279C5ED535D}" = Windows Live Remote Client Resources
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{7612E28A-C4DB-4259-AA91-CB02B1BCF623}" = Windows Live Remote Service Resources
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{7846B719-862C-468A-9FD0-4769D2590535}" = Windows Live Remote Client Resources
"{787EAD29-5498-4BDB-BDF4-670A86F28DFB}" = VirtualDJ LE (DJ4Set)
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A143876-9658-4A58-82E7-B5F02D942957}" = Windows Live Remote Client Resources
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F1E694F-1880-4D5F-BD27-A0D0A5379864}" = Iminent
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82EE333F-45A9-4585-A5D9-31FE16B7FB25}" = Windows Live Remote Service Resources
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{84D3CB13-C7EE-4A29-817E-D82697320BF5}" = Windows Live Remote Client Resources
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CB7DE-8087-48A0-8280-1658F423AAEF}" = Windows Live Remote Service Resources
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C6647F-AFE0-4CC2-8809-28A0B320D11B}" = Windows Live Remote Service Resources
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97124033-1253-4474-8B25-1AB314A920E6}" = Windows Live Remote Service Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9F9D4CE4-E4B9-4745-98C9-5A934DD0CE8C}" = HP Deskjet 3520 series - Grundlegende Software für das Gerät
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A4C16B19-10AA-4990-AA87-D14F653E3345}" = Windows Live Remote Client Resources
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8DDD59F-1413-40BD-B61C-77A0BDB2B22B}" = Easy Resolution Manager
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{A9ABC0A6-DC01-4102-BEC9-86974A73B214}" = Windows Live Remote Client Resources
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC259A12-6CD9-486D-A97A-B619EB46225A}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B512307E-543D-457E-B759-75E0D5B0BCDF}" = Windows Live Remote Client Resources
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F55C3E-30EE-4D25-8BAD-CEE4BF8C78EB}" = Windows Live Remote Client Resources
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BA8D4CEF-D23D-44AB-8A89-66E602253791}" = Windows Live Remote Service Resources
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources
"{C411942C-C26B-4450-8B9A-173DCC22AEC6}" = Windows Live Remote Service Resources
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4E7704D-5AFB-44CA-B8BA-F16C8FA46D5F}" = Windows Live Remote Service Resources
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD6CB7F1-1B8E-424A-9B81-F8D2F03958EC}" = Windows Live Remote Client Resources
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D378BEA1-912E-4827-B9DB-D3B2C3D0BD4A}" = Windows Live Remote Service Resources
"{D3CAE2CA-BE71-4CA4-9EB9-46E1C82E778B}" = Windows Live Remote Service Resources
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEDF8BAB-98D7-4CFA-9C42-27431EC4BD1F}" = Windows Live Remote Service Resources
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E1629C45-9CEF-498E-83CD-D6A09CADA176}" = Windows Live Remote Client Resources
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = SpeedUpMyPC
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E6617B44-D556-49AC-B2A3-01451E115043}" = Windows Live Remote Service Resources
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E7FB0043-24A5-4B30-AED6-01B47B44CB67}" = Windows Live Remote Client Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA76E65F-6679-495A-A8A6-42AD6602ED4C}" = EasyFileShare
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EAEA7ED1-22F0-4C1E-B001-E56F10E1A100}" = Windows Live Remote Client Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F81DB83D-A016-45A6-A6A0-135B1E6939EF}" = Windows Live Remote Service Resources
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced MP3/WMA Recorder" = Advanced MP3/WMA Recorder
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Deflectex" = Deflectex
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Elantech" = ETDWare PS/2-X86 8.0.7.2_WHQL
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903
"GanttProject" = GanttProject
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"IMBoosterARP" = Iminent
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mixidj" = MixiDJ Toolbar 
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Optimizer Pro_is1" = Optimizer Pro v3.0
"PhotoScape" = PhotoScape
"StarterBackgroundChanger" = StarterBackgroundChanger
"STRATO HiDrive" = STRATO HiDrive (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.2
"WAV To MP3_is1" = WAV To MP3 V2
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite" = Windows Live 程式集
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/30/2012 12:00:25 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HP\HP
 Deskjet 3520 series\DriverStore\Pipeline\amd64\hpinkinsB011.exe".  Die abhängige 
Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/30/2012 12:02:04 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/30/2012 12:07:05 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy
 display manager\RunGfxUI64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/30/2012 12:07:44 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/30/2012 12:07:46 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/31/2012 10:00:01 AM | Computer Name = MacDevet-PC | Source = Application Hang | ID = 1002
Description = Programm McUICnt.exe, Version 2.15.101.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 174c    Startzeit:
 01cde699e3679f73    Endzeit: 360    Anwendungspfad: C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe

Berichts-ID:
 50166dec-5352-11e2-b142-e81132d25d27  
 
Error - 12/31/2012 10:17:00 AM | Computer Name = MacDevet-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 12/31/2012 1:01:03 PM | Computer Name = MacDevet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/31/2012 1:01:03 PM | Computer Name = MacDevet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13369
 
Error - 12/31/2012 1:01:03 PM | Computer Name = MacDevet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13369
 
[ System Events ]
Error - 12/15/2012 9:23:40 AM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 12/15/2012 11:37:58 AM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 12/15/2012 3:01:27 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NIHardwareService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 12/19/2012 2:08:11 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 12/22/2012 7:10:19 AM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 12/25/2012 3:17:08 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 12/25/2012 3:17:44 PM | Computer Name = MacDevet-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 12/25/2012 3:35:49 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 12/25/2012 3:37:30 PM | Computer Name = MacDevet-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 12/25/2012 3:39:51 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         
GMER wurde danach ebenfalls durchgeführt.

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-19 14:39:06
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.2AJ1 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\MacDevet\AppData\Local\Temp\uxdoqkob.sys


---- System - GMER 2.1 ----

SSDT   8B48881E                                                                                         ZwCreateSection
SSDT   8B488828                                                                                         ZwRequestWaitReplyPort
SSDT   8B488823                                                                                         ZwSetContextThread
SSDT   8B48882D                                                                                         ZwSetSecurityObject
SSDT   8B488832                                                                                         ZwSystemDebugControl
SSDT   8B4887BF                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         81E829F5 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           81EBC1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              81EC353C 4 Bytes  [1E, 88, 48, 8B] {PUSH DS; MOV [EAX-0x75], CL}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              81EC3898 4 Bytes  [28, 88, 48, 8B]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              81EC38DC 4 Bytes  [23, 88, 48, 8B]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                              81EC3958 4 Bytes  [2D, 88, 48, 8B]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                              81EC39AC 4 Bytes  [32, 88, 48, 8B]
.text  ...                                                                                              
?      System32\drivers\emyusyq.sys                                                                     Das System kann den angegebenen Pfad nicht finden. !

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313ba9225                      
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4de9d8801                      
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313ba9225 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4de9d8801 (not active ControlSet)  

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
         
Welche Schritte sind weiter erforderlich?

Danke im Voraus.
Devet

Alt 19.06.2013, 13:53   #2
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 19.06.2013, 14:11   #3
Devet
 
GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



Danke für die superschnelle Reaktion.

Hier sind die files.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by MacDevet (administrator) on 19-06-2013 15:06:27
Running from C:\Users\MacDevet\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Iminent) C:\Program Files\Common Files\Umbrella\umbrella.exe
(STRATO) C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(Uniblue Systems Ltd) C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\windows\system32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxtray.exe
(Intel Corporation) C:\windows\system32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
() C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10119784 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [1812264 2010-11-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UIExec] "C:\Program Files\1&1 Surf-Stick\UIExec.exe" [139088 2010-09-30] ()
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: []  [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot [2701720 2012-11-26] (Hercules®)
HKLM\...\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [1074736 2013-04-25] (Iminent)
HKLM\...\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe [884784 2013-04-25] (Iminent)
HKCU\...\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN26F1G47005SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1 [1837672 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mixidj.claro-search.com/?affID=121139&babsrc=HP_ss&mntrId=28337f2b00000000000000ff12bd7de4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://mixidj.claro-search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=28337f2b00000000000000ff12bd7de4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://mixidj.claro-search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=28337f2b00000000000000ff12bd7de4
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: mixidj Helper Object - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM - MixiDJ Toolbar - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Delta Toolbar - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\ffxtlbr@delta.com
FF Extension: No Name - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE [16896 2012-09-06] (Hercules®)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-03-09] (Native Instruments GmbH)
R2 SProtection; C:\Program Files\Common Files\Umbrella\umbrella.exe [2839592 2013-05-28] (Iminent)
R2 STRATO HiDrive Service; C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-09] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-19] (Avira GmbH)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [200560 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [116008 2010-11-13] (ELAN Microelectronics Corp.)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [259440 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [237936 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-10-10] (Windows (R) 2003 DDK 3790 provider)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2010-10-07] (SAMSUNG ELECTRONICS)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2011-01-08] (The OpenVPN Project)
U3 uxdoqkob; \??\C:\Users\MacDevet\AppData\Local\Temp\uxdoqkob.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-19 15:06 - 2013-06-19 15:06 - 00000000 ____D C:\FRST
2013-06-19 15:05 - 2013-06-19 15:05 - 01367073 ____A (Farbar) C:\Users\MacDevet\Desktop\FRST.exe
2013-06-19 14:39 - 2013-06-19 14:39 - 00003128 ____A C:\Users\MacDevet\Desktop\GMER.log
2013-06-19 14:38 - 2013-06-19 14:38 - 00003128 ____A C:\Users\MacDevet\Documents\GMER.log
2013-06-19 13:41 - 2013-06-19 13:42 - 00095408 ____A C:\Users\MacDevet\Desktop\Extras.Txt
2013-06-19 13:37 - 2013-06-19 13:41 - 00064502 ____A C:\Users\MacDevet\Desktop\OTL.Txt
2013-06-19 13:14 - 2013-06-19 13:14 - 00377856 ____A C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
2013-06-19 13:12 - 2013-06-19 13:12 - 00602112 ____A (OldTimer Tools) C:\Users\MacDevet\Desktop\OTL.exe
2013-06-19 13:10 - 2013-06-19 13:11 - 00000478 ____A C:\Users\MacDevet\Desktop\defogger_disable.log
2013-06-19 13:10 - 2013-06-19 13:10 - 00000000 ____A C:\Users\MacDevet\defogger_reenable
2013-06-19 13:08 - 2013-06-19 13:08 - 00050477 ____A C:\Users\MacDevet\Desktop\Defogger.exe
2013-06-19 12:47 - 2013-06-19 12:47 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 12:46 - 2013-06-19 12:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 12:46 - 2013-06-19 12:46 - 00001067 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 12:46 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-19 12:44 - 2013-06-19 12:48 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\MacDevet\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-18 17:51 - 2013-06-18 17:51 - 00003416 ____N C:\bootsqm.dat
2013-06-13 03:09 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 03:09 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 03:01 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:01 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:01 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:39 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 19:39 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 19:39 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 19:39 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 19:39 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 19:39 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 19:39 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 19:39 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 19:37 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-30 11:38 - 2013-05-30 12:02 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-05-30 11:35 - 2013-05-30 11:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-30 11:35 - 2013-05-30 11:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-30 11:35 - 2013-05-30 11:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-30 11:35 - 2013-05-30 11:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-30 11:35 - 2013-05-30 11:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-30 11:34 - 2013-05-30 11:34 - 00000016 ____A C:\Users\MacDevet\persistent_state
2013-05-30 11:34 - 2013-05-30 11:34 - 00000000 ____D C:\Users\MacDevet\Zero G Registry
2013-05-30 11:32 - 2013-05-30 11:34 - 10211989 ____A (Zero G Software, Inc.) C:\Users\MacDevet\Downloads\Deflectex.exe
2013-05-25 07:24 - 2013-05-25 07:24 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 07:12 - 2013-05-30 11:45 - 00015155 ____A C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders ========

2013-06-19 15:06 - 2013-06-19 15:06 - 00000000 ____D C:\FRST
2013-06-19 15:05 - 2013-06-19 15:05 - 01367073 ____A (Farbar) C:\Users\MacDevet\Desktop\FRST.exe
2013-06-19 14:39 - 2013-06-19 14:39 - 00003128 ____A C:\Users\MacDevet\Desktop\GMER.log
2013-06-19 14:38 - 2013-06-19 14:38 - 00003128 ____A C:\Users\MacDevet\Documents\GMER.log
2013-06-19 13:48 - 2012-06-24 18:28 - 00000000 ____D C:\Users\MacDevet\AppData\Local\CrashDumps
2013-06-19 13:42 - 2013-06-19 13:41 - 00095408 ____A C:\Users\MacDevet\Desktop\Extras.Txt
2013-06-19 13:41 - 2013-06-19 13:37 - 00064502 ____A C:\Users\MacDevet\Desktop\OTL.Txt
2013-06-19 13:26 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 13:26 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 13:22 - 2011-07-26 04:16 - 01832346 ____A C:\Windows\WindowsUpdate.log
2013-06-19 13:21 - 2013-04-26 19:15 - 00000252 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2013-06-19 13:18 - 2013-04-26 19:15 - 00000330 ____A C:\Windows\Tasks\spmonitor.job
2013-06-19 13:18 - 2010-11-20 23:48 - 00340496 ____A C:\Windows\PFRO.log
2013-06-19 13:18 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 13:18 - 2009-07-14 06:39 - 00073934 ____A C:\Windows\setupact.log
2013-06-19 13:17 - 2011-07-25 13:39 - 00000000 ____D C:\Windows\ru
2013-06-19 13:14 - 2013-06-19 13:14 - 00377856 ____A C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
2013-06-19 13:12 - 2013-06-19 13:12 - 00602112 ____A (OldTimer Tools) C:\Users\MacDevet\Desktop\OTL.exe
2013-06-19 13:11 - 2013-06-19 13:10 - 00000478 ____A C:\Users\MacDevet\Desktop\defogger_disable.log
2013-06-19 13:10 - 2013-06-19 13:10 - 00000000 ____A C:\Users\MacDevet\defogger_reenable
2013-06-19 13:10 - 2011-11-26 13:24 - 00000000 ____D C:\users\MacDevet
2013-06-19 13:08 - 2013-06-19 13:08 - 00050477 ____A C:\Users\MacDevet\Desktop\Defogger.exe
2013-06-19 12:48 - 2013-06-19 12:44 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\MacDevet\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-19 12:47 - 2013-06-19 12:47 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 12:47 - 2013-06-19 12:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 12:46 - 2013-06-19 12:46 - 00001067 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-18 18:12 - 2011-11-28 10:22 - 00000000 ____D C:\Program Files\1&1 Surf-Stick
2013-06-18 18:12 - 2011-07-25 12:41 - 00000000 ____D C:\ProgramData\WinClon
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-06-18 17:51 - 2013-06-18 17:51 - 00003416 ____N C:\bootsqm.dat
2013-06-13 03:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 03:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 03:02 - 2011-11-28 22:41 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 14:05 - 2013-04-20 14:56 - 00000000 ____D C:\hbbk
2013-06-09 10:09 - 2013-04-26 19:08 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\BabSolution
2013-06-08 13:42 - 2013-06-13 03:09 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-13 03:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 08:29 - 2010-11-20 23:01 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-03 22:59 - 2012-05-24 22:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-03 17:27 - 2013-01-19 21:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-30 12:12 - 2009-07-14 06:33 - 00287832 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 12:11 - 2013-04-26 19:09 - 00000000 ____D C:\Program Files\Common Files\Umbrella
2013-05-30 12:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-05-30 12:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-05-30 12:02 - 2013-05-30 11:38 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-05-30 11:45 - 2013-05-25 07:12 - 00015155 ____A C:\Windows\IE10_main.log
2013-05-30 11:35 - 2013-05-30 11:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-30 11:35 - 2013-05-30 11:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-30 11:35 - 2013-05-30 11:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-30 11:35 - 2013-05-30 11:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-30 11:35 - 2013-05-30 11:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-30 11:34 - 2013-05-30 11:34 - 00000016 ____A C:\Users\MacDevet\persistent_state
2013-05-30 11:34 - 2013-05-30 11:34 - 00000000 ____D C:\Users\MacDevet\Zero G Registry
2013-05-30 11:34 - 2013-05-30 11:32 - 10211989 ____A (Zero G Software, Inc.) C:\Users\MacDevet\Downloads\Deflectex.exe
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-05-25 07:24 - 2013-05-25 07:24 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 00:04

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2013
Ran by MacDevet at 2013-06-19 15:08:31 Run:
Running from C:\Users\MacDevet\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

???? ??? Windows Live (Version: 15.4.3502.0922)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
„Windows Live Essentials“ (Version: 15.4.3502.0922)
„Windows Live Mail“ (Version: 15.4.3502.0922)
„Windows Live Messenger“ (Version: 15.4.3502.0922)
„Windows Live“ fotogalerija (Version: 15.4.3502.0922)
1&1 Surf-Stick (Version: 1.0.0.2)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader 9.5.4 - Deutsch (Version: 9.5.4)
Advanced MP3/WMA Recorder
Alice Greenfingers
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Client Installation Program (Version: 9.0)
Audacity 1.3.13 (Unicode)
Avira Free Antivirus (Version: 12.1.9.1236)
BatteryLifeExtender (Version: 1.0.11)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Network Adapter (Version: 5.60.48.55)
ChargeableUSB (Version: 1.0.0.0)
CyberLink YouCam (Version: 2.0.3911)
D3DX10 (Version: 15.4.2368.0902)
Deflectex (Version: 1.0.0.0)
Delta Chrome Toolbar
Delta toolbar   (Version: 1.8.16.16)
Easy Content Share (Version: 1.0)
Easy Display Manager (Version: 3.2)
Easy Network Manager (Version: 4.4.7)
Easy Resolution Manager (Version: 1.1.0)
Easy SpeedUp Manager (Version: 2.1.1.1)
EasyBatteryManager (Version: 4.0.0.4)
EasyFileShare (Version: 1.0.11)
ETDWare PS/2-X86 8.0.7.2_WHQL (Version: 8.0.7.2)
Fast Booting SW (Version: 1.8.0.0)
Fotogalerija Windows Live (Version: 15.4.3502.0922)
Free M4a to MP3 Converter 7.1
Free YouTube to MP3 Converter version 3.11.30.903 (Version: 3.11.30.903)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galerie foto Windows Live (Version: 15.4.3502.0922)
GanttProject
GIMP 2.6.12 (Version: 2.6.12)
Hercules DJ Products Series drivers (Version: 6.HDJS.2012)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Deskjet 3520 series Hilfe (Version: 27.0.0)
HP Deskjet 3520 series Setup Guide (Version: 27.0.0)
HP Photo Creations (Version: 1.0.0.7702)
HP Update (Version: 5.003.003.001)
HPDiagnosticAlert (Version: 1.00.0000)
Iminent (Version: 6.17.41.0)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2117)
Intel(R) Rapid Storage Technology (Version: 10.1.0.1008)
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Marvell Miniport Driver (Version: 11.29.1.3)
McAfee Security Scan Plus (Version: 3.0.318.3)
Mesh Runtime (Version: 15.4.5722.2)
MF Shutdown Manager 2.1.0 (Version: 2.1.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MixiDJ Toolbar  (Version: 1.8.4.1)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mozilla Thunderbird 11.0.1 (x86 de) (Version: 11.0.1)
MSVCRT (Version: 15.4.2862.0708)
Native Instruments Controller Editor
Native Instruments Controller Editor (Version: 1.3.4.630)
Native Instruments Service Center
Native Instruments Service Center (Version: 2.2.5.596)
Native Instruments Traktor 2
Native Instruments Traktor 2 (Version: 2.0.1.10169)
No23 Recorder (Version: 2.1.0.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
Optimizer Pro v3.0 (Version: 3.0)
PhotoScape
Poczta uslugi Windows Live (Version: 15.4.3502.0922)
Podstawowe programy Windows Live (Version: 15.4.3502.0922)
Pošta Windows Live (Version: 15.4.3502.0922)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (Version: 6.0.1.6400)
REALTEK PCIE Wireless LAN Software (Version: 0136.10.0325)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
Samsung Recovery Solution 4 (Version: 4.0.0.6)
Samsung Support Center (Version: 1.1.24)
Samsung Update Plus (Version: 2.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.10 (Version: 5.10.116)
SpeedUpMyPC (Version: 5.3.4.5)
StarterBackgroundChanger (Version: 0.8.0.0)
STRATO HiDrive (remove only)
TeamSpeak 3 Client
User Guide (Version: 1.3)
VirtualDJ Home FREE (Version: 7.3)
VirtualDJ LE (DJ4Set) (Version: 7.0.5)
VLC media player 2.0.2 (Version: 2.0.2)
WAV To MP3 V2
WIDCOMM Bluetooth Software (Version: 6.3.0.6200)
Windows Live ?? (Version: 15.4.3502.0922)
Windows Live ?? ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3508.1109)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live fotoattelu galerija (Version: 15.4.3502.0922)
Windows Live Fotogaléria (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live Foto-galerija (Version: 15.4.3502.0922)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)
Windows Live Fotótár (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live Galerija fotografija (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Pošta (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Parçalar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)

==================== Restore Points  =========================

02-06-2013 17:00:37 Windows-Sicherung
05-06-2013 21:35:50 Windows Update
09-06-2013 08:10:35 Windows Update
09-06-2013 17:00:39 Windows-Sicherung
13-06-2013 01:00:20 Windows Update
16-06-2013 17:55:18 Windows-Sicherung
19-06-2013 10:49:50 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {0C8A775D-3AE3-48FB-B9A5-CA1EE52A2348} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {0D64B43B-1A5A-4BB3-A3BA-2F4C1394647E} - System32\Tasks\SpeedUpMyPC => C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe [2013-01-08] (Uniblue Systems Ltd)
Task: {14C3DDE0-D665-42C7-855A-BB436F7EA8A3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {19056CAD-90EA-4ACB-84FF-8CD0D65BC044} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {21999BFF-6B17-4C02-9CA5-01EED812EE39} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {389B1777-C122-46F3-A6EC-858A28BFAF7E} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)
Task: {435B9152-E045-49A0-9802-3FE20CDF60B2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics)
Task: {466303E5-0805-44EC-8595-C63AFDEA3A21} - System32\Tasks\ChkWiz4VistaWin7 => C:\Sysprep\ChkWiz4VistaWin7.exe No File
Task: {4D9DB629-9B67-4EAD-83D8-19BDAF3F1A89} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {67FA9649-111A-4C53-B4F7-07301BC82D53} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SFB\SmartRestarter.exe [2010-06-03] (Samsung Electronics Co., Ltd.)
Task: {70EADF9A-5485-4ED7-97F5-879363B7F031} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {748E5CA0-91B9-40B1-9127-C5CC09C9E964} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe No File
Task: {9F764301-640E-4B52-B52C-13E6C45D1D1F} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.)
Task: {AC8DE7C8-AEE0-44F4-B06B-9667FF756D78} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {C7BF5F5C-9F99-4622-9629-FE2A16969A2C} - System32\Tasks\spmonitor => C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-01-08] (Uniblue Systems Ltd)
Task: {D239326B-C51F-46BE-8387-4E7F37E345CD} - System32\Tasks\EPUpdater => C:\Users\MacDevet\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File
Task: {F623BB0F-E7EE-4669-BC38-24FDC8A96392} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2013 01:47:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012288
ID des fehlerhaften Prozesses: 0x136c
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3

Error: (06/19/2013 01:20:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 01:18:24 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf!
Fehlercode: 0x35

Error: (06/19/2013 00:43:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 00:41:18 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf!
Fehlercode: 0x35

Error: (06/18/2013 06:13:35 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf!
Fehlercode: 0x35

Error: (06/18/2013 06:10:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2013 06:02:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2013 05:55:54 PM) (Source: Iminent) (User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   bei System.Delegate.DynamicInvokeImpl(Object[] args)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (06/18/2013 05:55:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/19/2013 01:18:32 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/19/2013 01:18:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306.

Error: (06/19/2013 00:41:23 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/19/2013 00:41:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306.

Error: (06/18/2013 06:13:39 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/18/2013 06:13:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306.

Error: (06/18/2013 06:09:38 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/18/2013 06:08:22 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFD
avipbb
avkmgr
cdrom
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
SABI
spldr
ssmdrv
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (06/18/2013 06:08:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/18/2013 06:08:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (06/19/2013 01:47:30 PM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c000000500012288136c01ce6ce253d3292bC:\Users\MacDevet\Downloads\gmer_2.1.19163.exeC:\Users\MacDevet\Downloads\gmer_2.1.19163.exe05490d43-d8d6-11e2-80d2-e81132d25d27

Error: (06/19/2013 01:20:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 01:18:24 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x35

Error: (06/19/2013 00:43:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 00:41:18 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x35

Error: (06/18/2013 06:13:35 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x35

Error: (06/18/2013 06:10:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2013 06:02:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2013 05:55:54 PM) (Source: Iminent)(User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   bei System.Delegate.DynamicInvokeImpl(Object[] args)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (06/18/2013 05:55:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 84%
Total physical RAM: 1013.3 MB
Available physical RAM: 157.11 MB
Total Pagefile: 2075.57 MB
Available Pagefile: 924.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:112 GB) (Free:27.65 GB) NTFS
Drive d: () (Fixed) (Total:165.99 GB) (Free:19.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: CD3D43EB)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
Gruß
Devet
__________________

Alt 19.06.2013, 14:38   #4
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.06.2013, 15:17   #5
Devet
 
GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



Hier der aktuelle file.

Code:
ATTFilter
ComboFix 13-06-18.02 - MacDevet 19.06.2013  15:52:40.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1013.25 [GMT 2:00]
ausgeführt von:: c:\users\MacDevet\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Windows Live\Messenger\msacm32.dll
c:\programdata\FullRemove.exe
c:\users\MacDevet\AppData\Local\lame_enc.dll
c:\users\MacDevet\AppData\Local\no23xwrapper.dll
c:\users\MacDevet\AppData\Local\ogg.dll
c:\users\MacDevet\AppData\Local\vorbis.dll
c:\users\MacDevet\AppData\Local\vorbisenc.dll
c:\users\MacDevet\AppData\Local\vorbisfile.dll
c:\users\MacDevet\AppData\Roaming\BabMaint.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-19 bis 2013-06-19  ))))))))))))))))))))))))))))))
.
.
2013-06-19 14:09 . 2013-06-19 14:10	--------	d-----w-	c:\users\MacDevet\AppData\Local\temp
2013-06-19 14:09 . 2013-06-19 14:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-19 13:06 . 2013-06-19 13:06	--------	d-----w-	C:\FRST
2013-06-19 10:54 . 2013-06-12 04:18	7068072	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6F5878C-F306-4CA9-BE10-0E5B654B1E35}\mpengine.dll
2013-06-19 10:47 . 2013-06-19 10:47	--------	d-----w-	c:\users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 10:46 . 2013-06-19 10:46	--------	d-----w-	c:\programdata\Malwarebytes
2013-06-19 10:46 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-06-19 10:46 . 2013-06-19 10:47	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-06-19 10:46 . 2013-06-19 10:46	--------	d-----w-	c:\users\MacDevet\AppData\Local\Programs
2013-06-13 01:09 . 2013-06-08 11:13	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-06-13 01:09 . 2013-06-08 11:41	218112	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 17:39 . 2013-04-26 04:55	492544	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 17:39 . 2013-05-13 04:45	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 17:39 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 17:39 . 2013-05-13 04:45	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 17:39 . 2013-05-13 03:08	903168	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 17:39 . 2013-05-13 03:08	43008	----a-w-	c:\windows\system32\certenc.dll
2013-06-12 17:39 . 2013-05-06 05:06	3968872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-06-12 17:39 . 2013-05-06 05:06	3913576	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-06-12 17:37 . 2013-05-08 05:38	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-03 15:27 . 2013-06-03 15:27	262552	----a-w-	c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-30 09:50 . 2013-05-30 09:50	--------	d-----w-	c:\program files\Explorationen
2013-05-30 09:38 . 2013-05-30 10:02	--------	d--h--w-	c:\program files\Zero G Registry
2013-05-30 09:34 . 2013-05-30 09:34	--------	d-----w-	c:\users\MacDevet\Zero G Registry
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 09:02 . 2012-05-17 08:17	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-18 09:02 . 2011-11-26 12:17	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-18 08:56 . 2010-06-24 02:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2011-11-26 12:03	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-12 13:45 . 2013-04-23 19:47	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-17 15:33	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 05:18 . 2013-05-17 15:33	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:14 . 2013-05-17 15:33	2347520	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3520 series (NET)"="c:\program files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-25 10119784]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2010-11-12 1812264]
"UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2012-11-26 2701720]
"Iminent"="c:\program files\Iminent\Iminent.exe" [2013-04-25 1074736]
"IminentMessenger"="c:\program files\Iminent\Iminent.Messengers.exe" [2013-04-25 884784]
.
c:\users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN26F1G47005SY;CONNECTION=NW;MONITOR=1; [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-21 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-13 297000]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 33320]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2012-10-30 200560]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2012-10-30 259440]
R3 HDJMidi;Hercules DJ 4Set MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2012-10-30 237936]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-29 9216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 10752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE [2012-09-06 16896]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-03-09 3857408]
S2 SProtection;SProtection;c:\program files\Common Files\Umbrella\umbrella.exe [2013-05-28 2839592]
S2 STRATO HiDrive Service;STRATO HiDrive Service;c:\program files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [2011-11-14 32768]
S2 UI Assistant Service;UI Assistant Service;c:\program files\1&1 Surf-Stick\AssistantServices.exe [2010-09-30 253264]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 116008]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-08-30 315680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - UXDOQKOB
*Deregistered* - uxdoqkob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-19 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\sump.exe [2013-04-26 09:27]
.
2013-06-19 c:\windows\Tasks\spmonitor.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-04-26 09:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mixidj.claro-search.com/?affID=121139&babsrc=HP_ss&mntrId=28337f2b00000000000000ff12bd7de4
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\MacDevet\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\
FF - ExtSQL: 2013-04-26 19:08; ffxtlbr@delta.com; c:\users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-04-26 19:10; webbooster@iminent.com; c:\program files\Iminent\webbooster@iminent.com
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=28337f2b00000000000000ff12bd7de4&q=
FF - user.js: extensions.BabylonToolbar.id - 28337f2b00000000000000ff12bd7de4
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15744
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.1017:03
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - uninst
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=120307
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar.newTab - false
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 28337f2b00000000000000ff12bd7de4
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15821
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1619:08
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.mixidj.tlbrSrchUrl - 
FF - user.js: extensions.mixidj.id - 28337f2b00000000000000ff12bd7de4
FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
FF - user.js: extensions.mixidj.instlDay - 15821
FF - user.js: extensions.mixidj.vrsn - 1.8.4.1
FF - user.js: extensions.mixidj.vrsni - 1.8.4.1
FF - user.js: extensions.mixidj_i.vrsnTs - 1.8.4.119:14
FF - user.js: extensions.mixidj.prtnrId - mixidj
FF - user.js: extensions.mixidj.prdct - mixidj
FF - user.js: extensions.mixidj.aflt - babsst
FF - user.js: extensions.mixidj_i.smplGrp - none
FF - user.js: extensions.mixidj.tlbrId - base
FF - user.js: extensions.mixidj.instlRef - sst
FF - user.js: extensions.mixidj.dfltLng - en
FF - user.js: extensions.mixidj_i.excTlbr - false
FF - user.js: extensions.mixidj.excTlbr - false
FF - user.js: extensions.mixidj.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-19  16:15:32
ComboFix-quarantined-files.txt  2013-06-19 14:15
.
Vor Suchlauf: 16 Verzeichnis(se), 32.391.610.368 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 33.997.242.368 Bytes frei
.
- - End Of File - - 8B66152663615648BAFE63FA60C45B6A
2E5DEBB2116B3417023E0D6562D7ED07
         
Gruß
Devet


Alt 19.06.2013, 15:48   #6
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST Log bitte.
__________________
--> GVU Trojaner; weitere Schritte nach Systemwiederherstellung

Alt 19.06.2013, 16:16   #7
Devet
 
GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



Hier die aktuellen files.

AdwClearner

Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 19/06/2013 um 16:56:10 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : MacDevet - MACDEVET-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MacDevet\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : SProtection

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\searchplugins\delta.xml
Datei Gelöscht : C:\windows\Tasks\SpeedUpMyPC.job
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Common Files\Umbrella
Ordner Gelöscht : C:\Program Files\Delta
Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
Ordner Gelöscht : C:\Program Files\Iminent
Ordner Gelöscht : C:\Program Files\mixidj
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Ordner Gelöscht : C:\Users\MacDevet\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\MacDevet\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\MacDevet\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\MacDevet\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\MacDevet\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\windows\Installer\{7F1E694F-1880-4D5F-BD27-A0D0A5379864}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\59edddab36aee13
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\mixidj
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\59edddab36aee13
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\F496E1F70881F5D4DB720A0D5A738946
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\F496E1F70881F5D4DB720A0D5A738946
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\DomaIQ
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kpepfkjapeclaafmhoelccknpfedainn
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B4750D705E2564409328D661F3A08E1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26E983F1377593143A37E3BA1C65CB74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C036A97566BFD147A3318BA9E8EA65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CC84F27D09408149894EC0F9A7C017F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4BDFB2601A205D344828E68FC902CAE9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D010CDB0C7815A48A7F780C5F8AACA7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AFEEBDA8013CAA74C8052DC06F9F22D8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC063FFF6402E614191D191F0DE5C5B4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F18FD125C322BC84286AD21D8B685F2F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C8F66181D6DDD488BB6F772F71324A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F496E1F70881F5D4DB720A0D5A738946
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F1E694F-1880-4D5F-BD27-A0D0A5379864}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mixidj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\Software\mixidj
Schlüssel Gelöscht : HKLM\Software\Umbrella
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mixidj.claro-search.com/?affID=121139&babsrc=HP_ss&mntrId=28337f2b00000000000000ff12bd7de4 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\prefs.js

C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\user.js ... Gelöscht !

Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=120307&babsrc=HP_ss&mntrId[...]
Gelöscht : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "28337f2b00000000000000ff12bd7de4");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15744");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1017:03:33");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=120307");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://mixidj.claro-search.com/?affID=121139&bab[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "28337f2b00000000000000ff12bd7de4");
Gelöscht : user_pref("extensions.delta.instlDay", "15821");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1619:08:15");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");

*************************

AdwCleaner[S1].txt - [41185 octets] - [19/06/2013 16:56:10]

########## EOF - C:\AdwCleaner[S1].txt - [41246 octets] ##########
         
Junkware

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Starter x86
Ran by MacDevet on 19.06.2013 at 17:02:48,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\invalidprefs.js
Emptied folder: C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\minidumps [49 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.06.2013 at 17:08:42,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by MacDevet (administrator) on 19-06-2013 17:10:18
Running from C:\Users\MacDevet\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(STRATO) C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Uniblue Systems Ltd) C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\windows\system32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxtray.exe
(Intel Corporation) C:\windows\system32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe
(Intel Corporation) C:\windows\system32\igfxext.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10119784 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [1812264 2010-11-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UIExec] "C:\Program Files\1&1 Surf-Stick\UIExec.exe" [139088 2010-09-30] ()
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot [2701720 2012-11-26] (Hercules®)
HKCU\...\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN26F1G47005SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1 [1837672 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE [16896 2012-09-06] (Hercules®)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-03-09] (Native Instruments GmbH)
R2 STRATO HiDrive Service; C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-09] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-19] (Avira GmbH)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [200560 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [116008 2010-11-13] (ELAN Microelectronics Corp.)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [259440 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [237936 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-10-10] (Windows (R) 2003 DDK 3790 provider)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2010-10-07] (SAMSUNG ELECTRONICS)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2011-01-08] (The OpenVPN Project)
S3 catchme; \??\C:\Users\MacDevet\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-19 17:08 - 2013-06-19 17:09 - 00000880 ____A C:\Users\MacDevet\Desktop\JRT.txt
2013-06-19 17:02 - 2013-06-19 17:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 17:01 - 2013-06-19 17:01 - 00000000 ____D C:\JRT
2013-06-19 17:00 - 2013-06-19 17:00 - 00041316 ____A C:\Users\MacDevet\Desktop\AdwCleaner[S1].txt
2013-06-19 16:59 - 2013-06-19 17:00 - 00000252 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2013-06-19 16:56 - 2013-06-19 16:56 - 00041316 ____A C:\AdwCleaner[S1].txt
2013-06-19 16:53 - 2013-06-19 16:54 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\MacDevet\Desktop\JRT.exe
2013-06-19 16:52 - 2013-06-19 16:53 - 00648201 ____A C:\Users\MacDevet\Desktop\adwcleaner.exe
2013-06-19 16:15 - 2013-06-19 16:15 - 00015027 ____A C:\ComboFix.txt
2013-06-19 15:48 - 2013-06-19 16:15 - 00000000 ____D C:\Qoobox
2013-06-19 15:48 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-19 15:48 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-19 15:48 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-19 15:47 - 2013-06-19 16:12 - 00000000 ____D C:\Windows\erdnt
2013-06-19 15:45 - 2013-06-19 15:46 - 05081021 ____R (Swearware) C:\Users\MacDevet\Desktop\ComboFix.exe
2013-06-19 15:08 - 2013-06-19 15:09 - 00021085 ____A C:\Users\MacDevet\Desktop\Addition.txt
2013-06-19 15:06 - 2013-06-19 15:06 - 00000000 ____D C:\FRST
2013-06-19 15:05 - 2013-06-19 15:05 - 01367073 ____A (Farbar) C:\Users\MacDevet\Desktop\FRST.exe
2013-06-19 14:39 - 2013-06-19 14:39 - 00003128 ____A C:\Users\MacDevet\Desktop\GMER.log
2013-06-19 14:38 - 2013-06-19 14:38 - 00003128 ____A C:\Users\MacDevet\Documents\GMER.log
2013-06-19 13:41 - 2013-06-19 13:42 - 00095408 ____A C:\Users\MacDevet\Desktop\Extras.Txt
2013-06-19 13:37 - 2013-06-19 13:41 - 00064502 ____A C:\Users\MacDevet\Desktop\OTL.Txt
2013-06-19 13:14 - 2013-06-19 13:14 - 00377856 ____A C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
2013-06-19 13:12 - 2013-06-19 13:12 - 00602112 ____A (OldTimer Tools) C:\Users\MacDevet\Desktop\OTL.exe
2013-06-19 13:10 - 2013-06-19 13:11 - 00000478 ____A C:\Users\MacDevet\Desktop\defogger_disable.log
2013-06-19 13:10 - 2013-06-19 13:10 - 00000000 ____A C:\Users\MacDevet\defogger_reenable
2013-06-19 13:08 - 2013-06-19 13:08 - 00050477 ____A C:\Users\MacDevet\Desktop\Defogger.exe
2013-06-19 12:47 - 2013-06-19 12:47 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 12:46 - 2013-06-19 12:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 12:46 - 2013-06-19 12:46 - 00001067 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 12:46 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-19 12:44 - 2013-06-19 12:48 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\MacDevet\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-13 03:09 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 03:09 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 03:01 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:01 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:01 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:39 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 19:39 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 19:39 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 19:39 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 19:39 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 19:39 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 19:39 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 19:39 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 19:37 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-30 11:38 - 2013-05-30 12:02 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-05-30 11:35 - 2013-05-30 11:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-30 11:35 - 2013-05-30 11:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-30 11:35 - 2013-05-30 11:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-30 11:35 - 2013-05-30 11:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-30 11:35 - 2013-05-30 11:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-30 11:34 - 2013-05-30 11:34 - 00000016 ____A C:\Users\MacDevet\persistent_state
2013-05-30 11:34 - 2013-05-30 11:34 - 00000000 ____D C:\Users\MacDevet\Zero G Registry
2013-05-30 11:32 - 2013-05-30 11:34 - 10211989 ____A (Zero G Software, Inc.) C:\Users\MacDevet\Downloads\Deflectex.exe
2013-05-25 07:24 - 2013-05-25 07:24 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 07:12 - 2013-05-30 11:45 - 00015155 ____A C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders ========

2013-06-19 17:09 - 2013-06-19 17:08 - 00000880 ____A C:\Users\MacDevet\Desktop\JRT.txt
2013-06-19 17:06 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 17:06 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 17:02 - 2013-06-19 17:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 17:01 - 2013-06-19 17:01 - 00000000 ____D C:\JRT
2013-06-19 17:00 - 2013-06-19 17:00 - 00041316 ____A C:\Users\MacDevet\Desktop\AdwCleaner[S1].txt
2013-06-19 17:00 - 2013-06-19 16:59 - 00000252 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2013-06-19 16:59 - 2013-04-26 19:15 - 00000330 ____A C:\Windows\Tasks\spmonitor.job
2013-06-19 16:58 - 2010-11-20 23:48 - 00341048 ____A C:\Windows\PFRO.log
2013-06-19 16:58 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 16:58 - 2009-07-14 06:39 - 00073990 ____A C:\Windows\setupact.log
2013-06-19 16:57 - 2011-07-26 04:16 - 01843684 ____A C:\Windows\WindowsUpdate.log
2013-06-19 16:56 - 2013-06-19 16:56 - 00041316 ____A C:\AdwCleaner[S1].txt
2013-06-19 16:54 - 2013-06-19 16:53 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\MacDevet\Desktop\JRT.exe
2013-06-19 16:53 - 2013-06-19 16:52 - 00648201 ____A C:\Users\MacDevet\Desktop\adwcleaner.exe
2013-06-19 16:15 - 2013-06-19 16:15 - 00015027 ____A C:\ComboFix.txt
2013-06-19 16:15 - 2013-06-19 15:48 - 00000000 ____D C:\Qoobox
2013-06-19 16:15 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-06-19 16:12 - 2013-06-19 15:47 - 00000000 ____D C:\Windows\erdnt
2013-06-19 16:10 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-06-19 15:46 - 2013-06-19 15:45 - 05081021 ____R (Swearware) C:\Users\MacDevet\Desktop\ComboFix.exe
2013-06-19 15:09 - 2013-06-19 15:08 - 00021085 ____A C:\Users\MacDevet\Desktop\Addition.txt
2013-06-19 15:06 - 2013-06-19 15:06 - 00000000 ____D C:\FRST
2013-06-19 15:05 - 2013-06-19 15:05 - 01367073 ____A (Farbar) C:\Users\MacDevet\Desktop\FRST.exe
2013-06-19 14:39 - 2013-06-19 14:39 - 00003128 ____A C:\Users\MacDevet\Desktop\GMER.log
2013-06-19 14:38 - 2013-06-19 14:38 - 00003128 ____A C:\Users\MacDevet\Documents\GMER.log
2013-06-19 13:48 - 2012-06-24 18:28 - 00000000 ____D C:\Users\MacDevet\AppData\Local\CrashDumps
2013-06-19 13:42 - 2013-06-19 13:41 - 00095408 ____A C:\Users\MacDevet\Desktop\Extras.Txt
2013-06-19 13:41 - 2013-06-19 13:37 - 00064502 ____A C:\Users\MacDevet\Desktop\OTL.Txt
2013-06-19 13:17 - 2011-07-25 13:39 - 00000000 ____D C:\Windows\ru
2013-06-19 13:14 - 2013-06-19 13:14 - 00377856 ____A C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
2013-06-19 13:12 - 2013-06-19 13:12 - 00602112 ____A (OldTimer Tools) C:\Users\MacDevet\Desktop\OTL.exe
2013-06-19 13:11 - 2013-06-19 13:10 - 00000478 ____A C:\Users\MacDevet\Desktop\defogger_disable.log
2013-06-19 13:10 - 2013-06-19 13:10 - 00000000 ____A C:\Users\MacDevet\defogger_reenable
2013-06-19 13:10 - 2011-11-26 13:24 - 00000000 ____D C:\users\MacDevet
2013-06-19 13:08 - 2013-06-19 13:08 - 00050477 ____A C:\Users\MacDevet\Desktop\Defogger.exe
2013-06-19 12:48 - 2013-06-19 12:44 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\MacDevet\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-19 12:47 - 2013-06-19 12:47 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 12:47 - 2013-06-19 12:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 12:46 - 2013-06-19 12:46 - 00001067 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-18 18:12 - 2011-11-28 10:22 - 00000000 ____D C:\Program Files\1&1 Surf-Stick
2013-06-18 18:12 - 2011-07-25 12:41 - 00000000 ____D C:\ProgramData\WinClon
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-06-13 03:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 03:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 03:02 - 2011-11-28 22:41 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 14:05 - 2013-04-20 14:56 - 00000000 ____D C:\hbbk
2013-06-08 13:42 - 2013-06-13 03:09 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-13 03:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 08:29 - 2010-11-20 23:01 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-03 22:59 - 2012-05-24 22:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-03 17:27 - 2013-01-19 21:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-30 12:12 - 2009-07-14 06:33 - 00287832 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 12:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-05-30 12:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-05-30 12:02 - 2013-05-30 11:38 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-05-30 11:45 - 2013-05-25 07:12 - 00015155 ____A C:\Windows\IE10_main.log
2013-05-30 11:35 - 2013-05-30 11:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-30 11:35 - 2013-05-30 11:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-30 11:35 - 2013-05-30 11:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-30 11:35 - 2013-05-30 11:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-30 11:35 - 2013-05-30 11:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-30 11:34 - 2013-05-30 11:34 - 00000016 ____A C:\Users\MacDevet\persistent_state
2013-05-30 11:34 - 2013-05-30 11:34 - 00000000 ____D C:\Users\MacDevet\Zero G Registry
2013-05-30 11:34 - 2013-05-30 11:32 - 10211989 ____A (Zero G Software, Inc.) C:\Users\MacDevet\Downloads\Deflectex.exe
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-05-25 07:24 - 2013-05-25 07:24 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 00:04

==================== End Of Log ============================
         
--- --- ---


Gruß
Devet

Alt 19.06.2013, 18:49   #8
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



Supi, jetzt noch Kontrollscan:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.06.2013, 18:55   #9
Devet
 
GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



Online-check hat ein wenig länger gedauert, sorry.

Hier der log-file

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5eea4a1a04c2d443b247748be4673ea6
# engine=14113
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-20 06:30:18
# local_time=2013-06-20 08:30:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 100 54249 237129508 46981 0
# compatibility_mode=5893 16776573 100 94 70554 123341009 0 0
# scanned=114835
# found=2
# cleaned=0
# scan_time=44189
sh=69CA38487338FE83C215275F62452D56D132FFFD ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\MacDevet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HF8MCDTD\ad1_bobiporn_xxx[1].htm"
sh=432A293ECD742A1E4184C1B631F4B2576F26B26F ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\MACDEVET-PC\Backup Set 2013-04-22 195614\Backup Files 2013-05-28 144913\Backup files 1.zip"
         
Hier der file vom security check.
Bin mir aber nicht sicher ob das so sein muss. ;-)

Code:
ATTFilter
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
Und noch der frische FRST file.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by MacDevet (administrator) on 20-06-2013 19:50:52
Running from C:\Users\MacDevet\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(STRATO) C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Uniblue Systems Ltd) C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\windows\system32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxtray.exe
(Intel Corporation) C:\windows\system32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10119784 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [1812264 2010-11-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UIExec] "C:\Program Files\1&1 Surf-Stick\UIExec.exe" [139088 2010-09-30] ()
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot [2701720 2012-11-26] (Hercules®)
HKCU\...\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN26F1G47005SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1 [1837672 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\MacDevet\AppData\Roaming\Mozilla\Firefox\Profiles\xsa74xhd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE [16896 2012-09-06] (Hercules®)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-03-09] (Native Instruments GmbH)
R2 STRATO HiDrive Service; C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-09] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-19] (Avira GmbH)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [200560 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [116008 2010-11-13] (ELAN Microelectronics Corp.)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [259440 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [237936 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-10-10] (Windows (R) 2003 DDK 3790 provider)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2010-10-07] (SAMSUNG ELECTRONICS)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2011-01-08] (The OpenVPN Project)
S3 catchme; \??\C:\Users\MacDevet\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-20 19:48 - 2013-06-20 19:48 - 00890839 ____A C:\Users\MacDevet\Desktop\SecurityCheck.exe
2013-06-19 20:07 - 2013-06-19 20:08 - 02347384 ____A (ESET) C:\Users\MacDevet\Desktop\esetsmartinstaller_enu.exe
2013-06-19 17:08 - 2013-06-19 17:09 - 00000880 ____A C:\Users\MacDevet\Desktop\JRT.txt
2013-06-19 17:02 - 2013-06-19 17:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 17:01 - 2013-06-19 17:01 - 00000000 ____D C:\JRT
2013-06-19 17:00 - 2013-06-19 17:00 - 00041316 ____A C:\Users\MacDevet\Desktop\AdwCleaner[S1].txt
2013-06-19 16:59 - 2013-06-19 17:00 - 00000252 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2013-06-19 16:56 - 2013-06-19 16:56 - 00041316 ____A C:\AdwCleaner[S1].txt
2013-06-19 16:53 - 2013-06-19 16:54 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\MacDevet\Desktop\JRT.exe
2013-06-19 16:52 - 2013-06-19 16:53 - 00648201 ____A C:\Users\MacDevet\Desktop\adwcleaner.exe
2013-06-19 16:15 - 2013-06-19 16:15 - 00015027 ____A C:\ComboFix.txt
2013-06-19 15:48 - 2013-06-19 16:15 - 00000000 ____D C:\Qoobox
2013-06-19 15:48 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-19 15:48 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-19 15:48 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-19 15:48 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-19 15:47 - 2013-06-19 16:12 - 00000000 ____D C:\Windows\erdnt
2013-06-19 15:45 - 2013-06-19 15:46 - 05081021 ____R (Swearware) C:\Users\MacDevet\Desktop\ComboFix.exe
2013-06-19 15:08 - 2013-06-19 15:09 - 00021085 ____A C:\Users\MacDevet\Desktop\Addition.txt
2013-06-19 15:06 - 2013-06-19 15:06 - 00000000 ____D C:\FRST
2013-06-19 15:05 - 2013-06-19 15:05 - 01367073 ____A (Farbar) C:\Users\MacDevet\Desktop\FRST.exe
2013-06-19 14:39 - 2013-06-19 14:39 - 00003128 ____A C:\Users\MacDevet\Desktop\GMER.log
2013-06-19 14:38 - 2013-06-19 14:38 - 00003128 ____A C:\Users\MacDevet\Documents\GMER.log
2013-06-19 13:41 - 2013-06-19 13:42 - 00095408 ____A C:\Users\MacDevet\Desktop\Extras.Txt
2013-06-19 13:37 - 2013-06-19 13:41 - 00064502 ____A C:\Users\MacDevet\Desktop\OTL.Txt
2013-06-19 13:14 - 2013-06-19 13:14 - 00377856 ____A C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
2013-06-19 13:12 - 2013-06-19 13:12 - 00602112 ____A (OldTimer Tools) C:\Users\MacDevet\Desktop\OTL.exe
2013-06-19 13:10 - 2013-06-19 13:11 - 00000478 ____A C:\Users\MacDevet\Desktop\defogger_disable.log
2013-06-19 13:10 - 2013-06-19 13:10 - 00000000 ____A C:\Users\MacDevet\defogger_reenable
2013-06-19 13:08 - 2013-06-19 13:08 - 00050477 ____A C:\Users\MacDevet\Desktop\Defogger.exe
2013-06-19 12:47 - 2013-06-19 12:47 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 12:46 - 2013-06-19 12:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 12:46 - 2013-06-19 12:46 - 00001067 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 12:46 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-19 12:44 - 2013-06-19 12:48 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\MacDevet\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-13 03:09 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 03:09 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 03:09 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 03:01 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:01 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:01 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:39 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 19:39 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 19:39 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 19:39 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 19:39 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 19:39 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 19:39 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 19:39 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 19:37 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-30 11:38 - 2013-05-30 12:02 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-05-30 11:35 - 2013-05-30 11:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-30 11:35 - 2013-05-30 11:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-30 11:35 - 2013-05-30 11:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-30 11:35 - 2013-05-30 11:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-30 11:35 - 2013-05-30 11:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-30 11:34 - 2013-05-30 11:34 - 00000016 ____A C:\Users\MacDevet\persistent_state
2013-05-30 11:34 - 2013-05-30 11:34 - 00000000 ____D C:\Users\MacDevet\Zero G Registry
2013-05-30 11:32 - 2013-05-30 11:34 - 10211989 ____A (Zero G Software, Inc.) C:\Users\MacDevet\Downloads\Deflectex.exe
2013-05-25 07:24 - 2013-05-25 07:24 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 07:12 - 2013-05-30 11:45 - 00015155 ____A C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders ========

2013-06-20 19:48 - 2013-06-20 19:48 - 00890839 ____A C:\Users\MacDevet\Desktop\SecurityCheck.exe
2013-06-20 07:05 - 2011-07-26 04:16 - 01856317 ____A C:\Windows\WindowsUpdate.log
2013-06-19 20:08 - 2013-06-19 20:07 - 02347384 ____A (ESET) C:\Users\MacDevet\Desktop\esetsmartinstaller_enu.exe
2013-06-19 17:09 - 2013-06-19 17:08 - 00000880 ____A C:\Users\MacDevet\Desktop\JRT.txt
2013-06-19 17:06 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 17:06 - 2009-07-14 06:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 17:02 - 2013-06-19 17:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 17:01 - 2013-06-19 17:01 - 00000000 ____D C:\JRT
2013-06-19 17:00 - 2013-06-19 17:00 - 00041316 ____A C:\Users\MacDevet\Desktop\AdwCleaner[S1].txt
2013-06-19 17:00 - 2013-06-19 16:59 - 00000252 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2013-06-19 16:59 - 2013-04-26 19:15 - 00000330 ____A C:\Windows\Tasks\spmonitor.job
2013-06-19 16:58 - 2010-11-20 23:48 - 00341048 ____A C:\Windows\PFRO.log
2013-06-19 16:58 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 16:58 - 2009-07-14 06:39 - 00073990 ____A C:\Windows\setupact.log
2013-06-19 16:56 - 2013-06-19 16:56 - 00041316 ____A C:\AdwCleaner[S1].txt
2013-06-19 16:54 - 2013-06-19 16:53 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\MacDevet\Desktop\JRT.exe
2013-06-19 16:53 - 2013-06-19 16:52 - 00648201 ____A C:\Users\MacDevet\Desktop\adwcleaner.exe
2013-06-19 16:15 - 2013-06-19 16:15 - 00015027 ____A C:\ComboFix.txt
2013-06-19 16:15 - 2013-06-19 15:48 - 00000000 ____D C:\Qoobox
2013-06-19 16:15 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-06-19 16:12 - 2013-06-19 15:47 - 00000000 ____D C:\Windows\erdnt
2013-06-19 16:10 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-06-19 15:46 - 2013-06-19 15:45 - 05081021 ____R (Swearware) C:\Users\MacDevet\Desktop\ComboFix.exe
2013-06-19 15:09 - 2013-06-19 15:08 - 00021085 ____A C:\Users\MacDevet\Desktop\Addition.txt
2013-06-19 15:06 - 2013-06-19 15:06 - 00000000 ____D C:\FRST
2013-06-19 15:05 - 2013-06-19 15:05 - 01367073 ____A (Farbar) C:\Users\MacDevet\Desktop\FRST.exe
2013-06-19 14:39 - 2013-06-19 14:39 - 00003128 ____A C:\Users\MacDevet\Desktop\GMER.log
2013-06-19 14:38 - 2013-06-19 14:38 - 00003128 ____A C:\Users\MacDevet\Documents\GMER.log
2013-06-19 13:48 - 2012-06-24 18:28 - 00000000 ____D C:\Users\MacDevet\AppData\Local\CrashDumps
2013-06-19 13:42 - 2013-06-19 13:41 - 00095408 ____A C:\Users\MacDevet\Desktop\Extras.Txt
2013-06-19 13:41 - 2013-06-19 13:37 - 00064502 ____A C:\Users\MacDevet\Desktop\OTL.Txt
2013-06-19 13:17 - 2011-07-25 13:39 - 00000000 ____D C:\Windows\ru
2013-06-19 13:14 - 2013-06-19 13:14 - 00377856 ____A C:\Users\MacDevet\Downloads\gmer_2.1.19163.exe
2013-06-19 13:12 - 2013-06-19 13:12 - 00602112 ____A (OldTimer Tools) C:\Users\MacDevet\Desktop\OTL.exe
2013-06-19 13:11 - 2013-06-19 13:10 - 00000478 ____A C:\Users\MacDevet\Desktop\defogger_disable.log
2013-06-19 13:10 - 2013-06-19 13:10 - 00000000 ____A C:\Users\MacDevet\defogger_reenable
2013-06-19 13:10 - 2011-11-26 13:24 - 00000000 ____D C:\users\MacDevet
2013-06-19 13:08 - 2013-06-19 13:08 - 00050477 ____A C:\Users\MacDevet\Desktop\Defogger.exe
2013-06-19 12:48 - 2013-06-19 12:44 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\MacDevet\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-19 12:47 - 2013-06-19 12:47 - 00000000 ____D C:\Users\MacDevet\AppData\Roaming\Malwarebytes
2013-06-19 12:47 - 2013-06-19 12:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 12:46 - 2013-06-19 12:46 - 00001067 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 12:46 - 2013-06-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-18 18:12 - 2011-11-28 10:22 - 00000000 ____D C:\Program Files\1&1 Surf-Stick
2013-06-18 18:12 - 2011-07-25 12:41 - 00000000 ____D C:\ProgramData\WinClon
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-18 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-06-13 03:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 03:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 03:02 - 2011-11-28 22:41 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 14:05 - 2013-04-20 14:56 - 00000000 ____D C:\hbbk
2013-06-08 13:42 - 2013-06-13 03:09 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-13 03:09 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-13 03:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 08:29 - 2010-11-20 23:01 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-03 22:59 - 2012-05-24 22:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-03 17:27 - 2013-01-19 21:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-30 12:12 - 2009-07-14 06:33 - 00287832 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-30 12:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-05-30 12:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-05-30 12:02 - 2013-05-30 11:38 - 00000000 ___HD C:\Program Files\Zero G Registry
2013-05-30 11:45 - 2013-05-25 07:12 - 00015155 ____A C:\Windows\IE10_main.log
2013-05-30 11:35 - 2013-05-30 11:35 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-30 11:35 - 2013-05-30 11:35 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-30 11:35 - 2013-05-30 11:35 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-30 11:35 - 2013-05-30 11:35 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-30 11:35 - 2013-05-30 11:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-30 11:35 - 2013-05-30 11:35 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-30 11:35 - 2013-05-30 11:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-30 11:34 - 2013-05-30 11:34 - 00000016 ____A C:\Users\MacDevet\persistent_state
2013-05-30 11:34 - 2013-05-30 11:34 - 00000000 ____D C:\Users\MacDevet\Zero G Registry
2013-05-30 11:34 - 2013-05-30 11:32 - 10211989 ____A (Zero G Software, Inc.) C:\Users\MacDevet\Downloads\Deflectex.exe
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-05-28 14:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-05-25 07:24 - 2013-05-25 07:24 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 07:24 - 2013-05-25 07:24 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 00:04

==================== End Of Log ============================
         
--- --- ---


Gruß
Devet

Alt 21.06.2013, 07:33   #10
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.06.2013, 17:53   #11
Devet
 
GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



So, nach etwas abwesenheit jetzt endlich den TFC durchlaufen lassen.
Scheint alles geklappt zu haben.

Brauchst du jetzt noch irgendeinen Scan zur Kontrolle oder ist das Thema nun erledigt?

Gruß
Devet

Alt 24.06.2013, 18:46   #12
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.06.2013, 18:52   #13
Devet
 
GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



So, alles durchgeführt und mir auch deine Tips zu Herzen genommen bzw. durchgeführt.
Hat soweit alles funktioniert.
Danke nochmals sehr für die super Hilfe.

Gruß
Devet

Alt 26.06.2013, 19:43   #14
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu GVU Trojaner; weitere Schritte nach Systemwiederherstellung
antivir, autorun, avira, bho, bonjour, converter, delta chrome toolbar, down, error, fehler, firefox, flash player, home, install.exe, installation, logfile, mozilla, netzwerk, object, optimizer pro, plug-in, realtek, registry, scan, security, software, speedupmypc, sprotection, teamspeak, trojaner, windows, wlansvc



Ähnliche Themen: GVU Trojaner; weitere Schritte nach Systemwiederherstellung


  1. Freeware-Mitbringsel Juchee! - Weitere Schritte zur Müllentfernung notwendig...
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (12)
  2. OTLogfile Auswertung für weitere Schritte benötigt
    Log-Analyse und Auswertung - 06.12.2013 (10)
  3. Funde durch AdwCleaner...weitere Schritte nötig?
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (3)
  4. GUV Trojaner mit Sperrbildschirm --> Schritte nach FRST Scan
    Log-Analyse und Auswertung - 01.10.2013 (9)
  5. Bundespolizei Trojaner - Weitere Schritte nach Systemwiederherstellung
    Log-Analyse und Auswertung - 04.06.2013 (18)
  6. Sicherheitslücken in Java: User Groups fordern von Oracle weitere Schritte
    Nachrichten - 07.05.2013 (0)
  7. Avira hat Trojaner "TR/Rogue.KD.853855.1" gefunden und in Quarantäne verschoben --> Sind weitere Schritte notwendig?
    Log-Analyse und Auswertung - 25.02.2013 (11)
  8. GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (8)
  9. Bundesministerium-Trojaner: Malwarebytes durchgeführt, Computer jetzt wieder normal nutzbar? ggf. weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (20)
  10. GVU Trojaner - defooger fehlermeldung und weitere Schritte
    Log-Analyse und Auswertung - 20.10.2012 (30)
  11. Trojan.Banker und Backdoor.Agent mit Malwarebytes entfernt - weitere Schritte nötig?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (3)
  12. EXP/CVE-2012-0507 in Quarantäne verschoben! Weitere Schritte notwendig?
    Log-Analyse und Auswertung - 21.04.2012 (36)
  13. Trojaner Log - Weitere Schritte erforderliche
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (1)
  14. GEMA-Trojaner mit Tool bereinigt, weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  15. GEMA Virus vorerst bekämpft! Weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (1)
  16. Avira meldet den Trojaner Shutdowner.fft - weitere Schritte ?
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (5)
  17. antimalware doctor entfernen-guide befolgt, weitere schritte erforderlich?
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (4)

Zum Thema GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Mahlzeit Forum, Ich habe ein Netbook hier, welches mit dem GVU Trojaner verseucht ist. Systemwiederherstellung ist bereits durchgeführt. Nach eurer Anleitung wurde "defogger" ausgeführt. Im Anschluss OTL durchlaufen lassen. Code: - GVU Trojaner; weitere Schritte nach Systemwiederherstellung...
Archiv
Du betrachtest: GVU Trojaner; weitere Schritte nach Systemwiederherstellung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.