Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PayPal Konto gehackt!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.09.2012, 00:12   #1
DANBOSS
 
PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



Hi,

hab folgendes Problem,war grad meine E-Mails checken und hab ne Nachricht von Pay-Pal bekommen,das ein Lastschrift Abbuchung stattgefunden hat !
War ein Online Key Spiele Händler!

Habe schonmal die Konfliktlösung an PayPal gesendet!
Was kann ich tun ich poste euch mal die Logs von Malewarebytes und OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.09.2012 00:02:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\DANBOSS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,90 Gb Total Physical Memory | 13,51 Gb Available Physical Memory | 85,00% Memory free
31,79 Gb Paging File | 29,17 Gb Available in Paging File | 91,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 624,09 Gb Free Space | 67,00% Space Free | Partition Type: NTFS
Drive F: | 7,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,44 Gb Total Space | 5,63 Gb Free Space | 75,73% Space Free | Partition Type: FAT32
 
Computer Name: DANBOSS-PC | User Name: DANBOSS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\DANBOSS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe (CMedia)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\ASUS Xonar DX Audio\Customapp\VmixP8.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\SysWOW64\HsMgr.exe ()
MOD - C:\Programme\ASUS Xonar DX Audio\Customapp\CmDevice.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (ISCTAgent) -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys ()
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
DRV:64bit: - (imsevent) -- C:\Windows\SysNative\drivers\imsevent.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys ()
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=hp&babsrc=lnkry_nt
IE - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 D6 EC 4E 40 77 CD 01  [binary data]
IE - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\..\SearchScopes\{58EAF69B-8A2A-4ECE-8F15-B3D0A6E9B14B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=927c6cf1-e545-43eb-b737-69b9ce829e34&apn_sauid=0D5A5297-E598-4F48-9500-10DED05DBD9A
IE - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://bild.de"
FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.43
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 08:55:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 17:35:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 08:55:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 17:35:34 | 000,000,000 | ---D | M]
 
[2012.08.08 18:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\Extensions
[2012.09.29 08:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\Firefox\Profiles\u2hxakkn.default\extensions
[2012.08.08 22:04:41 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\firefox\profiles\u2hxakkn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.29 08:46:27 | 000,395,927 | ---- | M] () (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\firefox\profiles\u2hxakkn.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2012.08.25 15:55:22 | 000,002,474 | ---- | M] () -- C:\Users\DANBOSS\AppData\Roaming\mozilla\firefox\profiles\u2hxakkn.default\searchplugins\Web Search.xml
[2012.09.27 14:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.27 14:43:22 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.09.10 08:55:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 08:55:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2704506077-2312752873-3246057193-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004..\Run: [Spotify Web Helper] C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-2704506077-2312752873-3246057193-1004..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2704506077-2312752873-3246057193-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7683B693-F508-44F5-A025-9D346F715662}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.21 06:03:37 | 000,000,084 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{ee2c250a-ee8c-11e1-a41c-bc5ff443b9f2}\Shell - "" = AutoRun
O33 - MountPoints2\{ee2c250a-ee8c-11e1-a41c-bc5ff443b9f2}\Shell\AutoRun\command - "" = F:\raf-sd.exe -- [2012.08.21 05:44:44 | 000,689,679 | R--- | M] (RAF                                                         )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.27 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
[2012.09.27 14:52:46 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.09.27 14:52:44 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.09.27 14:43:22 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
[2012.09.27 14:39:12 | 000,060,320 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.27 14:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data AntiVirus 2013
[2012.09.27 14:38:46 | 000,126,880 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.27 14:38:46 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.09.27 14:38:45 | 000,054,176 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.09.27 14:38:44 | 000,064,416 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.09.27 14:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012.09.27 14:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2012.09.27 14:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2012.09.27 14:37:43 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\Downloaded Installations
[2012.09.27 14:35:25 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Desktop\G Data AntiVirus 2013
[2012.09.26 23:17:49 | 000,000,000 | ---D | C] -- C:\temp
[2012.09.26 23:17:15 | 026,228,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.09.26 23:17:15 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.09.26 23:17:15 | 019,828,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.09.26 23:17:15 | 018,229,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.09.26 23:17:15 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.09.26 23:17:15 | 009,066,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.09.26 23:17:15 | 007,626,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.09.26 23:17:15 | 007,397,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.09.26 23:17:15 | 006,109,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.09.26 23:17:15 | 002,745,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.09.26 23:17:15 | 002,573,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.09.26 23:17:15 | 002,216,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.09.26 23:17:15 | 001,866,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.09.26 23:17:15 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.09.26 23:17:15 | 000,830,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.09.26 23:17:15 | 000,355,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2012.09.26 23:17:15 | 000,308,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2012.09.26 23:17:15 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.09.26 23:17:15 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.09.26 23:17:15 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.09.26 23:17:15 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.09.26 22:55:56 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012.09.26 22:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2012.09.26 08:35:23 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.23 19:15:04 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\Microsoft Help
[2012.09.23 19:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.09.22 19:08:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 19:08:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 19:08:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 19:08:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 19:08:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 19:08:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 19:08:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 19:08:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 19:08:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 19:08:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 19:08:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 19:08:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 19:08:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 19:08:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 19:08:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.22 17:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.09.18 17:36:42 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\zdenki
[2012.09.16 15:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012.09.15 00:34:00 | 000,328,712 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\MijFrc.dll
[2012.09.15 00:34:00 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\MotioninJoy
[2012.09.15 00:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2012.09.15 00:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2012.09.14 21:51:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2012.09.14 21:51:31 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Documents\FIFA 13
[2012.09.14 21:50:59 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Documents\FIFA 13 Demo
[2012.09.13 17:18:31 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\PDF24
[2012.09.13 17:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.09.13 17:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012.09.13 17:07:28 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\pdfforge
[2012.09.13 17:07:27 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2012.09.13 17:07:27 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2012.09.13 17:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.09.13 16:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012.09.13 16:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012.09.13 16:56:34 | 000,101,376 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcwiad.dll
[2012.09.12 18:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2012.09.12 18:34:40 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\Nero
[2012.09.12 18:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.09.12 18:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012.09.12 18:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012.09.12 18:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.09.12 18:29:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.09.12 18:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012.09.12 16:29:26 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 16:29:25 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 16:29:25 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 16:29:25 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.09.09 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\TS3Client
[2012.09.09 15:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.09.09 15:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012.09.09 13:27:47 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Documents\Amazon MP3
[2012.09.09 13:27:47 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\Amazon
[2012.09.09 13:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012.09.09 13:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012.09.09 11:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.09.05 17:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur
[2012.09.05 17:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012.09.02 10:09:15 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\Malwarebytes
[2012.09.02 10:09:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.02 10:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.02 10:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.02 10:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.01 14:54:37 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Renes Schnickschnack
[2012.09.01 12:41:28 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\MPlayer
[2012.09.01 12:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012.09.01 12:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2012.09.01 12:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
[2012.09.01 12:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.09.01 12:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.09.01 09:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.01 09:33:33 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.01 09:33:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.01 09:33:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.01 09:33:30 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.01 09:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.29 23:50:25 | 000,021,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.29 23:50:25 | 000,021,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.29 23:47:40 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.29 23:47:40 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.29 23:47:40 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.29 23:47:40 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.29 23:47:40 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.29 23:43:28 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012.09.29 23:43:16 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2012.09.29 23:43:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.29 23:43:07 | 4211,617,790 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.29 23:23:44 | 000,811,160 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.09.29 23:23:44 | 000,044,513 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.09.29 23:14:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.29 16:03:43 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.29 16:03:43 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.29 16:03:34 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.09.29 13:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012.09.27 21:54:30 | 000,007,597 | ---- | M] () -- C:\Users\DANBOSS\AppData\Local\Resmon.ResmonCfg
[2012.09.27 20:33:22 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.09.27 20:33:22 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.27 19:58:41 | 000,000,221 | ---- | M] () -- C:\Users\DANBOSS\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2012.09.27 14:52:46 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.09.27 14:52:44 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.09.27 14:43:24 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.27 14:43:22 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.27 14:43:22 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.09.27 14:43:22 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.09.27 14:38:46 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.09.27 14:38:39 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\G Data AntiVirus.lnk
[2012.09.26 22:59:51 | 000,001,090 | ---- | M] () -- C:\Users\DANBOSS\Desktop\MSI Afterburner.lnk
[2012.09.26 17:30:04 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.22 16:44:58 | 000,000,221 | ---- | M] () -- C:\Users\DANBOSS\Desktop\Borderlands 2.url
[2012.09.13 17:21:43 | 003,043,019 | ---- | M] () -- C:\Users\DANBOSS\Bewerbungen.pdf
[2012.09.13 17:18:18 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.09.13 17:18:18 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.09.13 17:11:56 | 000,729,428 | ---- | M] () -- C:\Users\DANBOSS\Bewerbung.pdf
[2012.09.13 16:56:35 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.09.12 18:33:42 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2012.09.12 18:29:03 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012.09.09 15:09:38 | 000,000,935 | ---- | M] () -- C:\Users\DANBOSS\Desktop\TeamSpeak 3 Client.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.06 11:37:00 | 000,277,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.01 13:54:21 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.09.01 09:33:28 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.01 09:33:28 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.09.01 09:33:28 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.01 09:33:28 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.01 09:33:28 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.01 09:33:28 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.29 23:14:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.28 09:00:20 | 000,811,160 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.09.28 09:00:20 | 000,044,513 | ---- | C] () -- C:\Windows\SysWow64\nmp.map
[2012.09.27 21:54:30 | 000,007,597 | ---- | C] () -- C:\Users\DANBOSS\AppData\Local\Resmon.ResmonCfg
[2012.09.27 19:58:41 | 000,000,221 | ---- | C] () -- C:\Users\DANBOSS\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2012.09.27 14:38:39 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\G Data AntiVirus.lnk
[2012.09.26 22:55:56 | 000,001,090 | ---- | C] () -- C:\Users\DANBOSS\Desktop\MSI Afterburner.lnk
[2012.09.22 16:44:58 | 000,000,221 | ---- | C] () -- C:\Users\DANBOSS\Desktop\Borderlands 2.url
[2012.09.13 17:21:40 | 003,043,019 | ---- | C] () -- C:\Users\DANBOSS\Bewerbungen.pdf
[2012.09.13 17:18:18 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.09.13 17:18:18 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.09.13 17:11:55 | 000,729,428 | ---- | C] () -- C:\Users\DANBOSS\Bewerbung.pdf
[2012.09.13 16:56:35 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.09.12 18:33:42 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2012.09.12 18:29:03 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012.09.09 15:09:38 | 000,000,935 | ---- | C] () -- C:\Users\DANBOSS\Desktop\TeamSpeak 3 Client.lnk
[2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.08.09 21:01:34 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.09 21:01:33 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.08.09 21:01:33 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.08 19:32:46 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012.08.08 19:32:46 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2012.08.08 19:05:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012.08.08 19:05:16 | 000,097,700 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012.08.08 19:05:12 | 000,004,969 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012.08.08 19:05:12 | 000,000,933 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012.08.06 14:10:53 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.08.06 14:10:51 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.08.06 14:10:51 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.08.06 14:10:50 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.08.06 13:45:22 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


Malewarebytes

Zitat:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DANBOSS :: DANBOSS-PC [limitiert]

29.09.2012 23:18:06
adware.txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 238693
Laufzeit: 8 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\DANBOSS\Downloads\3DMark 11 1.0.1.exe (Adware.Solimba.Lame)(hab ich leider schon gelöscht,war son grüner Käfer als Adware gekennzeichnet!) -> Keine Aktion durchgeführt.

(Ende)
Ich hoffe ich habe alles richtig gemacht,wenns euch noch intressiert ,hab grad noch ne ungewöhnliche Mail bekommen:

Greetings!

It has come to our attention that you are trying to sell your personal Diablo III account(s).
As you may not be aware of, this conflicts with the EULA and Terms of Agreement.
If this proves to be true, your account can and will be disabled.
It will be ongoing for further investigation by Blizzard Entertainment's employees.
If you wish to not get your account suspended you should immediately verify your account ownership.

You can confirm that you are the original owner of the account to this secure website with:
https://us.battle.net/login/en/?ref=http%3A%2F%2Fus.battle.net%2Fd3%2Fen%2Findex&app=com-d3[]Battle.net Account Login

Login to your account, In accordance following template to verify your account.

* First and Surname
* Secret Question and Answer
Show * Please enter the correct information

If you ignore this mail your account can and will be closed permanently.
Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Regards,

Account Administration Team
Blizzard Entertainment
hxxp://www.blizzard.com/support/[hxxp://www.blizzard.com/support/]
Diablo III , Blizzard Entertainment 2012

Dabei habe ich keinerlei Diablo Account!
Ich hoffe es ist nicht ganz so schlimm!

Danke schonmal im voraus!

Ich wuerde mich um eure Hilfe wirklich freuen!

Ist ziemlich starker Andrang auf dem Board,ich setz mal den Thread hoch!

Alt 01.10.2012, 08:04   #2
schrauber
/// the machine
/// TB-Ausbilder
 

PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



Hi,

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________

__________________

Alt 02.10.2012, 21:42   #3
DANBOSS
 
PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



So dann geb ich dir mal die Text Datei !

Zitat:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 21:23:55
-----------------------------
21:23:55.385 OS Version: Windows x64 6.1.7601 Service Pack 1
21:23:55.385 Number of processors: 8 586 0x3A09
21:23:55.385 ComputerName: DANBOSS-PC UserName: DANBOSS
21:23:58.524 Initialize success
21:24:30.884 AVAST engine defs: 12100200
21:24:39.759 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:24:39.760 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 11
21:24:39.770 Disk 0 MBR read successfully
21:24:39.770 Disk 0 MBR scan
21:24:39.818 Disk 0 Windows 7 default MBR code
21:24:39.825 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:24:39.834 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
21:24:39.854 Disk 0 scanning C:\Windows\system32\drivers
21:24:52.792 Service scanning
21:25:14.677 Modules scanning
21:25:14.684 Disk 0 trace - called modules:
21:25:14.698 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll asahci64.sys
21:25:14.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800db4b790]
21:25:14.708 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d93b340]
21:25:21.547 AVAST engine scan C:\Windows
21:25:23.653 AVAST engine scan C:\Windows\system32
21:29:04.457 AVAST engine scan C:\Windows\system32\drivers
21:29:38.296 AVAST engine scan C:\Users\DANBOSS
21:35:16.794 AVAST engine scan C:\ProgramData
21:35:44.332 Scan finished successfully
21:39:32.056 Disk 0 MBR has been saved successfully to "C:\Users\DANBOSS\Desktop\MBR.dat"
21:39:32.059 The log file has been saved successfully to "C:\Users\DANBOSS\Desktop\aswMBR.txt"


Gruss
__________________

Alt 02.10.2012, 21:43   #4
schrauber
/// the machine
/// TB-Ausbilder
 

PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



Bitte nutze codetags

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.10.2012, 22:00   #5
DANBOSS
 
PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



So hab nachm Scan und Neustart wieder Virenscanner an,is ja in Ordnung so ,oder?

So und nun zum Scan:

Code:
ATTFilter
ComboFix 12-10-02.02 - DANBOSS 02.10.2012  21:48:12.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.16278.13081 [GMT 2:00]
ausgeführt von:: c:\users\DANBOSS\Downloads\ComboFix.exe
AV: G Data AntiVirus 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data AntiVirus 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Public\sdelevURL.tmp
c:\windows\SysWow64\tmpD7E7.tmp
c:\windows\SysWow64\tmpD7E8.tmp
c:\windows\SysWow64\tmpEFE.tmp
c:\windows\SysWow64\tmpEFF.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-02 bis 2012-10-02  ))))))))))))))))))))))))))))))
.
.
2012-10-02 19:51 . 2012-10-02 19:51	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-10-02 19:51 . 2012-10-02 19:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-02 19:51 . 2012-10-02 19:51	--------	d-----w-	c:\users\User\AppData\Local\temp
2012-10-02 19:26 . 2012-09-18 22:58	9308616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2BCC21B-A434-4FAC-B93D-02C8FECB5655}\mpengine.dll
2012-09-29 17:24 . 2012-10-02 19:21	94656	----a-w-	c:\windows\system32\WPRO_41_2001woem.tmp
2012-09-28 07:00 . 2012-10-02 19:26	813153	----a-w-	c:\windows\SysWow64\sig.bin
2012-09-27 13:28 . 2012-09-27 13:28	--------	d-----w-	c:\program files (x86)\COMPUTERBILD-Abzockschutz
2012-09-27 12:52 . 2012-09-27 12:52	16504	----a-w-	c:\windows\system32\drivers\GdPhyMem.sys
2012-09-27 12:52 . 2012-09-27 12:52	106648	----a-w-	c:\windows\system32\drivers\GRD.sys
2012-09-27 12:43 . 2012-05-29 07:24	10792	----a-w-	c:\windows\SysWow64\GdScrSv.de.dll
2012-09-27 12:39 . 2012-09-27 12:43	60320	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2012-09-27 12:38 . 2012-08-10 03:21	51224	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}\Components\BanksafeXPCOM.dll
2012-09-27 12:38 . 2012-09-27 12:43	126880	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2012-09-27 12:38 . 2012-09-27 12:38	64376	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2012-09-27 12:38 . 2012-09-27 12:43	54176	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2012-09-27 12:38 . 2012-09-27 12:43	64416	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2012-09-27 12:38 . 2012-09-27 12:48	--------	d-----w-	c:\programdata\G DATA
2012-09-27 12:38 . 2012-09-27 12:43	--------	d-----w-	c:\program files (x86)\Common Files\G Data
2012-09-27 12:38 . 2012-09-27 12:38	--------	d-----w-	c:\program files (x86)\G Data
2012-09-27 12:37 . 2012-09-27 12:37	--------	d-----w-	c:\users\DANBOSS\AppData\Local\Downloaded Installations
2012-09-26 20:55 . 2012-09-26 20:56	--------	d-----w-	c:\program files (x86)\MSI Afterburner
2012-09-26 06:35 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-23 17:15 . 2012-09-23 17:15	--------	d-----w-	c:\programdata\Microsoft Help
2012-09-23 17:15 . 2012-09-23 17:15	--------	d-----w-	c:\users\DANBOSS\AppData\Local\Microsoft Help
2012-09-22 15:32 . 2012-09-22 15:32	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2012-09-18 15:36 . 2012-09-18 15:36	--------	d-----w-	c:\users\DANBOSS\zdenki
2012-09-16 13:20 . 2012-09-16 13:20	--------	d-----w-	c:\programdata\Codemasters
2012-09-14 22:34 . 2012-09-14 22:34	--------	d-----w-	c:\users\DANBOSS\AppData\Roaming\MotioninJoy
2012-09-14 22:34 . 2012-09-14 22:34	--------	d-----w-	c:\program files\MotioninJoy
2012-09-14 22:34 . 2010-05-03 14:12	328712	----a-w-	c:\windows\system32\MijFrc.dll
2012-09-14 19:51 . 2012-09-14 19:51	--------	d-sh--w-	c:\programdata\DSS
2012-09-13 15:18 . 2012-09-13 15:18	--------	d-----w-	c:\users\DANBOSS\AppData\Local\PDF24
2012-09-13 15:18 . 2012-09-13 15:18	--------	d-----w-	c:\program files (x86)\PDF24
2012-09-13 15:07 . 2012-09-13 15:15	--------	d-----w-	c:\users\DANBOSS\AppData\Roaming\pdfforge
2012-09-13 15:07 . 2012-09-13 15:15	--------	d-----w-	c:\program files (x86)\PDFCreator
2012-09-13 15:07 . 2012-05-05 09:54	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2012-09-13 15:07 . 1998-07-06 16:56	125712	----a-w-	c:\windows\SysWow64\VB6DE.DLL
2012-09-13 14:56 . 2012-09-13 14:56	--------	d-----w-	c:\program files (x86)\epson
2012-09-13 14:56 . 2007-03-26 22:00	101376	----a-w-	c:\windows\system32\esxcwiad.dll
2012-09-12 16:34 . 2012-09-12 16:34	--------	d-----w-	c:\programdata\LightScribe
2012-09-12 16:34 . 2012-09-12 16:34	--------	d-----w-	c:\users\DANBOSS\AppData\Roaming\Nero
2012-09-12 16:33 . 2012-09-12 16:33	--------	d-----w-	c:\program files (x86)\Common Files\Nero
2012-09-12 16:33 . 2012-09-12 16:34	--------	d-----w-	c:\program files (x86)\Nero
2012-09-12 16:33 . 2012-09-12 16:34	--------	d-----w-	c:\programdata\Nero
2012-09-12 16:29 . 2012-09-12 16:29	--------	d-----w-	c:\program files (x86)\Common Files\LightScribe
2012-09-12 14:29 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 14:29 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:29 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:29 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 14:29 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 14:29 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-12 14:29 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-10 06:55 . 2012-09-10 06:55	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-09 13:09 . 2012-09-09 16:13	--------	d-----w-	c:\users\DANBOSS\AppData\Roaming\TS3Client
2012-09-09 13:08 . 2012-09-09 13:09	--------	d-----w-	c:\program files\TeamSpeak 3 Client
2012-09-09 11:27 . 2012-09-09 11:27	--------	d-----w-	c:\users\DANBOSS\AppData\Roaming\Amazon
2012-09-09 11:27 . 2012-09-09 11:27	--------	d-----w-	c:\program files (x86)\Amazon
2012-09-09 09:22 . 2012-09-09 09:22	--------	d-----w-	c:\programdata\Tarma Installer
2012-09-05 15:19 . 2012-09-05 15:20	--------	d-----w-	c:\program files\Microsoft IntelliType Pro
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-02 19:21 . 2012-08-06 12:44	34752	----a-w-	c:\windows\system32\drivers\WPRO_41_2001.sys
2012-09-30 13:20 . 2012-08-09 19:01	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-09-30 13:20 . 2012-08-09 18:50	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-09-30 13:19 . 2012-08-09 18:25	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-09-27 18:33 . 2012-08-08 16:43	73136	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-27 18:33 . 2012-08-08 16:43	696240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-26 15:30 . 2012-08-09 19:01	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-09-12 16:57 . 2012-08-17 17:32	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-07 15:04 . 2012-09-02 08:09	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-01 07:33 . 2012-09-01 07:33	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 07:33 . 2012-08-11 00:00	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-01 07:33 . 2012-08-11 00:00	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-30 19:14 . 2012-08-07 07:03	971624	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-08-30 19:14 . 2012-08-07 07:03	14879080	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2012-08-07 07:03	12465512	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 19:14 . 2012-08-07 07:03	2725224	----a-w-	c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2012-08-07 07:03	2422120	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-08-30 19:14 . 2012-08-07 07:03	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2012-08-07 07:03	15291752	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-08-30 16:18 . 2012-08-07 07:04	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2012-08-07 07:04	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2012-08-07 07:04	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-08-30 16:18 . 2012-08-07 07:04	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-08-07 07:04	3487434	----a-w-	c:\windows\system32\nvcoproc.bin
2012-08-30 16:18 . 2012-08-07 07:04	3266920	----a-w-	c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2012-08-07 07:04	6198120	----a-w-	c:\windows\system32\nvcpl.dll
2012-08-30 08:40 . 2012-08-30 08:40	429416	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-08-25 12:31 . 2012-08-25 12:31	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-14 19:26 . 2012-08-14 19:26	29184	----a-r-	c:\users\DANBOSS\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2012-08-14 07:11 . 2012-08-14 07:11	71680	----a-w-	c:\windows\system32\frapsv64.dll
2012-08-14 07:11 . 2012-08-14 07:11	65536	----a-w-	c:\windows\SysWow64\frapsvid.dll
2012-08-09 21:36 . 2012-08-09 21:36	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-08-09 21:36 . 2012-08-09 21:36	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-08-09 21:36 . 2012-08-09 21:36	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-08-09 21:36 . 2012-08-09 21:36	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-08-09 21:36 . 2012-08-09 21:36	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-08-09 21:36 . 2012-08-09 21:36	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-08-09 21:36 . 2012-08-09 21:36	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-08-09 21:36 . 2012-08-09 21:36	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-08-09 21:36 . 2012-08-09 21:36	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-08-09 21:36 . 2012-08-09 21:36	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-08-09 21:36 . 2012-08-09 21:36	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-08-09 21:36 . 2012-08-09 21:36	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-08-09 21:36 . 2012-08-09 21:36	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-08-09 21:36 . 2012-08-09 21:36	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-08-09 21:36 . 2012-08-09 21:36	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-08-09 21:36 . 2012-08-09 21:36	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-08-09 21:36 . 2012-08-09 21:36	82432	----a-w-	c:\windows\system32\icardie.dll
2012-08-09 21:36 . 2012-08-09 21:36	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-08-09 21:36 . 2012-08-09 21:36	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-08-09 21:36 . 2012-08-09 21:36	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-08-09 21:36 . 2012-08-09 21:36	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-08-09 21:36 . 2012-08-09 21:36	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-08-09 21:36 . 2012-08-09 21:36	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-08-09 21:36 . 2012-08-09 21:36	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-08-09 21:36 . 2012-08-09 21:36	448512	----a-w-	c:\windows\system32\html.iec
2012-08-09 21:36 . 2012-08-09 21:36	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-08-09 21:36 . 2012-08-09 21:36	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-08-09 21:36 . 2012-08-09 21:36	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-08-09 21:36 . 2012-08-09 21:36	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-08-09 21:36 . 2012-08-09 21:36	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-08-09 21:36 . 2012-08-09 21:36	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-08-09 21:36 . 2012-08-09 21:36	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-08-09 21:36 . 2012-08-09 21:36	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-08-09 21:36 . 2012-08-09 21:36	222208	----a-w-	c:\windows\system32\msls31.dll
2012-08-09 21:36 . 2012-08-09 21:36	197120	----a-w-	c:\windows\system32\msrating.dll
2012-08-09 21:36 . 2012-08-09 21:36	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-08-09 21:36 . 2012-08-09 21:36	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-08-09 21:36 . 2012-08-09 21:36	160256	----a-w-	c:\windows\system32\wextract.exe
2012-08-09 21:36 . 2012-08-09 21:36	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-08-09 21:36 . 2012-08-09 21:36	149504	----a-w-	c:\windows\system32\occache.dll
2012-08-09 21:36 . 2012-08-09 21:36	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-08-09 21:36 . 2012-08-09 21:36	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-08-09 21:36 . 2012-08-09 21:36	12288	----a-w-	c:\windows\system32\mshta.exe
2012-08-09 21:36 . 2012-08-09 21:36	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-08-09 21:36 . 2012-08-09 21:36	114176	----a-w-	c:\windows\system32\admparse.dll
2012-08-09 21:36 . 2012-08-09 21:36	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-08-09 21:36 . 2012-08-09 21:36	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-08-09 21:36 . 2012-08-09 21:36	103936	----a-w-	c:\windows\system32\inseng.dll
2012-08-09 21:36 . 2012-08-09 21:36	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-08-09 18:59 . 2012-08-09 19:01	840264	----a-w-	c:\windows\SysWow64\pbsvc.exe
2012-08-08 17:32 . 2012-08-08 17:05	419840	----a-w-	c:\windows\system32\wrap_oal.dll
2012-08-08 17:32 . 2012-08-08 17:05	413696	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-08-08 17:32 . 2012-08-08 17:05	111616	----a-w-	c:\windows\system32\OpenAL32.dll
2012-08-08 17:32 . 2012-08-08 17:05	102400	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-08-06 12:14 . 2010-06-24 09:33	19720	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-18 18:15 . 2012-08-15 14:19	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 14:19	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 14:19	59392	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 14:19	136704	----a-w-	c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 14:19	41984	----a-w-	c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-18 1193176]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-08 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-09-06 162408]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe" [2012-09-17 995352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-07 121344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ALSysIO;ALSysIO;c:\users\DANBOSS\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-22 276248]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-09-27 60320]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys [2011-09-21 49760]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-09-27 54176]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys [2012-01-26 16152]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-25 283200]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-09-27 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-09-27 64416]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-09-27 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-09-27 64376]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2012-10-02 34752]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-02 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2012-10-01 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-22 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-22 439064]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=hp&babsrc=lnkry_nt
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\DANBOSS\AppData\Roaming\Mozilla\Firefox\Profiles\u2hxakkn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://bild.de
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-02  21:53:10
ComboFix-quarantined-files.txt  2012-10-02 19:53
.
Vor Suchlauf: 12 Verzeichnis(se), 679.871.258.624 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 680.673.333.248 Bytes frei
.
- - End Of File - - C14B2B558D55DFAEDF964603F13730BA
         


Alt 03.10.2012, 07:26   #6
schrauber
/// the machine
/// TB-Ausbilder
 

PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



Hi,

Hast Du alle Passwörter von einem andern System aus geändert?

Der Betrag wurde warhaftig abgebucht?



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> PayPal Konto gehackt!

Alt 03.10.2012, 11:33   #7
DANBOSS
 
PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



Hi,

erstmals vielen vielen Dank,für deine bisherige Hilfe,bin echt beeindruckt wie ihr hier eure kostbare Freizeit spendet.

Zitat:
Hast Du alle Passwörter von einem andern System aus geändert?

Der Betrag wurde warhaftig abgebucht?
Ich hab bis jetzt nur mein PayPal Passwort geändert,aber leider nicht von einem anderen System,die Möglichkeit hab ich nicht.

Also wie gesagt,PayPal hat mir den Betrag bis jetzt aufn PayPal Konto vorerst gutgeschrieben,aber der Händler hat schon die Lastschrift abbgebucht.Habe aber gestern gleich wieder widersprochen und mir den Betrag gutschreiben lassen,bin gespannt was da raus kommt,evt. muss ich doch noch zur Polizei und Anzeige erstatten!

Und noch ne Frage kann bis dato schon was erkennen?

So nun zum Scan:

Code:
ATTFilter
C:\Users\DANBOSS\Downloads\WinZip165International.exe	a variant of Win32/OpenInstall application
         

Alt 03.10.2012, 16:19   #8
schrauber
/// the machine
/// TB-Ausbilder
 

PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



Nur en bissl Einträge die gelöscht wurden. Meistens werden solche Konten online gehackt, also ohne Mitwirkung deines Rechners.

Poste bitte noch ein frisches OTL logfile. SOnst irgendwelche Auffälligkeiten mit dem System?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.10.2012, 17:40   #9
DANBOSS
 
PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



Bis jetzt läuft alles wie Buttercreme!

Keine Auffälligkeiten,wir haben ja die ganzen Scans durchgeführt,aber keinerlei "Fixes" gemacht,was ist mit dieser "Win32/OpenInstall application" ?

OTL:

Code:
ATTFilter
OTL logfile created on: 03.10.2012 17:32:58 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\DANBOSS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,90 Gb Total Physical Memory | 12,42 Gb Available Physical Memory | 78,15% Memory free
31,79 Gb Paging File | 27,89 Gb Available in Paging File | 87,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 625,94 Gb Free Space | 67,20% Space Free | Partition Type: NTFS
Drive F: | 7,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DANBOSS-PC | User Name: DANBOSS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Users\DANBOSS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Program Files (x86)\G Data\AntiVirus\GUI\GDSC.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\ManyCam\bin\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Users\DANBOSS\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe (CMedia)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5DF1.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5DCF.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5D9F.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5D6E.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5D4D.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5D2B.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5D0A.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5CE9.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5CD7.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5CA7.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5C95.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5E67.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5E46.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5E34.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5E22.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5C74.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5C53.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5C31.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5C10.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5BDF.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5BBE.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5A36.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5A03.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM59D2.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM58A7.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5886.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5930.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5991.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5960.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM591E.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM58DA.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM58FD.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM58EB.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM58B8.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\YTMP7MC8AA\TAA5A04.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5843.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5832.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5830.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM580C.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM57FB.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM57E9.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5784.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM57D8.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM580E.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM5855.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM57A5.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM57B6.tmp ()
MOD - C:\Program Files (x86)\ManyCam\bin\CrashRpt.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\ASUS Xonar DX Audio\Customapp\VmixP8.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\ManyCam\bin\opencv_objdetect220.dll ()
MOD - C:\Program Files (x86)\ManyCam\bin\opencv_highgui220.dll ()
MOD - C:\Program Files (x86)\ManyCam\bin\opencv_video220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\SysWOW64\HsMgr.exe ()
MOD - C:\Programme\ASUS Xonar DX Audio\Customapp\CmDevice.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (ISCTAgent) -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys ()
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
DRV:64bit: - (imsevent) -- C:\Windows\SysNative\drivers\imsevent.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys ()
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=hp&babsrc=lnkry_nt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 D6 EC 4E 40 77 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{58EAF69B-8A2A-4ECE-8F15-B3D0A6E9B14B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=927c6cf1-e545-43eb-b737-69b9ce829e34&apn_sauid=0D5A5297-E598-4F48-9500-10DED05DBD9A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://bild.de"
FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.43
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 08:55:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 17:35:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 08:55:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 17:35:34 | 000,000,000 | ---D | M]
 
[2012.08.08 18:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\Extensions
[2012.10.03 12:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\Firefox\Profiles\u2hxakkn.default\extensions
[2012.10.03 12:24:47 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\Firefox\Profiles\u2hxakkn.default\extensions\toolbar@ask.com
[2012.08.08 22:04:41 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\firefox\profiles\u2hxakkn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.29 08:46:27 | 000,395,927 | ---- | M] () (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\firefox\profiles\u2hxakkn.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2012.08.25 15:55:22 | 000,002,474 | ---- | M] () -- C:\Users\DANBOSS\AppData\Roaming\mozilla\firefox\profiles\u2hxakkn.default\searchplugins\Web Search.xml
[2012.09.27 14:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.27 14:43:22 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.09.10 08:55:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 08:55:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.10.02 21:51:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7683B693-F508-44F5-A025-9D346F715662}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.21 06:03:37 | 000,000,084 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.03 12:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.10.03 12:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.10.03 12:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2012.10.03 12:24:09 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\ManyCam
[2012.10.03 12:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2012.10.03 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\ManyCam
[2012.10.03 12:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.10.03 12:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2012.10.03 10:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.02 21:47:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.02 21:47:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.02 21:47:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.02 21:47:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.02 21:47:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.27 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
[2012.09.27 14:52:46 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.09.27 14:52:44 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.09.27 14:43:22 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
[2012.09.27 14:39:12 | 000,060,320 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.27 14:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data AntiVirus 2013
[2012.09.27 14:38:46 | 000,126,880 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.27 14:38:46 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.09.27 14:38:45 | 000,054,176 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.09.27 14:38:44 | 000,064,416 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.09.27 14:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012.09.27 14:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2012.09.27 14:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2012.09.27 14:37:43 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\Downloaded Installations
[2012.09.27 14:35:25 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Desktop\G Data AntiVirus 2013
[2012.09.26 23:17:49 | 000,000,000 | ---D | C] -- C:\temp
[2012.09.26 22:55:56 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012.09.26 22:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2012.09.23 19:15:04 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\Microsoft Help
[2012.09.23 19:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.09.22 17:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.09.18 17:36:42 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\zdenki
[2012.09.16 15:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012.09.15 00:34:00 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\MotioninJoy
[2012.09.15 00:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2012.09.15 00:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2012.09.14 21:51:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2012.09.14 21:51:31 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Documents\FIFA 13
[2012.09.14 21:50:59 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Documents\FIFA 13 Demo
[2012.09.13 17:18:31 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\PDF24
[2012.09.13 17:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.09.13 17:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012.09.13 17:07:28 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\pdfforge
[2012.09.13 17:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.09.13 16:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012.09.13 16:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012.09.12 18:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2012.09.12 18:34:40 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\Nero
[2012.09.12 18:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.09.12 18:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012.09.12 18:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012.09.12 18:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.09.12 18:29:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.09.12 18:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012.09.09 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\TS3Client
[2012.09.09 15:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.09.09 15:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012.09.09 13:27:47 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Documents\Amazon MP3
[2012.09.09 13:27:47 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\Amazon
[2012.09.09 13:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012.09.09 13:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012.09.09 11:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.09.05 17:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur
[2012.09.05 17:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.03 16:49:26 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.10.03 16:49:26 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.03 16:49:18 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.10.03 13:33:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012.10.03 13:23:09 | 000,813,996 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.10.03 13:23:09 | 000,044,592 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.10.03 12:24:20 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012.10.03 10:27:34 | 000,021,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.03 10:27:34 | 000,021,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.03 10:24:34 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.03 10:24:34 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.03 10:24:34 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.03 10:24:34 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.03 10:24:34 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.03 10:20:31 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012.10.03 10:19:57 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2012.10.03 10:19:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.03 10:19:46 | 4211,617,790 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.02 21:51:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.02 21:39:32 | 000,000,512 | ---- | M] () -- C:\Users\DANBOSS\MBR.dat
[2012.09.29 23:14:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.27 21:54:30 | 000,007,597 | ---- | M] () -- C:\Users\DANBOSS\AppData\Local\Resmon.ResmonCfg
[2012.09.27 19:58:41 | 000,000,221 | ---- | M] () -- C:\Users\DANBOSS\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2012.09.27 14:52:46 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.09.27 14:52:44 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.09.27 14:43:24 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.27 14:43:22 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.27 14:43:22 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.09.27 14:43:22 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.09.27 14:38:46 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.09.27 14:38:39 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\G Data AntiVirus.lnk
[2012.09.26 22:59:51 | 000,001,090 | ---- | M] () -- C:\Users\DANBOSS\Desktop\MSI Afterburner.lnk
[2012.09.26 17:30:04 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.22 16:44:58 | 000,000,221 | ---- | M] () -- C:\Users\DANBOSS\Desktop\Borderlands 2.url
[2012.09.13 17:21:43 | 003,043,019 | ---- | M] () -- C:\Users\DANBOSS\Bewerbungen.pdf
[2012.09.13 17:18:18 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.09.13 17:18:18 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.09.13 17:11:56 | 000,729,428 | ---- | M] () -- C:\Users\DANBOSS\Bewerbung.pdf
[2012.09.13 16:56:35 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.09.12 18:33:42 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2012.09.12 18:29:03 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012.09.09 15:09:38 | 000,000,935 | ---- | M] () -- C:\Users\DANBOSS\Desktop\TeamSpeak 3 Client.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.06 11:37:00 | 000,277,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.03 12:24:20 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012.10.02 21:47:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.02 21:47:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.02 21:47:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.02 21:47:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.02 21:47:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.02 21:39:32 | 000,000,512 | ---- | C] () -- C:\Users\DANBOSS\MBR.dat
[2012.09.29 23:14:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.28 09:00:20 | 000,813,996 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.09.28 09:00:20 | 000,044,592 | ---- | C] () -- C:\Windows\SysWow64\nmp.map
[2012.09.27 21:54:30 | 000,007,597 | ---- | C] () -- C:\Users\DANBOSS\AppData\Local\Resmon.ResmonCfg
[2012.09.27 19:58:41 | 000,000,221 | ---- | C] () -- C:\Users\DANBOSS\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2012.09.27 14:38:39 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\G Data AntiVirus.lnk
[2012.09.26 22:55:56 | 000,001,090 | ---- | C] () -- C:\Users\DANBOSS\Desktop\MSI Afterburner.lnk
[2012.09.22 16:44:58 | 000,000,221 | ---- | C] () -- C:\Users\DANBOSS\Desktop\Borderlands 2.url
[2012.09.13 17:21:40 | 003,043,019 | ---- | C] () -- C:\Users\DANBOSS\Bewerbungen.pdf
[2012.09.13 17:18:18 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.09.13 17:18:18 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.09.13 17:11:55 | 000,729,428 | ---- | C] () -- C:\Users\DANBOSS\Bewerbung.pdf
[2012.09.13 16:56:35 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.09.12 18:33:42 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2012.09.12 18:29:03 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012.09.09 15:09:38 | 000,000,935 | ---- | C] () -- C:\Users\DANBOSS\Desktop\TeamSpeak 3 Client.lnk
[2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.08.09 21:01:34 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.09 21:01:33 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.08.09 21:01:33 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.08 19:32:46 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012.08.08 19:32:46 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2012.08.08 19:05:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012.08.08 19:05:16 | 000,097,700 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012.08.08 19:05:12 | 000,004,969 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012.08.08 19:05:12 | 000,000,933 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012.08.06 14:10:53 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.08.06 14:10:51 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.08.06 14:10:51 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.08.06 14:10:50 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.08.06 13:45:22 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.09 13:27:47 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Amazon
[2012.08.08 19:32:53 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\ASUS
[2012.08.25 14:33:02 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\DAEMON Tools Lite
[2012.08.25 10:49:22 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Fanda Games
[2012.10.03 12:24:31 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\ManyCam
[2012.09.15 00:34:00 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\MotioninJoy
[2012.08.19 03:20:38 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Need for Speed World
[2012.08.25 14:31:31 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\OpenCandy
[2012.08.09 07:39:13 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Origin
[2012.09.13 17:15:31 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\pdfforge
[2012.09.25 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\SoftGrid Client
[2012.10.03 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Spotify
[2012.08.08 22:24:27 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\TP
[2012.09.09 18:13:45 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 03.10.2012, 19:26   #10
schrauber
/// the machine
/// TB-Ausbilder
 

PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



Zitat:
Keine Auffälligkeiten,wir haben ja die ganzen Scans durchgeführt,aber keinerlei "Fixes" gemacht
Da lügt er mich einfach an . Combofix hat schon was entfernt

Zitat:
was ist mit dieser "Win32/OpenInstall application" ?
Kannste löschen.

Aber fertig sind wir noch nicht.



Fixen mit OTL[list][*] Starte die OTL.exe.[*]Vista und Windows 7 User: Rechtsklick auf die OTL.exe
Code:
ATTFilter
:Commands
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.




Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.




  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Frisches OTL log bitte
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.10.2012, 17:06   #11
DANBOSS
 
PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



So der Staubsauger war gut am saugen:

OTL:
Code:
ATTFilter
All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: DANBOSS
->Temp folder emptied: 31682434 bytes
->Temporary Internet Files folder emptied: 69059843 bytes
->Java cache emptied: 5272631 bytes
->FireFox cache emptied: 65744121 bytes
->Flash cache emptied: 1887 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 94656 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1678 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36099223 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 198,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10042012_164826

Files\Folders moved on Reboot...
C:\Users\DANBOSS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
AdWareCleaner(R1) :
Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 10/04/2012 um 16:53:36 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : DANBOSS - DANBOSS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\DANBOSS\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\DANBOSS\AppData\Roaming\Mozilla\Firefox\Profiles\u2hxakkn.default\searchplugins\Web Search.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\DANBOSS\AppData\Local\Wajam
Ordner Gefunden : C:\Users\DANBOSS\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\DANBOSS\AppData\Roaming\Mozilla\Firefox\Profiles\u2hxakkn.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Users\DANBOSS\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\DANBOSS\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\S-1-5-21-2704506077-2312752873-3246057193-1004\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=hp&babsrc=lnkry_nt
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\DANBOSS\AppData\Roaming\Mozilla\Firefox\Profiles\u2hxakkn.default\prefs.js

Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&u[...]

*************************

AdwCleaner[R1].txt - [6116 octets] - [04/10/2012 16:53:36]

########## EOF - C:\AdwCleaner[R1].txt - [6176 octets] ##########
         
AdWareCleaner(S1):
Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 10/04/2012 um 16:55:06 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : DANBOSS - DANBOSS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\DANBOSS\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\DANBOSS\AppData\Roaming\Mozilla\Firefox\Profiles\u2hxakkn.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\DANBOSS\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\DANBOSS\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\DANBOSS\AppData\Roaming\Mozilla\Firefox\Profiles\u2hxakkn.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Users\DANBOSS\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\DANBOSS\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-2704506077-2312752873-3246057193-1003\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=hp&babsrc=lnkry_nt --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f8986b86-2f8a-4860-a0a3-cd43b93a3f09&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\DANBOSS\AppData\Roaming\Mozilla\Firefox\Profiles\u2hxakkn.default\prefs.js

Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&u[...]

*************************

AdwCleaner[R1].txt - [6231 octets] - [04/10/2012 16:53:36]
AdwCleaner[S1].txt - [6871 octets] - [04/10/2012 16:55:06]

########## EOF - C:\AdwCleaner[S1].txt - [6931 octets] ##########
         
OTL(letzterScan):
Code:
ATTFilter
OTL logfile created on: 04.10.2012 16:58:32 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\DANBOSS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,90 Gb Total Physical Memory | 13,75 Gb Available Physical Memory | 86,52% Memory free
31,79 Gb Paging File | 29,42 Gb Available in Paging File | 92,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 626,08 Gb Free Space | 67,22% Space Free | Partition Type: NTFS
Drive F: | 7,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DANBOSS-PC | User Name: DANBOSS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\DANBOSS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe (CMedia)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\DANBOSS\AppData\Local\Temp\YTMP7MC8AA\TAA9595.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9264.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9243.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9231.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9210.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM91EF.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM91DD.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM91CC.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM91BA.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9199.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9187.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9166.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9154.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9143.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9131.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9110.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM90EF.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM90DD.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM90CC.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM90AA.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9088.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM929C.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM929A.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9288.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9286.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9063.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9077.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9075.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9051.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F2F.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F2D.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F19.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F07.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EF6.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EE2.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EE0.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8ECF.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EA7.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8ECD.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F42.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F65.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EF4.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F1B.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EB9.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EBB.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F54.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F40.tmp ()
MOD - C:\Program Files (x86)\ManyCam\Bin\CrashRpt.dll ()
MOD - C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\ASUS Xonar DX Audio\Customapp\VmixP8.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_objdetect220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_highgui220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_video220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\SysWOW64\HsMgr.exe ()
MOD - C:\Programme\ASUS Xonar DX Audio\Customapp\CmDevice.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (ISCTAgent) -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys ()
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
DRV:64bit: - (imsevent) -- C:\Windows\SysNative\drivers\imsevent.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys ()
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 D6 EC 4E 40 77 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{58EAF69B-8A2A-4ECE-8F15-B3D0A6E9B14B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=927c6cf1-e545-43eb-b737-69b9ce829e34&apn_sauid=0D5A5297-E598-4F48-9500-10DED05DBD9A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://bild.de"
FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.43
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 08:55:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 17:35:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 08:55:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 17:35:34 | 000,000,000 | ---D | M]
 
[2012.08.08 18:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\Extensions
[2012.10.04 16:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\Firefox\Profiles\u2hxakkn.default\extensions
[2012.08.08 22:04:41 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\firefox\profiles\u2hxakkn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.29 08:46:27 | 000,395,927 | ---- | M] () (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\firefox\profiles\u2hxakkn.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2012.09.27 14:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.27 14:43:22 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.09.10 08:55:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 08:55:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.10.02 21:51:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7683B693-F508-44F5-A025-9D346F715662}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.21 06:03:37 | 000,000,084 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.04 16:48:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.03 17:51:43 | 000,000,000 | ---D | C] -- C:\Windows\DISHONOR Libs
[2012.10.03 17:51:27 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\iScreensaver
[2012.10.03 12:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2012.10.03 12:24:09 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\ManyCam
[2012.10.03 12:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2012.10.03 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\ManyCam
[2012.10.03 12:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.10.03 12:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2012.10.03 10:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.02 21:47:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.02 21:47:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.02 21:47:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.02 21:47:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.02 21:47:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.27 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
[2012.09.27 14:52:46 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.09.27 14:52:44 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.09.27 14:43:22 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
[2012.09.27 14:39:12 | 000,060,320 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.27 14:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data AntiVirus 2013
[2012.09.27 14:38:46 | 000,126,880 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.27 14:38:46 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.09.27 14:38:45 | 000,054,176 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.09.27 14:38:44 | 000,064,416 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.09.27 14:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012.09.27 14:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2012.09.27 14:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2012.09.27 14:37:43 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\Downloaded Installations
[2012.09.27 14:35:25 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Desktop\G Data AntiVirus 2013
[2012.09.26 23:17:49 | 000,000,000 | ---D | C] -- C:\temp
[2012.09.26 22:55:56 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012.09.26 22:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2012.09.23 19:15:04 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\Microsoft Help
[2012.09.23 19:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.09.22 17:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.09.18 17:36:42 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\zdenki
[2012.09.16 15:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012.09.15 00:34:00 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\MotioninJoy
[2012.09.15 00:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2012.09.15 00:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2012.09.14 21:51:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2012.09.14 21:51:31 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Documents\FIFA 13
[2012.09.14 21:50:59 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Documents\FIFA 13 Demo
[2012.09.13 17:18:31 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\PDF24
[2012.09.13 17:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.09.13 17:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012.09.13 17:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.09.13 16:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012.09.13 16:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012.09.12 18:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2012.09.12 18:34:40 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\Nero
[2012.09.12 18:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.09.12 18:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012.09.12 18:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012.09.12 18:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.09.12 18:29:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.09.12 18:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012.09.09 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\TS3Client
[2012.09.09 15:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.09.09 15:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012.09.09 13:27:47 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Documents\Amazon MP3
[2012.09.09 13:27:47 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\Amazon
[2012.09.09 13:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012.09.09 13:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012.09.05 17:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur
[2012.09.05 17:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.04 16:56:39 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012.10.04 16:56:30 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2012.10.04 16:56:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 16:56:20 | 4211,617,790 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.04 16:55:46 | 000,021,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 16:55:46 | 000,021,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 16:55:15 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.04 16:55:15 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.04 16:55:15 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.04 16:55:15 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.04 16:55:15 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.04 16:23:46 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012.10.03 17:51:44 | 011,870,260 | ---- | M] () -- C:\Windows\DISHONOR.sCr
[2012.10.03 16:49:26 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.10.03 16:49:26 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.03 16:49:18 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.10.03 13:23:09 | 000,813,996 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.10.03 13:23:09 | 000,044,592 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.10.02 21:51:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.02 21:39:32 | 000,000,512 | ---- | M] () -- C:\Users\DANBOSS\MBR.dat
[2012.09.29 23:14:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.27 21:54:30 | 000,007,597 | ---- | M] () -- C:\Users\DANBOSS\AppData\Local\Resmon.ResmonCfg
[2012.09.27 19:58:41 | 000,000,221 | ---- | M] () -- C:\Users\DANBOSS\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2012.09.27 14:52:46 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.09.27 14:52:44 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.09.27 14:43:24 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.27 14:43:22 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.27 14:43:22 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.09.27 14:43:22 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.09.27 14:38:46 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.09.27 14:38:39 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\G Data AntiVirus.lnk
[2012.09.26 22:59:51 | 000,001,090 | ---- | M] () -- C:\Users\DANBOSS\Desktop\MSI Afterburner.lnk
[2012.09.26 17:30:04 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.22 16:44:58 | 000,000,221 | ---- | M] () -- C:\Users\DANBOSS\Desktop\Borderlands 2.url
[2012.09.13 17:21:43 | 003,043,019 | ---- | M] () -- C:\Users\DANBOSS\Bewerbungen.pdf
[2012.09.13 17:18:18 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.09.13 17:18:18 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.09.13 17:11:56 | 000,729,428 | ---- | M] () -- C:\Users\DANBOSS\Bewerbung.pdf
[2012.09.13 16:56:35 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.09.12 18:33:42 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2012.09.12 18:29:03 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012.09.09 15:09:38 | 000,000,935 | ---- | M] () -- C:\Users\DANBOSS\Desktop\TeamSpeak 3 Client.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.06 11:37:00 | 000,277,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.03 17:51:32 | 011,870,260 | ---- | C] () -- C:\Windows\DISHONOR.sCr
[2012.10.02 21:47:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.02 21:47:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.02 21:47:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.02 21:47:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.02 21:47:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.02 21:39:32 | 000,000,512 | ---- | C] () -- C:\Users\DANBOSS\MBR.dat
[2012.09.29 23:14:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.28 09:00:20 | 000,813,996 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.09.28 09:00:20 | 000,044,592 | ---- | C] () -- C:\Windows\SysWow64\nmp.map
[2012.09.27 21:54:30 | 000,007,597 | ---- | C] () -- C:\Users\DANBOSS\AppData\Local\Resmon.ResmonCfg
[2012.09.27 19:58:41 | 000,000,221 | ---- | C] () -- C:\Users\DANBOSS\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2012.09.27 14:38:39 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\G Data AntiVirus.lnk
[2012.09.26 22:55:56 | 000,001,090 | ---- | C] () -- C:\Users\DANBOSS\Desktop\MSI Afterburner.lnk
[2012.09.22 16:44:58 | 000,000,221 | ---- | C] () -- C:\Users\DANBOSS\Desktop\Borderlands 2.url
[2012.09.13 17:21:40 | 003,043,019 | ---- | C] () -- C:\Users\DANBOSS\Bewerbungen.pdf
[2012.09.13 17:18:18 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.09.13 17:18:18 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.09.13 17:11:55 | 000,729,428 | ---- | C] () -- C:\Users\DANBOSS\Bewerbung.pdf
[2012.09.13 16:56:35 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.09.12 18:33:42 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2012.09.12 18:29:03 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012.09.09 15:09:38 | 000,000,935 | ---- | C] () -- C:\Users\DANBOSS\Desktop\TeamSpeak 3 Client.lnk
[2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.08.09 21:01:34 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.09 21:01:33 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.08.09 21:01:33 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.08 19:32:46 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012.08.08 19:32:46 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2012.08.08 19:05:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012.08.08 19:05:16 | 000,097,700 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012.08.08 19:05:12 | 000,004,969 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012.08.08 19:05:12 | 000,000,933 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012.08.06 14:10:53 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.08.06 14:10:51 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.08.06 14:10:51 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.08.06 14:10:50 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.08.06 13:45:22 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.09 13:27:47 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Amazon
[2012.08.08 19:32:53 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\ASUS
[2012.08.25 14:33:02 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\DAEMON Tools Lite
[2012.08.25 10:49:22 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Fanda Games
[2012.10.03 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\iScreensaver
[2012.10.03 12:24:31 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\ManyCam
[2012.09.15 00:34:00 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\MotioninJoy
[2012.08.19 03:20:38 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Need for Speed World
[2012.08.09 07:39:13 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Origin
[2012.09.25 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\SoftGrid Client
[2012.10.03 17:59:36 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Spotify
[2012.08.08 22:24:27 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\TP
[2012.09.09 18:13:45 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 04.10.2012, 17:55   #12
schrauber
/// the machine
/// TB-Ausbilder
 

PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
MOD - C:\Users\DANBOSS\AppData\Local\Temp\YTMP7MC8AA\TAA9595.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9264.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9243.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9231.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9210.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM91EF.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM91DD.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM91CC.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM91BA.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9199.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9187.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9166.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9154.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9143.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9131.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9110.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM90EF.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM90DD.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM90CC.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM90AA.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9088.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM929C.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM929A.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9288.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9286.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9063.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9077.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9075.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM9051.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F2F.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F2D.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F19.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F07.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EF6.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EE2.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EE0.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8ECF.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EA7.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8ECD.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F42.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F65.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EF4.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F1B.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EB9.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8EBB.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F54.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEM8F40.tmp ()
IE - HKCU\..\SearchScopes\{58EAF69B-8A2A-4ECE-8F15-B3D0A6E9B14B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=927c6cf1-e545-43eb-b737-69b9ce829e34&apn_sauid=0D5A5297-E598-4F48-9500-10DED05DBD9A
O4 - HKLM..\Run: []  File not found
:Commands
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.


Und ein frisches OTL log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.10.2012, 17:11   #13
DANBOSS
 
PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{58EAF69B-8A2A-4ECE-8F15-B3D0A6E9B14B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58EAF69B-8A2A-4ECE-8F15-B3D0A6E9B14B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: DANBOSS
->Temp folder emptied: 7936833 bytes
->Temporary Internet Files folder emptied: 35775 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38442160 bytes
->Flash cache emptied: 708 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 94656 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3980 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 44,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10052012_170800

Files\Folders moved on Reboot...
C:\Users\DANBOSS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
OTL-LOG:

Code:
ATTFilter
OTL logfile created on: 05.10.2012 17:12:22 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\DANBOSS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,90 Gb Total Physical Memory | 13,61 Gb Available Physical Memory | 85,59% Memory free
31,79 Gb Paging File | 29,28 Gb Available in Paging File | 92,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 626,05 Gb Free Space | 67,21% Space Free | Partition Type: NTFS
Drive F: | 7,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DANBOSS-PC | User Name: DANBOSS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\DANBOSS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\G Data\AntiVirus\GUI\GDSC.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe (CMedia)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\winamp.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\vis_milk2.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\vis_avs.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\pmp_wifi.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\pmp_ipod.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ombrowser.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\pmp_android.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\out_ds.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_wire.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\pmp_usb.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\vis_nsfs.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\out_wave.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\tagz.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\out_disk.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\pmp_activesync.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\winampa.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\pmp_p4s.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\pmp_njb.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\playlist.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\burnlib.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_local.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_disc.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_pmp.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_jumpex_original.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_jumpex.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_plg.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_classicart.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_mp3.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_ff.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_ml.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_midi.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_mod.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_wm.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_play_remove.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_online.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_cdda.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\dsp_sps.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_playlists.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_nsv.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_skinmanager.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_hotkeys.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_vorbis.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_undo.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\auth.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_timerestore.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_downloads.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_nopro.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_history.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_devices.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_transcode.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_tray.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_orgler.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_crasher.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_autotag.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_wav.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_dshow.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\enc_fhgaac.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\enc_wma.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_wave.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_flac.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\enc_lame.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_rg.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_impex.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_bookmarks.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_mp4.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_avi.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_enqplay.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_wv.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_mkv.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_orb.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\gen_find_on_disk.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\enc_wav.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\enc_vorbis.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\enc_flac.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_nowplaying.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\ml_addons.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_swf.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_linein.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\WLZ9AA9.tmp\in_flv.lng ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF388.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF367.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF354.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF332.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF321.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF30F.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF2DE.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF2BD.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF27D.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF25C.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF24A.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF1EA.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF1D9.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF3D0.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF3CE.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF3BC.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF3BA.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\YTMP7MC8AA\TAAF365.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF15A.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF11A.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF108.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF0F6.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF0E5.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF0D3.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF0B1.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEFD4.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEFC3.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEFAF.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEFAD.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEFAB.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEF97.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEF86.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEF74.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEF4D.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEFFF.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF023.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMF011.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEFFD.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEF72.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEFD8.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEFEC.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEF99.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEFC1.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEF4F.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEF61.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEFEA.tmp ()
MOD - C:\Users\DANBOSS\AppData\Local\Temp\XTMP1MC3VE\DEMEFD6.tmp ()
MOD - C:\Program Files (x86)\ManyCam\Bin\CrashRpt.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files (x86)\Winamp\System\jnetlib.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\jpeg.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\xml.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\png.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\playlist.w5s ()
MOD - C:\Program Files (x86)\Winamp\tataki.dll ()
MOD - C:\Program Files (x86)\Winamp\zlib.dll ()
MOD - C:\Program Files (x86)\Winamp\System\timer.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\tagz.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\gracenote.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\primo.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\auth.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\devices.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\albumart.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\gif.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\bmp.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\dlmgr.w5s ()
MOD - C:\Program Files (x86)\Winamp\System\filereader.w5s ()
MOD - C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\ml_online.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\out_ds.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\out_disk.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\out_wave.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\ml_local.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\ml_history.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_wm.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_mod.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_midi.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_avi.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_flac.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_flv.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_swf.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_wave.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\in_linein.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll ()
MOD - C:\Program Files (x86)\Winamp\nsutil.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac ()
MOD - C:\Program Files (x86)\Winamp\libsndfile.dll ()
MOD - C:\Program Files (x86)\Winamp\nde.dll ()
MOD - C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\ASUS Xonar DX Audio\Customapp\VmixP8.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_objdetect220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_highgui220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_video220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\SysWOW64\HsMgr.exe ()
MOD - C:\Programme\ASUS Xonar DX Audio\Customapp\CmDevice.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (ISCTAgent) -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys ()
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
DRV:64bit: - (imsevent) -- C:\Windows\SysNative\drivers\imsevent.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys ()
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 D6 EC 4E 40 77 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://bild.de"
FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.43
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 08:55:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 17:35:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 08:55:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 17:35:34 | 000,000,000 | ---D | M]
 
[2012.08.08 18:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\Extensions
[2012.10.04 16:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\Firefox\Profiles\u2hxakkn.default\extensions
[2012.08.08 22:04:41 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\firefox\profiles\u2hxakkn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.29 08:46:27 | 000,395,927 | ---- | M] () (No name found) -- C:\Users\DANBOSS\AppData\Roaming\mozilla\firefox\profiles\u2hxakkn.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2012.09.27 14:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.27 14:43:22 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.09.10 08:55:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 08:55:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.10.02 21:51:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7683B693-F508-44F5-A025-9D346F715662}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.21 06:03:37 | 000,000,084 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.04 16:48:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.03 17:51:43 | 000,000,000 | ---D | C] -- C:\Windows\DISHONOR Libs
[2012.10.03 17:51:27 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\iScreensaver
[2012.10.03 12:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2012.10.03 12:24:09 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\ManyCam
[2012.10.03 12:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2012.10.03 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\ManyCam
[2012.10.03 12:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.10.03 12:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2012.10.03 10:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.02 21:47:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.02 21:47:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.02 21:47:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.02 21:47:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.02 21:47:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.27 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
[2012.09.27 14:52:46 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.09.27 14:52:44 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.09.27 14:43:22 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
[2012.09.27 14:39:12 | 000,060,320 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.27 14:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data AntiVirus 2013
[2012.09.27 14:38:46 | 000,126,880 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.27 14:38:46 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.09.27 14:38:45 | 000,054,176 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.09.27 14:38:44 | 000,064,416 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.09.27 14:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012.09.27 14:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2012.09.27 14:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2012.09.27 14:37:43 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\Downloaded Installations
[2012.09.27 14:35:25 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Desktop\G Data AntiVirus 2013
[2012.09.26 23:17:49 | 000,000,000 | ---D | C] -- C:\temp
[2012.09.26 23:17:15 | 026,228,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.09.26 23:17:15 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.09.26 23:17:15 | 019,828,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.09.26 23:17:15 | 018,229,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.09.26 23:17:15 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.09.26 23:17:15 | 009,066,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.09.26 23:17:15 | 007,626,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.09.26 23:17:15 | 007,397,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.09.26 23:17:15 | 006,109,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.09.26 23:17:15 | 002,745,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.09.26 23:17:15 | 002,573,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.09.26 23:17:15 | 002,216,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.09.26 23:17:15 | 001,866,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.09.26 23:17:15 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.09.26 23:17:15 | 000,830,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.09.26 23:17:15 | 000,355,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2012.09.26 23:17:15 | 000,308,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2012.09.26 23:17:15 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.09.26 23:17:15 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.09.26 23:17:15 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.09.26 23:17:15 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.09.26 22:55:56 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012.09.26 22:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2012.09.26 08:35:23 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.23 19:15:04 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\Microsoft Help
[2012.09.23 19:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.09.22 19:08:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 19:08:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 19:08:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 19:08:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 19:08:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 19:08:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 19:08:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 19:08:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 19:08:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 19:08:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 19:08:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 19:08:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 19:08:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 19:08:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 19:08:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.22 17:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.09.18 17:36:42 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\zdenki
[2012.09.16 15:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012.09.15 00:34:00 | 000,328,712 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\MijFrc.dll
[2012.09.15 00:34:00 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\MotioninJoy
[2012.09.15 00:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2012.09.15 00:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2012.09.14 21:51:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2012.09.14 21:51:31 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Documents\FIFA 13
[2012.09.14 21:50:59 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Documents\FIFA 13 Demo
[2012.09.13 17:18:31 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Local\PDF24
[2012.09.13 17:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.09.13 17:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012.09.13 17:07:27 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2012.09.13 17:07:27 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2012.09.13 17:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.09.13 16:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012.09.13 16:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012.09.13 16:56:34 | 000,101,376 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcwiad.dll
[2012.09.12 18:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2012.09.12 18:34:40 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\Nero
[2012.09.12 18:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.09.12 18:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012.09.12 18:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012.09.12 18:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.09.12 18:29:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.09.12 18:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012.09.12 16:29:26 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 16:29:25 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 16:29:25 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 16:29:25 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.09.09 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\TS3Client
[2012.09.09 15:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.09.09 15:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012.09.09 13:27:47 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\Documents\Amazon MP3
[2012.09.09 13:27:47 | 000,000,000 | ---D | C] -- C:\Users\DANBOSS\AppData\Roaming\Amazon
[2012.09.09 13:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012.09.09 13:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012.09.05 17:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur
[2012.09.05 17:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.05 17:09:15 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012.10.05 17:09:08 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2012.10.05 17:09:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.05 17:08:59 | 4211,617,790 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.05 17:04:57 | 000,021,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.05 17:04:57 | 000,021,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.05 17:03:44 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.05 17:03:44 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.05 17:03:44 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.05 17:03:44 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.05 17:03:44 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.05 17:01:55 | 000,816,494 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.10.05 17:01:55 | 000,044,677 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.10.04 16:23:46 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012.10.03 17:51:44 | 011,870,260 | ---- | M] () -- C:\Windows\DISHONOR.sCr
[2012.10.03 16:49:26 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.10.03 16:49:26 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.03 16:49:18 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.10.02 21:51:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.02 21:39:32 | 000,000,512 | ---- | M] () -- C:\Users\DANBOSS\MBR.dat
[2012.09.29 23:14:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.27 21:54:30 | 000,007,597 | ---- | M] () -- C:\Users\DANBOSS\AppData\Local\Resmon.ResmonCfg
[2012.09.27 20:33:22 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.09.27 20:33:22 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.27 19:58:41 | 000,000,221 | ---- | M] () -- C:\Users\DANBOSS\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2012.09.27 14:52:46 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.09.27 14:52:44 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.09.27 14:43:24 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.27 14:43:22 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.27 14:43:22 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.09.27 14:43:22 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.09.27 14:38:46 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.09.27 14:38:39 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\G Data AntiVirus.lnk
[2012.09.26 22:59:51 | 000,001,090 | ---- | M] () -- C:\Users\DANBOSS\Desktop\MSI Afterburner.lnk
[2012.09.26 17:30:04 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.22 16:44:58 | 000,000,221 | ---- | M] () -- C:\Users\DANBOSS\Desktop\Borderlands 2.url
[2012.09.13 17:21:43 | 003,043,019 | ---- | M] () -- C:\Users\DANBOSS\Bewerbungen.pdf
[2012.09.13 17:18:18 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.09.13 17:18:18 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.09.13 17:11:56 | 000,729,428 | ---- | M] () -- C:\Users\DANBOSS\Bewerbung.pdf
[2012.09.13 16:56:35 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.09.12 18:33:42 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2012.09.12 18:29:03 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012.09.09 15:09:38 | 000,000,935 | ---- | M] () -- C:\Users\DANBOSS\Desktop\TeamSpeak 3 Client.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.06 11:37:00 | 000,277,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.10.03 17:51:32 | 011,870,260 | ---- | C] () -- C:\Windows\DISHONOR.sCr
[2012.10.02 21:47:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.02 21:47:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.02 21:47:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.02 21:47:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.02 21:47:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.02 21:39:32 | 000,000,512 | ---- | C] () -- C:\Users\DANBOSS\MBR.dat
[2012.09.29 23:14:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.28 09:00:20 | 000,816,494 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.09.28 09:00:20 | 000,044,677 | ---- | C] () -- C:\Windows\SysWow64\nmp.map
[2012.09.27 21:54:30 | 000,007,597 | ---- | C] () -- C:\Users\DANBOSS\AppData\Local\Resmon.ResmonCfg
[2012.09.27 19:58:41 | 000,000,221 | ---- | C] () -- C:\Users\DANBOSS\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2012.09.27 14:38:39 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\G Data AntiVirus.lnk
[2012.09.26 22:55:56 | 000,001,090 | ---- | C] () -- C:\Users\DANBOSS\Desktop\MSI Afterburner.lnk
[2012.09.22 16:44:58 | 000,000,221 | ---- | C] () -- C:\Users\DANBOSS\Desktop\Borderlands 2.url
[2012.09.13 17:21:40 | 003,043,019 | ---- | C] () -- C:\Users\DANBOSS\Bewerbungen.pdf
[2012.09.13 17:18:18 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.09.13 17:18:18 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.09.13 17:11:55 | 000,729,428 | ---- | C] () -- C:\Users\DANBOSS\Bewerbung.pdf
[2012.09.13 16:56:35 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.09.12 18:33:42 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2012.09.12 18:29:03 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012.09.09 15:09:38 | 000,000,935 | ---- | C] () -- C:\Users\DANBOSS\Desktop\TeamSpeak 3 Client.lnk
[2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.08.09 21:01:34 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.09 21:01:33 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.08.09 21:01:33 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.08 19:32:46 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012.08.08 19:32:46 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2012.08.08 19:05:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012.08.08 19:05:16 | 000,097,700 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012.08.08 19:05:12 | 000,004,969 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012.08.08 19:05:12 | 000,000,933 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012.08.06 14:10:53 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.08.06 14:10:51 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.08.06 14:10:51 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.08.06 14:10:50 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.08.06 13:45:22 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.09 13:27:47 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Amazon
[2012.08.08 19:32:53 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\ASUS
[2012.08.25 14:33:02 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\DAEMON Tools Lite
[2012.08.25 10:49:22 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Fanda Games
[2012.10.03 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\iScreensaver
[2012.10.03 12:24:31 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\ManyCam
[2012.09.15 00:34:00 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\MotioninJoy
[2012.08.19 03:20:38 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Need for Speed World
[2012.08.09 07:39:13 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Origin
[2012.09.25 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\SoftGrid Client
[2012.10.03 17:59:36 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\Spotify
[2012.08.08 22:24:27 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\TP
[2012.09.09 18:13:45 | 000,000,000 | ---D | M] -- C:\Users\DANBOSS\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         

Geändert von DANBOSS (05.10.2012 um 17:18 Uhr)

Alt 05.10.2012, 18:13   #14
schrauber
/// the machine
/// TB-Ausbilder
 

PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



Irgendwas fuscht mir hier dauernd dazwischen.


Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.10.2012, 11:18   #15
DANBOSS
 
PayPal Konto gehackt! - Standard

PayPal Konto gehackt!



So,
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2012 01
Ran by SYSTEM at 06-10-2012 11:13:34
Running from G:\
Windows 7 Home Premium  Service Pack 1 (X64) OS Language: German Standard 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd [8769536 2011-05-12] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke [282112 2008-07-11] ()
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2345848 2009-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-09-06] (Geek Software GmbH)
HKLM-x32\...\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [995352 2012-09-17] (G Data Software AG)
HKU\DANBOSS\...\Run: [Spotify Web Helper] "C:\Users\DANBOSS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-18] ()
HKU\DANBOSS\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-08] (Valve Corporation)
HKU\DANBOSS\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\DANBOSS\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672384 2012-04-11] (DT Soft Ltd)
HKU\DANBOSS\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\DANBOSS\...\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent [2164632 2012-09-14] (ManyCam LLC)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ===================

2 AVKProxy; "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe" [1542680 2012-08-23] (G Data Software AG)
2 AVKService; "C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe" [468472 2012-01-27] (G Data Software AG)
2 AVKWCtl; "C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe" [2011568 2012-08-30] (G Data Software AG)
3 GDScan; "C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe" [470008 2012-03-29] (G Data Software AG)
2 Intel(R) Capability Licensing Service Interface; "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [628448 2012-02-02] (Intel(R) Corporation)
2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-09-26] ()

==================== Drivers (Whitelisted) =====================

0 asahci64; C:\Windows\System32\Drivers\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
3 cmudaxp; C:\Windows\System32\Drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-08-25] (DT Soft Ltd)
0 GDBehave; C:\Windows\System32\Drivers\GDBehave.sys [54176 2012-09-27] (G Data Software AG)
1 GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [126880 2012-09-27] (G Data Software AG)
3 GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [60320 2012-09-27] (G Data Software AG)
1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64416 2012-09-27] (G Data Software AG)
1 GRD; C:\Windows\System32\Drivers\GRD.sys [106648 2012-09-27] (G Data Software)
1 HookCentre; C:\Windows\System32\Drivers\HookCentre.sys [64376 2012-09-27] (G Data Software AG)
3 ikbevent; C:\Windows\System32\Drivers\ikbevent.sys [25536 2012-02-09] ()
3 imsevent; C:\Windows\System32\Drivers\imsevent.sys [25536 2012-02-09] ()
3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
0 iusb3hcs; C:\Windows\System32\Drivers\iusb3hcs.sys [16152 2012-01-26] (Intel Corporation)
3 iusb3hub; C:\Windows\System32\Drivers\iusb3hub.sys [356120 2012-01-26] (Intel Corporation)
3 iusb3xhc; C:\Windows\System32\Drivers\iusb3xhc.sys [787736 2012-01-26] (Intel Corporation)
3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)
3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-07-20] (ManyCam LLC)
3 WPRO_41_2001; C:\Windows\System32\Drivers\WPRO_41_2001.sys [34752 2012-10-06] ()
3 ALSysIO; \??\C:\Users\DANBOSS\AppData\Local\Temp\ALSysIO64.sys [x]
3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-06 11:13 - 2012-10-06 11:13 - 00000000 ____D C:\FRST
2012-10-06 09:59 - 2012-10-06 09:59 - 01456405 ____A (Farbar) C:\Users\DANBOSS\Downloads\FRST64.exe
2012-10-06 09:53 - 2012-10-06 09:53 - 00000000 ____D C:\Users\DANBOSS\AppData\Roaming\U3
2012-10-06 09:38 - 2012-10-06 10:08 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2012-10-04 16:04 - 2012-10-04 16:04 - 00095678 ____A C:\Users\DANBOSS\OTL(letzter Scan).Txt
2012-10-04 16:03 - 2012-10-04 16:03 - 00095678 ____A C:\Users\DANBOSS\Downloads\OTL(letzter Scan).Txt
2012-10-04 15:57 - 2012-10-04 15:57 - 00006984 ____A C:\Users\DANBOSS\AdwCleaner[S1].txt
2012-10-04 15:55 - 2012-10-04 15:55 - 00006984 ____A C:\AdwCleaner[S1].txt
2012-10-04 15:53 - 2012-10-04 15:53 - 00513501 ____A C:\Users\DANBOSS\Downloads\adwcleaner.exe
2012-10-04 15:53 - 2012-10-04 15:53 - 00006231 ____A C:\Users\DANBOSS\AdwCleaner[R1].txt
2012-10-04 15:53 - 2012-10-04 15:53 - 00006231 ____A C:\AdwCleaner[R1].txt
2012-10-04 15:52 - 2012-10-04 15:52 - 00003234 ____A C:\Users\DANBOSS\Otl.txt
2012-10-04 15:48 - 2012-10-04 15:48 - 00000000 ____D C:\_OTL
2012-10-03 16:51 - 2012-10-03 16:51 - 18175559 ____A C:\Users\DANBOSS\Downloads\dishonored_screensaver_pc.zip
2012-10-03 16:51 - 2012-10-03 16:51 - 11870260 ____A C:\Windows\DISHONOR.sCr
2012-10-03 16:51 - 2012-10-03 16:51 - 00000000 ____D C:\Windows\DISHONOR Libs
2012-10-03 16:51 - 2012-10-03 16:51 - 00000000 ____D C:\Users\DANBOSS\AppData\Roaming\iScreensaver
2012-10-03 11:24 - 2012-10-03 11:24 - 00000000 ____D C:\Users\DANBOSS\AppData\Roaming\ManyCam
2012-10-03 11:24 - 2012-10-03 11:24 - 00000000 ____D C:\Users\DANBOSS\AppData\Local\ManyCam
2012-10-03 11:24 - 2012-10-03 11:24 - 00000000 ____D C:\Users\All Users\ManyCam
2012-10-03 11:23 - 2012-10-03 11:24 - 00000000 ____D C:\Program Files (x86)\ManyCam
2012-10-03 11:22 - 2012-10-03 11:22 - 11970272 ____A (ManyCam LLC) C:\Users\DANBOSS\Downloads\ManyCamSetup.exe
2012-10-03 09:26 - 2012-10-03 09:26 - 02322184 ____A (ESET) C:\Users\DANBOSS\Downloads\esetsmartinstaller_enu(1).exe
2012-10-03 09:26 - 2012-10-03 09:26 - 00000000 ____D C:\Program Files (x86)\ESET
2012-10-03 09:25 - 2012-10-03 09:25 - 02322184 ____A (ESET) C:\Users\DANBOSS\Downloads\esetsmartinstaller_enu.exe
2012-10-02 20:53 - 2012-10-02 20:53 - 00031740 ____A C:\Users\DANBOSS\ComboFix.txt
2012-10-02 20:47 - 2012-10-02 20:53 - 00000000 ____D C:\Qoobox
2012-10-02 20:47 - 2012-10-02 20:52 - 00000000 ____D C:\Windows\erdnt
2012-10-02 20:47 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-02 20:47 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-02 20:47 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-02 20:47 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-02 20:47 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-02 20:47 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-02 20:47 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-02 20:47 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-02 20:45 - 2012-10-02 20:46 - 04759935 ____R (Swearware) C:\Users\DANBOSS\Downloads\ComboFix.exe
2012-10-02 20:39 - 2012-10-02 20:39 - 00001845 ____A C:\Users\DANBOSS\aswMBR.txt
2012-10-02 20:39 - 2012-10-02 20:39 - 00000512 ____A C:\Users\DANBOSS\MBR.dat
2012-10-02 20:23 - 2012-10-02 20:23 - 04731392 ____A (AVAST Software) C:\Users\DANBOSS\Downloads\aswMBR.exe
2012-09-29 23:08 - 2012-10-05 16:16 - 00127054 ____A C:\Users\DANBOSS\Downloads\OTL.Txt
2012-09-29 23:08 - 2012-09-29 23:08 - 00064048 ____A C:\Users\DANBOSS\Downloads\Extras.Txt
2012-09-29 22:55 - 2012-09-29 22:55 - 00602112 ____A (OldTimer Tools) C:\Users\DANBOSS\Downloads\OTL.exe
2012-09-29 22:34 - 2012-09-29 22:34 - 00002200 ____A C:\Users\DANBOSS\adware.txt
2012-09-29 22:14 - 2012-09-29 22:14 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-09-29 22:12 - 2012-09-29 22:13 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\DANBOSS\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-29 18:30 - 2012-09-29 18:30 - 31532704 ____A C:\Users\DANBOSS\Downloads\pms-setup-windows-1.70.1(1).exe
2012-09-29 17:54 - 2012-09-17 21:54 - 00000000 ____D C:\Users\DANBOSS\Downloads\Red.Lights.German.AC3.Dubbed.720p.BluRay.x264-Pleaders
2012-09-29 17:23 - 2012-09-29 17:54 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Red.Lights-720-Cine-Pleaders.part3.rar
2012-09-29 17:23 - 2012-09-29 17:45 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Red.Lights-720-Cine-Pleaders.part1.rar
2012-09-29 17:23 - 2012-09-29 17:38 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Red.Lights-720-Cine-Pleaders.part4.rar
2012-09-29 17:23 - 2012-09-29 17:38 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Red.Lights-720-Cine-Pleaders.part2.rar
2012-09-29 17:23 - 2012-09-29 17:32 - 278433606 ____A C:\Users\DANBOSS\Downloads\Red.Lights-720-Cine-Pleaders.part5.rar
2012-09-29 17:10 - 2012-09-29 17:10 - 00000000 ____D C:\Users\DANBOSS\Downloads\Weed.Bandits.2003-1080-ETM
2012-09-29 17:09 - 2012-09-29 17:09 - 00000000 ____D C:\Users\DANBOSS\Downloads\Dark.Shadows-720-SONS
2012-09-29 16:48 - 2012-09-18 23:47 - 00000000 ____D C:\Users\DANBOSS\Downloads\Weed.Bandits.2003.German.DL.Doku.1080p.BluRay.x264-ETM
2012-09-29 16:47 - 2012-09-12 15:45 - 00000000 ____D C:\Users\DANBOSS\Downloads\Dark.Shadows.German.DL.720p.BluRay.x264-SONS
2012-09-29 16:08 - 2012-09-29 16:47 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Dark.Shadows-720-SONS.part2.rar
2012-09-29 16:08 - 2012-09-29 16:43 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Dark.Shadows-720-SONS.part1.rar
2012-09-29 16:08 - 2012-09-29 16:42 - 1033905177 ____A C:\Users\DANBOSS\Downloads\Dark.Shadows-720-SONS.part3.rar
2012-09-29 16:03 - 2012-09-29 17:55 - 146770780 ____A C:\Users\DANBOSS\Downloads\Casino.Jack.2010-720-ROOR.part4.rar.part
2012-09-29 16:03 - 2012-09-29 16:48 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Weed.Bandits.2003-1080-ETM.part4.rar
2012-09-29 16:03 - 2012-09-29 16:46 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Weed.Bandits.2003-1080-ETM.part3.rar
2012-09-29 16:03 - 2012-09-29 16:46 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Weed.Bandits.2003-1080-ETM.part2.rar
2012-09-29 16:02 - 2012-09-29 16:46 - 908134958 ____A C:\Users\DANBOSS\Downloads\Weed.Bandits.2003-1080-ETM.part5.rar
2012-09-29 16:02 - 2012-09-29 16:42 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Weed.Bandits.2003-1080-ETM.part1.rar
2012-09-29 16:02 - 2012-09-29 16:02 - 00000000 ____D C:\Users\DANBOSS\Downloads\Z-Ro-Angel_Dust-2012-CR
2012-09-29 15:59 - 2012-09-29 15:59 - 00000000 ____D C:\Users\DANBOSS\Downloads\CTSIGRP-(RapGodFathers.info)
2012-09-29 12:38 - 2012-09-29 13:34 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Casino.Jack.2010-720-ROOR.part3.rar
2012-09-29 11:57 - 2012-09-29 11:57 - 27052794 ____A C:\Users\DANBOSS\Downloads\Fettes Brot - Amsterdam (CDM 2010).7z
2012-09-29 11:46 - 2010-11-05 16:47 - 00000000 ____D C:\Users\DANBOSS\Downloads\Fettes Brot - Amsterdam (CDM 2010)
2012-09-29 11:38 - 2012-09-29 12:34 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Casino.Jack.2010-720-ROOR.part2.rar
2012-09-29 11:37 - 2012-09-29 11:46 - 28331540 ____A C:\Users\DANBOSS\Downloads\Fettes Brot - Amsterdam (CDM 2010).rar
2012-09-29 11:35 - 2012-09-29 11:37 - 00000000 ____D C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012
2012-09-29 11:32 - 2012-09-29 11:35 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part7.rar
2012-09-29 11:32 - 2012-09-29 11:35 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part6.rar
2012-09-29 11:32 - 2012-09-29 11:35 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part5.rar
2012-09-29 11:32 - 2012-09-29 11:35 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part4.rar
2012-09-29 11:32 - 2012-09-29 11:35 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part3.rar
2012-09-29 11:32 - 2012-09-29 11:34 - 23705490 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part8.rar
2012-09-29 11:31 - 2012-09-29 11:32 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part2.rar
2012-09-29 11:31 - 2012-09-29 11:31 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part1.rar
2012-09-29 11:15 - 2012-09-29 11:33 - 110270897 ____A C:\Users\DANBOSS\Downloads\CTSIGRP-(RapGodFathers.info).zip
2012-09-29 11:10 - 2012-09-29 11:10 - 00000000 ____D C:\Users\DANBOSS\Downloads\Xavasn)
2012-09-29 11:09 - 2012-09-27 23:11 - 00000000 ____D C:\Users\DANBOSS\Downloads\Xavas - Gespaltene Persönlichkeit (Deluxe Edition)
2012-09-29 10:41 - 2012-09-29 10:44 - 105255768 ____A C:\Users\DANBOSS\Downloads\Z-Ro-Angel_Dust-2012-CR.rar
2012-09-29 10:32 - 2012-09-29 11:03 - 00000033 ____A C:\Users\DANBOSS\Desktop\uploadet.to.txt
2012-09-29 09:41 - 2012-09-29 11:09 - 336613727 ____A C:\Users\DANBOSS\Downloads\Xavasn).rar
2012-09-28 08:00 - 2012-10-06 09:43 - 00817158 ____A C:\Windows\SysWOW64\sig.bin
2012-09-28 08:00 - 2012-10-06 09:43 - 00044691 ____A C:\Windows\SysWOW64\nmp.map
2012-09-27 20:54 - 2012-09-27 20:54 - 00007597 ____A C:\Users\DANBOSS\AppData\Local\Resmon.ResmonCfg
2012-09-27 18:58 - 2012-09-27 18:58 - 00000221 ____A C:\Users\DANBOSS\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
2012-09-27 14:28 - 2012-09-27 14:28 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2012-09-27 14:27 - 2012-09-27 14:27 - 02821752 ____A (J3S GmbH) C:\Users\DANBOSS\Downloads\COMPUTERBILD-Abzockschutz-Installer.exe
2012-09-27 13:52 - 2012-09-27 13:52 - 00106648 ____A (G Data Software) C:\Windows\System32\Drivers\GRD.sys
2012-09-27 13:52 - 2012-09-27 13:52 - 00016504 ____A (G Data Software) C:\Windows\System32\Drivers\GdPhyMem.sys
2012-09-27 13:43 - 2012-05-29 08:24 - 00010792 ____A (G Data Software AG) C:\Windows\SysWOW64\GdScrSv.de.dll
2012-09-27 13:39 - 2012-09-27 13:43 - 00060320 ____A (G Data Software AG) C:\Windows\System32\Drivers\PktIcpt.sys
2012-09-27 13:38 - 2012-09-27 13:48 - 00000000 ____D C:\Users\All Users\G DATA
2012-09-27 13:38 - 2012-09-27 13:43 - 00126880 ____A (G Data Software AG) C:\Windows\System32\Drivers\MiniIcpt.sys
2012-09-27 13:38 - 2012-09-27 13:43 - 00064416 ____A (G Data Software AG) C:\Windows\System32\Drivers\gdwfpcd64.sys
2012-09-27 13:38 - 2012-09-27 13:43 - 00054176 ____A (G Data Software AG) C:\Windows\System32\Drivers\GDBehave.sys
2012-09-27 13:38 - 2012-09-27 13:38 - 00064376 ____A (G Data Software AG) C:\Windows\System32\Drivers\HookCentre.sys
2012-09-27 13:38 - 2012-09-27 13:38 - 00002085 ____A C:\Users\Public\Desktop\G Data AntiVirus.lnk
2012-09-27 13:38 - 2012-09-27 13:38 - 00000000 ____D C:\Program Files (x86)\G Data
2012-09-27 13:37 - 2012-09-27 13:37 - 00000000 ____D C:\Users\DANBOSS\AppData\Local\Downloaded Installations
2012-09-27 13:35 - 2012-09-27 13:37 - 00000000 ____D C:\Users\DANBOSS\Desktop\G Data AntiVirus 2013
2012-09-27 13:35 - 2012-09-27 13:35 - 01151104 ____A (Amazon Services LLC) C:\Users\DANBOSS\Downloads\G_Data_AntiVirus_2013_Downloader.exe
2012-09-26 22:17 - 2012-08-30 20:14 - 26228072 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 25256296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 19828584 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 18229096 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 17559912 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 13391720 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-09-26 22:17 - 2012-08-30 20:14 - 09066344 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 07626088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 07397736 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 06109032 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 02745192 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 02573672 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 02216808 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 01866088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 01482600 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 00830312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 00355176 ____A (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 00308072 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 00247144 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-09-26 22:17 - 2012-08-30 20:14 - 00202600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-09-26 22:17 - 2012-07-03 16:25 - 00189288 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-09-26 22:17 - 2012-07-03 16:25 - 00031080 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-09-26 22:14 - 2012-09-26 22:16 - 227564624 ____A (NVIDIA Corporation) C:\Users\DANBOSS\Downloads\306.23-desktop-win8-win7-winvista-64bit-international-whql.exe
2012-09-26 21:59 - 2012-09-26 21:59 - 00000000 ____D C:\Users\DANBOSS\Downloads\MSIAfterburnerSetup224
2012-09-26 21:56 - 2012-09-26 21:59 - 21210640 ____A C:\Users\DANBOSS\Downloads\MSIAfterburnerSetup224.zip
2012-09-26 21:55 - 2012-09-26 21:59 - 00001090 ____A C:\Users\DANBOSS\Desktop\MSI Afterburner.lnk
2012-09-26 21:55 - 2012-09-26 21:56 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2012-09-26 21:47 - 2012-09-26 21:55 - 00000000 ____D C:\Users\DANBOSS\Downloads\MSIAfterburnerSetup223
2012-09-26 21:43 - 2012-09-26 21:45 - 24010178 ____A C:\Users\DANBOSS\Downloads\MSIAfterburnerSetup223.zip
2012-09-26 07:35 - 2012-08-21 22:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-23 18:15 - 2012-09-23 18:15 - 00000000 ____D C:\Users\DANBOSS\AppData\Local\Microsoft Help
2012-09-23 18:15 - 2012-09-23 18:15 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-09-22 18:08 - 2012-08-24 12:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-22 18:08 - 2012-08-24 11:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-22 18:08 - 2012-08-24 11:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-22 18:08 - 2012-08-24 11:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-22 18:08 - 2012-08-24 11:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-22 18:08 - 2012-08-24 11:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-22 18:08 - 2012-08-24 11:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-22 18:08 - 2012-08-24 11:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-22 18:08 - 2012-08-24 11:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-22 18:08 - 2012-08-24 11:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-22 18:08 - 2012-08-24 11:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-22 18:08 - 2012-08-24 11:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 18:08 - 2012-08-24 11:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-22 18:08 - 2012-08-24 11:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-22 18:08 - 2012-08-24 11:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-22 18:08 - 2012-08-24 11:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 18:08 - 2012-08-24 08:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-22 18:08 - 2012-08-24 08:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-22 18:08 - 2012-08-24 07:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-22 18:08 - 2012-08-24 07:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-22 18:08 - 2012-08-24 07:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-22 18:08 - 2012-08-24 07:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-22 18:08 - 2012-08-24 07:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-22 18:08 - 2012-08-24 07:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 18:08 - 2012-08-24 07:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-22 18:08 - 2012-08-24 07:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-22 18:08 - 2012-08-24 07:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-22 18:08 - 2012-08-24 07:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 18:08 - 2012-08-24 07:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-22 18:08 - 2012-08-24 07:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 18:08 - 2012-08-24 07:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-22 18:08 - 2012-08-24 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-22 15:44 - 2012-09-22 15:44 - 00000221 ____A C:\Users\DANBOSS\Desktop\Borderlands 2.url
2012-09-18 16:36 - 2012-09-18 16:36 - 00000000 ____D C:\Users\DANBOSS\zdenki
2012-09-16 14:20 - 2012-09-16 14:20 - 00000000 ____D C:\Users\All Users\Codemasters
2012-09-14 23:34 - 2012-09-14 23:34 - 00000000 ____D C:\Users\DANBOSS\AppData\Roaming\MotioninJoy
2012-09-14 23:34 - 2012-09-14 23:34 - 00000000 ____D C:\Program Files\MotioninJoy
2012-09-14 23:34 - 2010-05-03 15:12 - 00328712 ____A (Logitech Inc.) C:\Windows\System32\MijFrc.dll
2012-09-14 23:33 - 2012-09-14 23:33 - 00000000 ____D C:\Users\DANBOSS\Downloads\MotioninJoy_060003_amd64_signed
2012-09-14 23:32 - 2012-09-14 23:32 - 02306709 ____A C:\Users\DANBOSS\Downloads\MotioninJoy_060003_amd64_signed.zip
2012-09-14 23:32 - 2012-09-14 23:32 - 00000000 ____D C:\Users\DANBOSS\Downloads\BlackMesa
2012-09-14 20:51 - 2012-09-14 20:51 - 00000000 __SHD C:\Users\All Users\DSS
2012-09-14 20:51 - 2012-09-14 20:51 - 00000000 ____D C:\Users\DANBOSS\Documents\FIFA 13
2012-09-14 20:50 - 2012-09-14 20:51 - 00000000 ____D C:\Users\DANBOSS\Documents\FIFA 13 Demo
2012-09-13 16:18 - 2012-09-13 16:18 - 00001872 ____A C:\Users\Public\Desktop\PDF24 Editor.lnk
2012-09-13 16:18 - 2012-09-13 16:18 - 00001857 ____A C:\Users\Public\Desktop\PDF24 Fax.lnk
2012-09-13 16:18 - 2012-09-13 16:18 - 00000000 ____D C:\Users\DANBOSS\AppData\Local\PDF24
2012-09-13 16:18 - 2012-09-13 16:18 - 00000000 ____D C:\Program Files (x86)\PDF24
2012-09-13 16:17 - 2012-09-13 16:17 - 10500024 ____A (Geek Software GmbH                                          ) C:\Users\DANBOSS\Downloads\pdf24-creator49.exe
2012-09-13 16:07 - 2012-09-13 16:15 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2012-09-13 16:07 - 2012-05-05 10:54 - 00662288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2012-09-13 16:07 - 1998-07-06 17:56 - 00125712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2012-09-13 15:58 - 2012-09-13 15:58 - 00000000 ____A C:\Users\DANBOSS\Sti_Trace.log
2012-09-13 15:56 - 2012-09-13 15:56 - 12070912 ____A C:\Users\DANBOSS\Downloads\epson318018eu.exe
2012-09-13 15:56 - 2012-09-13 15:56 - 00000934 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
2012-09-13 15:56 - 2012-09-13 15:56 - 00000000 ____D C:\Program Files (x86)\epson
2012-09-13 15:56 - 2007-03-26 23:00 - 00101376 ____A (SEIKO EPSON CORP.) C:\Windows\System32\esxcwiad.dll
2012-09-12 17:34 - 2012-09-12 17:34 - 00000000 ____D C:\Users\DANBOSS\AppData\Roaming\Nero
2012-09-12 17:34 - 2012-09-12 17:34 - 00000000 ____D C:\Users\All Users\LightScribe
2012-09-12 17:33 - 2012-09-12 17:34 - 00000000 ____D C:\Users\All Users\Nero
2012-09-12 17:33 - 2012-09-12 17:34 - 00000000 ____D C:\Program Files (x86)\Nero
2012-09-12 17:33 - 2012-09-12 17:33 - 00002843 ____A C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
2012-09-12 17:29 - 2012-09-12 17:29 - 00002037 ____A C:\Users\Public\Desktop\LightScribe.lnk
2012-09-12 17:26 - 2012-09-12 17:26 - 128090448 ____A (Nero AG) C:\Users\DANBOSS\Downloads\Nero_BurningROM-11.2.00400_trial.exe
2012-09-12 15:29 - 2012-08-22 19:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-12 15:29 - 2012-08-22 19:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-12 15:29 - 2012-08-22 19:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-12 15:29 - 2012-08-22 19:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-12 15:29 - 2012-08-02 18:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 15:29 - 2012-08-02 17:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-12 15:29 - 2012-07-04 21:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-09 14:09 - 2012-09-09 17:13 - 00000000 ____D C:\Users\DANBOSS\AppData\Roaming\TS3Client
2012-09-09 14:09 - 2012-09-09 14:09 - 00000935 ____A C:\Users\DANBOSS\Desktop\TeamSpeak 3 Client.lnk
2012-09-09 14:08 - 2012-09-09 14:09 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2012-09-09 14:08 - 2012-09-09 14:08 - 32179616 ____A (TeamSpeak Systems GmbH) C:\Users\DANBOSS\Downloads\TeamSpeak3-Client-win64-3.0.8.1.exe
2012-09-09 12:27 - 2012-09-09 12:27 - 02364816 ____A C:\Users\DANBOSS\Downloads\AmazonMP3DownloaderInstall.exe
2012-09-09 12:27 - 2012-09-09 12:27 - 00000000 ____D C:\Users\DANBOSS\Documents\Amazon MP3
2012-09-09 12:27 - 2012-09-09 12:27 - 00000000 ____D C:\Users\DANBOSS\AppData\Roaming\Amazon
2012-09-09 12:27 - 2012-09-09 12:27 - 00000000 ____D C:\Program Files (x86)\Amazon

==================== 3 Months Modified Files ==================

2012-10-06 10:08 - 2012-10-06 09:38 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2012-10-06 10:08 - 2012-08-06 13:44 - 00034752 ____A C:\Windows\System32\Drivers\WPRO_41_2001.sys
2012-10-06 10:08 - 2010-11-21 04:47 - 00408354 ____A C:\Windows\PFRO.log
2012-10-06 10:08 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-06 10:08 - 2009-07-14 05:51 - 00048972 ____A C:\Windows\setupact.log
2012-10-06 10:05 - 2012-08-06 15:02 - 01757214 ____A C:\Windows\WindowsUpdate.log
2012-10-06 10:02 - 2009-07-14 05:45 - 00021392 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-06 10:02 - 2009-07-14 05:45 - 00021392 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-06 09:59 - 2012-10-06 09:59 - 01456405 ____A (Farbar) C:\Users\DANBOSS\Downloads\FRST64.exe
2012-10-06 09:59 - 2011-04-12 08:43 - 00654372 ____A C:\Windows\System32\perfh007.dat
2012-10-06 09:59 - 2011-04-12 08:43 - 00129986 ____A C:\Windows\System32\perfc007.dat
2012-10-06 09:59 - 2009-07-14 06:13 - 01500018 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-06 09:43 - 2012-09-28 08:00 - 00817158 ____A C:\Windows\SysWOW64\sig.bin
2012-10-06 09:43 - 2012-09-28 08:00 - 00044691 ____A C:\Windows\SysWOW64\nmp.map
2012-10-06 09:38 - 2012-08-06 13:17 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2012-10-05 16:16 - 2012-09-29 23:08 - 00127054 ____A C:\Users\DANBOSS\Downloads\OTL.Txt
2012-10-04 16:04 - 2012-10-04 16:04 - 00095678 ____A C:\Users\DANBOSS\OTL(letzter Scan).Txt
2012-10-04 16:03 - 2012-10-04 16:03 - 00095678 ____A C:\Users\DANBOSS\Downloads\OTL(letzter Scan).Txt
2012-10-04 15:57 - 2012-10-04 15:57 - 00006984 ____A C:\Users\DANBOSS\AdwCleaner[S1].txt
2012-10-04 15:55 - 2012-10-04 15:55 - 00006984 ____A C:\AdwCleaner[S1].txt
2012-10-04 15:53 - 2012-10-04 15:53 - 00513501 ____A C:\Users\DANBOSS\Downloads\adwcleaner.exe
2012-10-04 15:53 - 2012-10-04 15:53 - 00006231 ____A C:\Users\DANBOSS\AdwCleaner[R1].txt
2012-10-04 15:53 - 2012-10-04 15:53 - 00006231 ____A C:\AdwCleaner[R1].txt
2012-10-04 15:52 - 2012-10-04 15:52 - 00003234 ____A C:\Users\DANBOSS\Otl.txt
2012-10-04 15:23 - 2012-08-06 13:17 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2012-10-03 16:51 - 2012-10-03 16:51 - 18175559 ____A C:\Users\DANBOSS\Downloads\dishonored_screensaver_pc.zip
2012-10-03 16:51 - 2012-10-03 16:51 - 11870260 ____A C:\Windows\DISHONOR.sCr
2012-10-03 15:49 - 2012-08-09 20:01 - 00281520 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-10-03 15:49 - 2012-08-09 19:50 - 00281520 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-10-03 15:49 - 2012-08-09 19:25 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-10-03 11:22 - 2012-10-03 11:22 - 11970272 ____A (ManyCam LLC) C:\Users\DANBOSS\Downloads\ManyCamSetup.exe
2012-10-03 09:26 - 2012-10-03 09:26 - 02322184 ____A (ESET) C:\Users\DANBOSS\Downloads\esetsmartinstaller_enu(1).exe
2012-10-03 09:25 - 2012-10-03 09:25 - 02322184 ____A (ESET) C:\Users\DANBOSS\Downloads\esetsmartinstaller_enu.exe
2012-10-02 20:53 - 2012-10-02 20:53 - 00031740 ____A C:\Users\DANBOSS\ComboFix.txt
2012-10-02 20:51 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2012-10-02 20:46 - 2012-10-02 20:45 - 04759935 ____R (Swearware) C:\Users\DANBOSS\Downloads\ComboFix.exe
2012-10-02 20:39 - 2012-10-02 20:39 - 00001845 ____A C:\Users\DANBOSS\aswMBR.txt
2012-10-02 20:39 - 2012-10-02 20:39 - 00000512 ____A C:\Users\DANBOSS\MBR.dat
2012-10-02 20:23 - 2012-10-02 20:23 - 04731392 ____A (AVAST Software) C:\Users\DANBOSS\Downloads\aswMBR.exe
2012-09-29 23:08 - 2012-09-29 23:08 - 00064048 ____A C:\Users\DANBOSS\Downloads\Extras.Txt
2012-09-29 22:55 - 2012-09-29 22:55 - 00602112 ____A (OldTimer Tools) C:\Users\DANBOSS\Downloads\OTL.exe
2012-09-29 22:34 - 2012-09-29 22:34 - 00002200 ____A C:\Users\DANBOSS\adware.txt
2012-09-29 22:14 - 2012-09-29 22:14 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-09-29 22:13 - 2012-09-29 22:12 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\DANBOSS\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-29 18:30 - 2012-09-29 18:30 - 31532704 ____A C:\Users\DANBOSS\Downloads\pms-setup-windows-1.70.1(1).exe
2012-09-29 17:55 - 2012-09-29 16:03 - 146770780 ____A C:\Users\DANBOSS\Downloads\Casino.Jack.2010-720-ROOR.part4.rar.part
2012-09-29 17:54 - 2012-09-29 17:23 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Red.Lights-720-Cine-Pleaders.part3.rar
2012-09-29 17:45 - 2012-09-29 17:23 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Red.Lights-720-Cine-Pleaders.part1.rar
2012-09-29 17:38 - 2012-09-29 17:23 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Red.Lights-720-Cine-Pleaders.part4.rar
2012-09-29 17:38 - 2012-09-29 17:23 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Red.Lights-720-Cine-Pleaders.part2.rar
2012-09-29 17:32 - 2012-09-29 17:23 - 278433606 ____A C:\Users\DANBOSS\Downloads\Red.Lights-720-Cine-Pleaders.part5.rar
2012-09-29 16:48 - 2012-09-29 16:03 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Weed.Bandits.2003-1080-ETM.part4.rar
2012-09-29 16:47 - 2012-09-29 16:08 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Dark.Shadows-720-SONS.part2.rar
2012-09-29 16:46 - 2012-09-29 16:03 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Weed.Bandits.2003-1080-ETM.part3.rar
2012-09-29 16:46 - 2012-09-29 16:03 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Weed.Bandits.2003-1080-ETM.part2.rar
2012-09-29 16:46 - 2012-09-29 16:02 - 908134958 ____A C:\Users\DANBOSS\Downloads\Weed.Bandits.2003-1080-ETM.part5.rar
2012-09-29 16:43 - 2012-09-29 16:08 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Dark.Shadows-720-SONS.part1.rar
2012-09-29 16:42 - 2012-09-29 16:08 - 1033905177 ____A C:\Users\DANBOSS\Downloads\Dark.Shadows-720-SONS.part3.rar
2012-09-29 16:42 - 2012-09-29 16:02 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Weed.Bandits.2003-1080-ETM.part1.rar
2012-09-29 13:34 - 2012-09-29 12:38 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Casino.Jack.2010-720-ROOR.part3.rar
2012-09-29 12:34 - 2012-09-29 11:38 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Casino.Jack.2010-720-ROOR.part2.rar
2012-09-29 11:57 - 2012-09-29 11:57 - 27052794 ____A C:\Users\DANBOSS\Downloads\Fettes Brot - Amsterdam (CDM 2010).7z
2012-09-29 11:46 - 2012-09-29 11:37 - 28331540 ____A C:\Users\DANBOSS\Downloads\Fettes Brot - Amsterdam (CDM 2010).rar
2012-09-29 11:35 - 2012-09-29 11:32 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part7.rar
2012-09-29 11:35 - 2012-09-29 11:32 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part6.rar
2012-09-29 11:35 - 2012-09-29 11:32 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part5.rar
2012-09-29 11:35 - 2012-09-29 11:32 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part4.rar
2012-09-29 11:35 - 2012-09-29 11:32 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part3.rar
2012-09-29 11:34 - 2012-09-29 11:32 - 23705490 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part8.rar
2012-09-29 11:33 - 2012-09-29 11:15 - 110270897 ____A C:\Users\DANBOSS\Downloads\CTSIGRP-(RapGodFathers.info).zip
2012-09-29 11:32 - 2012-09-29 11:31 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part2.rar
2012-09-29 11:31 - 2012-09-29 11:31 - 110000000 ____A C:\Users\DANBOSS\Downloads\Billboard Hot 100 09-29-2012.part1.rar
2012-09-29 11:09 - 2012-09-29 09:41 - 336613727 ____A C:\Users\DANBOSS\Downloads\Xavasn).rar
2012-09-29 11:03 - 2012-09-29 10:32 - 00000033 ____A C:\Users\DANBOSS\Desktop\uploadet.to.txt
2012-09-29 10:44 - 2012-09-29 10:41 - 105255768 ____A C:\Users\DANBOSS\Downloads\Z-Ro-Angel_Dust-2012-CR.rar
2012-09-27 21:00 - 2012-08-06 12:46 - 00244669 ____A C:\Windows\DirectX.log
2012-09-27 20:54 - 2012-09-27 20:54 - 00007597 ____A C:\Users\DANBOSS\AppData\Local\Resmon.ResmonCfg
2012-09-27 19:33 - 2012-08-08 17:43 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-27 19:33 - 2012-08-08 17:43 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-27 18:58 - 2012-09-27 18:58 - 00000221 ____A C:\Users\DANBOSS\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
2012-09-27 18:36 - 2009-07-14 06:08 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-27 14:27 - 2012-09-27 14:27 - 02821752 ____A (J3S GmbH) C:\Users\DANBOSS\Downloads\COMPUTERBILD-Abzockschutz-Installer.exe
2012-09-27 13:52 - 2012-09-27 13:52 - 00106648 ____A (G Data Software) C:\Windows\System32\Drivers\GRD.sys
2012-09-27 13:52 - 2012-09-27 13:52 - 00016504 ____A (G Data Software) C:\Windows\System32\Drivers\GdPhyMem.sys
2012-09-27 13:43 - 2012-09-27 13:39 - 00060320 ____A (G Data Software AG) C:\Windows\System32\Drivers\PktIcpt.sys
2012-09-27 13:43 - 2012-09-27 13:38 - 00126880 ____A (G Data Software AG) C:\Windows\System32\Drivers\MiniIcpt.sys
2012-09-27 13:43 - 2012-09-27 13:38 - 00064416 ____A (G Data Software AG) C:\Windows\System32\Drivers\gdwfpcd64.sys
2012-09-27 13:43 - 2012-09-27 13:38 - 00054176 ____A (G Data Software AG) C:\Windows\System32\Drivers\GDBehave.sys
2012-09-27 13:38 - 2012-09-27 13:38 - 00064376 ____A (G Data Software AG) C:\Windows\System32\Drivers\HookCentre.sys
2012-09-27 13:38 - 2012-09-27 13:38 - 00002085 ____A C:\Users\Public\Desktop\G Data AntiVirus.lnk
2012-09-27 13:35 - 2012-09-27 13:35 - 01151104 ____A (Amazon Services LLC) C:\Users\DANBOSS\Downloads\G_Data_AntiVirus_2013_Downloader.exe
2012-09-26 22:16 - 2012-09-26 22:14 - 227564624 ____A (NVIDIA Corporation) C:\Users\DANBOSS\Downloads\306.23-desktop-win8-win7-winvista-64bit-international-whql.exe
2012-09-26 21:59 - 2012-09-26 21:56 - 21210640 ____A C:\Users\DANBOSS\Downloads\MSIAfterburnerSetup224.zip
2012-09-26 21:59 - 2012-09-26 21:55 - 00001090 ____A C:\Users\DANBOSS\Desktop\MSI Afterburner.lnk
2012-09-26 21:45 - 2012-09-26 21:43 - 24010178 ____A C:\Users\DANBOSS\Downloads\MSIAfterburnerSetup223.zip
2012-09-26 16:30 - 2012-08-09 20:01 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-09-22 15:44 - 2012-09-22 15:44 - 00000221 ____A C:\Users\DANBOSS\Desktop\Borderlands 2.url
2012-09-14 23:32 - 2012-09-14 23:32 - 02306709 ____A C:\Users\DANBOSS\Downloads\MotioninJoy_060003_amd64_signed.zip
2012-09-13 16:18 - 2012-09-13 16:18 - 00001872 ____A C:\Users\Public\Desktop\PDF24 Editor.lnk
2012-09-13 16:18 - 2012-09-13 16:18 - 00001857 ____A C:\Users\Public\Desktop\PDF24 Fax.lnk
2012-09-13 16:17 - 2012-09-13 16:17 - 10500024 ____A (Geek Software GmbH                                          ) C:\Users\DANBOSS\Downloads\pdf24-creator49.exe
2012-09-13 15:58 - 2012-09-13 15:58 - 00000000 ____A C:\Users\DANBOSS\Sti_Trace.log
2012-09-13 15:56 - 2012-09-13 15:56 - 12070912 ____A C:\Users\DANBOSS\Downloads\epson318018eu.exe
2012-09-13 15:56 - 2012-09-13 15:56 - 00000934 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
2012-09-12 17:57 - 2012-08-17 18:32 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-12 17:33 - 2012-09-12 17:33 - 00002843 ____A C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
2012-09-12 17:29 - 2012-09-12 17:29 - 00002037 ____A C:\Users\Public\Desktop\LightScribe.lnk
2012-09-12 17:26 - 2012-09-12 17:26 - 128090448 ____A (Nero AG) C:\Users\DANBOSS\Downloads\Nero_BurningROM-11.2.00400_trial.exe
2012-09-09 14:09 - 2012-09-09 14:09 - 00000935 ____A C:\Users\DANBOSS\Desktop\TeamSpeak 3 Client.lnk
2012-09-09 14:08 - 2012-09-09 14:08 - 32179616 ____A (TeamSpeak Systems GmbH) C:\Users\DANBOSS\Downloads\TeamSpeak3-Client-win64-3.0.8.1.exe
2012-09-09 12:27 - 2012-09-09 12:27 - 02364816 ____A C:\Users\DANBOSS\Downloads\AmazonMP3DownloaderInstall.exe
2012-09-07 16:04 - 2012-09-02 09:09 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-06 10:37 - 2012-08-08 17:26 - 00058416 ____A C:\Users\DANBOSS\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-06 10:37 - 2009-07-14 05:45 - 00277128 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-04 18:14 - 2012-09-04 18:14 - 03878360 ____A C:\Users\DANBOSS\Downloads\battlelog-web-plugins-1.132.0-retail-prod.exe
2012-09-02 09:08 - 2012-09-02 09:08 - 10063000 ____A (Malwarebytes Corporation                                    ) C:\Users\DANBOSS\Downloads\mbam-setup-1.61.0.1400.exe
2012-09-02 08:52 - 2012-09-02 08:52 - 00364431 ____A C:\Users\DANBOSS\Downloads\CoreTemp64.zip
2012-09-01 15:36 - 2012-09-01 15:35 - 176124941 ____A C:\Users\DANBOSS\Downloads\Rick Ross - God Forgives, I Don't (Deluxe Edition) (RapGodFathers.info)(1).zip
2012-09-01 15:22 - 2012-09-01 15:04 - 110108960 ____A C:\Users\DANBOSS\Downloads\VAMSMV2-(RapGodFathers.info).zip
2012-09-01 14:50 - 2012-09-01 14:49 - 176124941 ____A C:\Users\DANBOSS\Downloads\Rick Ross - God Forgives, I Don't (Deluxe Edition) (RapGodFathers.info).zip
2012-09-01 12:54 - 2012-08-15 16:35 - 00001853 ____A C:\Users\Public\Desktop\Winamp.lnk
2012-09-01 11:40 - 2012-09-01 11:40 - 31532704 ____A C:\Users\DANBOSS\Downloads\pms-setup-windows-1.70.1.exe
2012-09-01 11:09 - 2012-09-01 11:09 - 01376768 ____A C:\Users\DANBOSS\Downloads\7z920-x64.msi
2012-09-01 08:33 - 2012-09-01 08:33 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-01 08:33 - 2012-09-01 08:33 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-01 08:33 - 2012-09-01 08:33 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-01 08:33 - 2012-09-01 08:33 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-01 08:33 - 2012-08-11 01:00 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-01 08:33 - 2012-08-11 01:00 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 26228072 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 25256296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 19828584 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 18229096 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 17559912 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 13391720 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-08-30 20:14 - 2012-09-26 22:17 - 09066344 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 07626088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 07397736 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 06109032 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 02745192 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 02573672 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 02216808 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 01866088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 01482600 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 00830312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 00355176 ____A (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 00308072 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 00247144 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-08-30 20:14 - 2012-09-26 22:17 - 00202600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-08-30 20:14 - 2012-08-07 08:03 - 15291752 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-08-30 20:14 - 2012-08-07 08:03 - 14879080 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-08-30 20:14 - 2012-08-07 08:03 - 12465512 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-08-30 20:14 - 2012-08-07 08:03 - 02725224 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-08-30 20:14 - 2012-08-07 08:03 - 02422120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-08-30 20:14 - 2012-08-07 08:03 - 01760104 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-08-30 20:14 - 2012-08-07 08:03 - 00971624 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-08-30 20:14 - 2012-08-07 08:03 - 00016366 ____A C:\Windows\System32\nvinfo.pb
2012-08-30 17:18 - 2012-08-07 08:04 - 03487434 ____A C:\Windows\System32\nvcoproc.bin
2012-08-30 17:18 - 2012-08-07 08:04 - 03266920 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-08-30 17:18 - 2012-08-07 08:04 - 02557800 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-08-30 17:18 - 2012-08-07 08:04 - 00891240 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-08-30 17:18 - 2012-08-07 08:04 - 00118120 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-08-30 17:18 - 2012-08-07 08:04 - 00063336 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-08-30 17:17 - 2012-08-07 08:04 - 06198120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-08-30 09:40 - 2012-08-30 09:40 - 00429416 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-08-27 15:54 - 2012-08-27 15:53 - 41137422 ____A C:\Users\DANBOSS\Downloads\WATER_-_1_5a-13268-1-5a.7z
2012-08-27 15:45 - 2012-08-27 15:45 - 02387988 ____A C:\Users\DANBOSS\Downloads\Sharpshooters_Extreme_Graphics_Vision-15105.rar
2012-08-27 15:44 - 2012-08-27 15:44 - 00001431 ____A C:\Users\DANBOSS\Downloads\Added_performance_and_neon_grass_at_night_fix-15105.rar
2012-08-26 18:23 - 2012-08-26 18:23 - 00000222 ____A C:\Users\DANBOSS\Desktop\Creation Kit.url
2012-08-26 18:23 - 2012-08-26 18:23 - 00000221 ____A C:\Users\DANBOSS\Desktop\The Elder Scrolls V Skyrim.url
2012-08-26 16:17 - 2012-08-26 16:17 - 06563800 ____A C:\Users\DANBOSS\Downloads\EVGA_PrecisionX_Setup_302.exe
2012-08-26 10:42 - 2012-08-26 10:42 - 30966872 ____A (                                                            ) C:\Users\DANBOSS\Downloads\nfsUnderwaterLife.exe
2012-08-26 10:37 - 2012-08-26 10:37 - 10224784 ____A (                                                            ) C:\Users\DANBOSS\Downloads\nfsHDWaterfall03.exe
2012-08-25 13:43 - 2012-08-25 13:43 - 00002144 ____A C:\Users\Public\Desktop\Sleeping Dogs.lnk
2012-08-25 13:32 - 2012-08-25 13:32 - 00001954 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-08-25 13:31 - 2012-08-25 13:31 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-08-25 13:25 - 2012-08-25 13:25 - 14259736 ____A (DT Soft Ltd) C:\Users\DANBOSS\Downloads\DTLite4454-0314.exe
2012-08-25 09:55 - 2012-08-25 09:55 - 00267072 ____A (Boonty) C:\Users\DANBOSS\Downloads\Gardenscapes_Mansion_Makeover_Downloaden{998764}.exe
2012-08-25 09:55 - 2012-08-25 09:55 - 00267072 ____A (Boonty) C:\Users\DANBOSS\Downloads\Gardenscapes_Mansion_Makeover_Downloaden{998764}(1).exe
2012-08-24 12:15 - 2012-09-22 18:08 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 11:39 - 2012-09-22 18:08 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 11:31 - 2012-09-22 18:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 11:22 - 2012-09-22 18:08 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 11:21 - 2012-09-22 18:08 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 11:20 - 2012-09-22 18:08 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 11:18 - 2012-09-22 18:08 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 11:17 - 2012-09-22 18:08 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 11:14 - 2012-09-22 18:08 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 11:14 - 2012-09-22 18:08 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 11:13 - 2012-09-22 18:08 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 11:12 - 2012-09-22 18:08 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 11:11 - 2012-09-22 18:08 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 11:10 - 2012-09-22 18:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 11:09 - 2012-09-22 18:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 11:04 - 2012-09-22 18:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 08:27 - 2012-09-22 18:08 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 08:03 - 2012-09-22 18:08 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 07:59 - 2012-09-22 18:08 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-24 07:51 - 2012-09-22 18:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-24 07:51 - 2012-09-22 18:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 07:51 - 2012-09-22 18:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 07:49 - 2012-09-22 18:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 07:48 - 2012-09-22 18:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 07:47 - 2012-09-22 18:08 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-24 07:47 - 2012-09-22 18:08 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-24 07:47 - 2012-09-22 18:08 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-24 07:45 - 2012-09-22 18:08 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 07:44 - 2012-09-22 18:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 07:44 - 2012-09-22 18:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 07:43 - 2012-09-22 18:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-24 07:40 - 2012-09-22 18:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 19:12 - 2012-09-12 15:29 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 19:12 - 2012-09-12 15:29 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 19:12 - 2012-09-12 15:29 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 19:12 - 2012-09-12 15:29 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 22:01 - 2012-09-26 07:35 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-19 19:26 - 2012-08-19 18:58 - 195291620 ____A C:\Users\DANBOSS\Downloads\Garten - Einblicke.MOV
2012-08-19 02:12 - 2012-08-19 02:12 - 06342768 ____A (Electronic Arts                                             ) C:\Users\DANBOSS\Downloads\setup_1055.exe
2012-08-18 23:09 - 2012-08-18 23:09 - 24112320 ____A C:\Users\DANBOSS\Downloads\UplayInstaller.exe
2012-08-18 23:09 - 2012-08-18 23:09 - 00001205 ____A C:\Users\DANBOSS\Desktop\Uplay.lnk
2012-08-18 09:26 - 2012-08-18 09:26 - 02314680 ____A (Beepa Pty Ltd) C:\Users\DANBOSS\Downloads\setup.exe
2012-08-17 17:45 - 2012-08-15 18:08 - 1049624576 ____A C:\Users\DANBOSS\Downloads\Casino.Jack.2010-720-ROOR.part1.rar
2012-08-16 19:06 - 2012-08-16 19:03 - 00001250 ____A C:\Users\Public\Desktop\CL-Eye Test.lnk
2012-08-16 19:03 - 2012-08-16 19:03 - 05413552 ____A (Code Laboratories, Inc.) C:\Users\DANBOSS\Downloads\CL-Eye-Driver-5.1.1.0177.exe
2012-08-16 19:03 - 2012-08-16 19:03 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-08-16 18:46 - 2012-08-16 18:46 - 00946352 ____A (Skype Technologies S.A.) C:\Users\DANBOSS\Downloads\SkypeSetup.exe
2012-08-16 18:46 - 2012-08-16 18:46 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2012-08-15 20:12 - 2012-08-15 20:12 - 00098304 ____A (Hewlett-Packard Company) C:\Users\DANBOSS\Downloads\HPUSBFW_v2.2.3(1).exe
2012-08-15 20:09 - 2012-08-15 20:09 - 00098304 ____A (Hewlett-Packard Company) C:\Users\DANBOSS\Downloads\HPUSBFW_v2.2.3.exe
2012-08-15 16:34 - 2012-08-15 16:34 - 13094312 ____A (Nullsoft, Inc.) C:\Users\DANBOSS\Downloads\winamp563_full_emusic-7plus_de-de.exe
2012-08-15 16:23 - 2012-08-15 16:23 - 00893936 ____A (Oracle Corporation) C:\Users\DANBOSS\Downloads\jxpiinstall(1).exe
2012-08-15 16:19 - 2012-08-15 16:19 - 00002041 ____A C:\Users\DANBOSS\Desktop\JDownloader.lnk
2012-08-15 16:08 - 2012-08-15 16:08 - 00077236 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\DANBOSS\Downloads\jDownloaderWebInstaller09581(1).exe
2012-08-15 15:55 - 2012-08-15 15:55 - 00144880 ____A C:\Users\DANBOSS\Downloads\muh.jdc
2012-08-15 15:40 - 2012-08-15 15:40 - 02742931 ____A C:\Users\DANBOSS\Downloads\tsMuxeR_1.10.6.zip
2012-08-14 21:29 - 2012-08-14 21:29 - 00157234 ____A C:\Users\DANBOSS\Downloads\RouterReconnect_1.3.zip
2012-08-14 21:20 - 2012-08-14 21:20 - 00332524 ____A C:\Users\DANBOSS\Downloads\FastIPChangerV1.8 Beta release 4.zip
2012-08-14 21:14 - 2012-08-14 21:14 - 00329658 ____A C:\Users\DANBOSS\Downloads\FastIPChangerV1.7.zip
2012-08-14 20:52 - 2012-08-14 20:52 - 00000871 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-08-14 20:51 - 2012-08-14 20:51 - 23251357 ____A C:\Users\DANBOSS\Downloads\vlc-2.0.2-win64.exe
2012-08-14 20:26 - 2012-08-14 20:26 - 00001998 ____A C:\Users\DANBOSS\Desktop\mkv2vob.lnk
2012-08-14 20:22 - 2012-08-14 20:22 - 00012240 ____A C:\Users\DANBOSS\Downloads\lol.jdc
2012-08-14 20:21 - 2012-08-14 20:21 - 08895488 ____A C:\Users\DANBOSS\Downloads\mkv2vob.exe
2012-08-14 18:46 - 2012-08-14 18:46 - 00077236 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\DANBOSS\Downloads\jDownloaderWebInstaller09581.exe
2012-08-14 11:12 - 2012-08-14 11:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-08-14 08:11 - 2012-08-14 08:11 - 00071680 ____A (Beepa P/L) C:\Windows\System32\frapsv64.dll
2012-08-14 08:11 - 2012-08-14 08:11 - 00065536 ____A (Beepa P/L) C:\Windows\SysWOW64\frapsvid.dll
2012-08-11 20:11 - 2012-08-11 20:09 - 330065644 ____A C:\Users\DANBOSS\Downloads\CXL_1.0.0.297_to_CXL_1.1.0.457-B3.zip
2012-08-11 01:00 - 2012-08-11 00:59 - 00893936 ____A (Oracle Corporation) C:\Users\DANBOSS\Downloads\jxpiinstall.exe
2012-08-09 22:37 - 2012-08-09 22:35 - 00004135 ____A C:\Windows\IE9_main.log
2012-08-09 22:36 - 2012-08-09 22:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-08-09 22:36 - 2012-08-09 22:36 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-08-09 22:36 - 2012-08-09 22:36 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-09 22:36 - 2012-08-09 22:36 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-08-09 22:36 - 2012-08-09 22:36 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-08-09 22:36 - 2012-08-09 22:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-08-09 22:36 - 2012-08-09 22:36 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-08-09 22:36 - 2012-08-09 22:36 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-08-09 22:36 - 2012-08-09 22:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-08-09 22:36 - 2012-08-09 22:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-08-09 22:36 - 2012-08-09 22:36 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-09 22:36 - 2012-08-09 22:36 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-08-09 22:36 - 2012-08-09 22:36 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-08-09 22:36 - 2012-08-09 22:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-08-09 22:36 - 2012-08-09 22:36 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-08-09 22:36 - 2012-08-09 22:36 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-08-09 22:36 - 2012-08-09 22:36 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-08-09 22:36 - 2012-08-09 22:36 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-08-09 22:36 - 2012-08-09 22:36 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-08-09 22:36 - 2012-08-09 22:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-08-09 22:36 - 2012-08-09 22:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-09 22:34 - 2012-08-06 12:45 - 01499556 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-09 20:01 - 2012-08-09 20:01 - 00735889 ____A C:\Users\DANBOSS\Downloads\pbsetup.zip
2012-08-09 19:59 - 2012-08-09 20:01 - 00840264 ____A C:\Windows\SysWOW64\pbsvc.exe
2012-08-09 19:59 - 2012-08-09 19:59 - 00840264 ____A C:\Users\DANBOSS\Downloads\pbsvc.exe
2012-08-09 19:33 - 2012-08-09 19:33 - 03878112 ____A C:\Users\DANBOSS\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe
2012-08-09 19:25 - 2012-08-09 19:25 - 00001174 ____A C:\Users\Public\Desktop\Battlefield 3.lnk
2012-08-08 22:45 - 2012-08-08 22:45 - 17063192 ____A (Electronic Arts, Inc.) C:\Users\DANBOSS\Downloads\OriginThinSetup.exe
2012-08-08 22:45 - 2012-08-08 22:45 - 00000552 ____A C:\Windows\KB893803v2.log
2012-08-08 22:20 - 2012-08-08 22:20 - 08531968 ____A C:\Users\DANBOSS\Downloads\SteamInstall_German.msi
2012-08-08 22:20 - 2012-08-08 22:20 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
2012-08-08 21:27 - 2012-08-08 21:27 - 00000869 ____A C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2012-08-08 21:26 - 2012-08-08 21:26 - 04403856 ____A (                                                            ) C:\Users\DANBOSS\Downloads\cpu-z_1.61-3setup-en.exe
2012-08-08 21:19 - 2012-08-08 21:18 - 01449984 ____A C:\Users\DANBOSS\Downloads\pidenu31.msi
2012-08-08 20:33 - 2012-08-08 20:33 - 00001777 ____A C:\Users\DANBOSS\Desktop\Spotify.lnk
2012-08-08 19:56 - 2012-08-08 19:56 - 00002461 ____A C:\Users\DANBOSS\Desktop\A New Dawn.lnk
2012-08-08 19:56 - 2012-08-08 19:56 - 00002445 ____A C:\Users\DANBOSS\Desktop\A New Dawn Configuration.lnk
2012-08-08 19:44 - 2012-08-08 19:32 - 809008142 ____A C:\Users\DANBOSS\Downloads\ANewDawn.exe
2012-08-08 19:42 - 2012-08-08 19:42 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-08-08 18:32 - 2012-08-08 18:32 - 00000004 ____A C:\Windows\SysWOW64\ 9w
2012-08-08 18:32 - 2012-08-08 18:05 - 00419840 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-08-08 18:32 - 2012-08-08 18:05 - 00413696 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-08-08 18:32 - 2012-08-08 18:05 - 00111616 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-08-08 18:32 - 2012-08-08 18:05 - 00102400 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-08-08 18:32 - 2012-08-08 18:05 - 00097700 ____A C:\Windows\Cmicnfgp.ini.cfl
2012-08-08 18:32 - 2012-08-08 18:05 - 00000933 ____A C:\Windows\Cmicnfgp.ini.imi
2012-08-08 18:29 - 2012-08-08 18:29 - 00356848 ____A (WinZip Computing) C:\Users\DANBOSS\Downloads\WinZip165International.exe
2012-08-08 18:28 - 2012-08-08 18:28 - 11985566 ____A C:\Users\DANBOSS\Downloads\PCI_DX_7_12_8_1794_W7.rar
2012-08-08 18:01 - 2012-08-08 18:01 - 08286208 ____A C:\Users\DANBOSS\Downloads\SMS24B300HL.exe
2012-08-08 17:54 - 2012-08-08 17:54 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-08-08 17:50 - 2012-08-06 12:45 - 00001912 ____A C:\Windows\epplauncher.mif
2012-08-08 17:25 - 2012-08-08 17:25 - 00000020 ___SH C:\Users\DANBOSS\ntuser.ini
2012-08-08 17:25 - 2012-08-08 17:25 - 00000000 ____A C:\Users\DANBOSS\agent.log
2012-08-07 08:27 - 2009-07-14 05:46 - 00004312 ____A C:\Windows\DtcInstall.log
2012-08-07 08:05 - 2012-08-07 08:05 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-08-06 15:22 - 2012-08-06 13:44 - 00000836 ____A C:\lucid.log
2012-08-06 15:02 - 2012-08-06 12:10 - 00003652 ____A C:\Windows\TSSysprep.log
2012-08-06 14:46 - 2012-08-06 14:46 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-08-06 13:43 - 2012-08-06 13:27 - 00017448 ____A C:\Windows\DPINST.LOG
2012-08-06 13:27 - 2012-08-06 13:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2012-08-06 13:19 - 2012-08-06 13:19 - 00000000 ____A C:\Users\User\agent.log
2012-08-06 13:13 - 2012-08-06 13:13 - 00057560 ____A C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-06 13:13 - 2012-08-06 13:13 - 00019136 ____A C:\Windows\System32\results.xml
2012-08-06 13:07 - 2009-07-14 06:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-08-06 13:07 - 2009-07-14 06:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-08-06 12:50 - 2012-08-06 12:50 - 00000020 ___SH C:\Users\User\ntuser.ini
2012-08-02 18:58 - 2012-09-12 15:29 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 17:57 - 2012-09-12 15:29 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-20 11:12 - 2012-07-20 11:12 - 00044928 ____A (ManyCam LLC) C:\Windows\System32\Drivers\mcvidrv_x64.sys
2012-07-20 11:12 - 2012-07-20 11:12 - 00029696 ____A (ManyCam LLC) C:\Windows\System32\Drivers\mcaudrv_x64.sys
2012-07-18 19:15 - 2012-08-15 15:19 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-10-02 20:25:56

==================== Memory info =========================== 

Percentage of memory in use: 7%
Total physical RAM: 16278.02 MB
Available physical RAM: 15080.91 MB
Total Pagefile: 16276.22 MB
Available Pagefile: 15070.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:625.77 GB) NTFS
4 Drive g: (SCANDISC) (Removable) (Total:7.45 GB) (Free:7.38 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          931 GB      0 B         
  Datentr„ger 1    Online         7629 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r             100 MB  1024 KB
  Partition 2    Prim„r             931 GB   101 MB

==================================================================================

Disk: 0
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     Y   System-rese  NTFS   Partition    100 MB  Fehlerfre          

=========================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     C                NTFS   Partition    931 GB  Fehlerfre          

=========================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     C                NTFS   Partition    931 GB  Fehlerfre          

=========================================================

Partitions of Disk 1:
===============

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            7629 MB    16 KB

==================================================================================

Disk: 1
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   SCANDISC     NTFS   Wechselmed  7629 MB  Fehlerfre          

=========================================================

Disk: 1
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   SCANDISC     NTFS   Wechselmed  7629 MB  Fehlerfre          

=========================================================

Last Boot: 2012-09-26 08:02

==================== End Of Log =============================
         
Habe aber keinerlei Fix gemacht !

Antwort

Themen zu PayPal Konto gehackt!
adobe, adware.solimba.lame, antivirus, asus, attention, autorun, bankguard, bho, bingbar, explorer, firefox, format, google, home, launch, logfile, microsoft, mozilla, nvidia, nvidia update, object, pdf, problem, programme, realtek, registry, scan, software, spotify web helper, tarma, teamspeak, usb, usb 3.0, windows



Ähnliche Themen: PayPal Konto gehackt!


  1. Email- Konto gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (26)
  2. Phishing-Warnung: PayPal hat auf Ihrem Konto Betrug festgestellt!
    Diskussionsforum - 26.11.2014 (2)
  3. PayPal-Phishing: Erinnerung: Ihr Konto wird eingeschränkt, bis wir von Ihnen hören.
    Diskussionsforum - 14.10.2014 (2)
  4. Phishing: Informationen zu Ihrem PayPal-Konto (Ihr PayPal-Konto weist derzeit einen negativen Kontostand auf.)
    Diskussionsforum - 11.10.2014 (0)
  5. Ebay und Paypal gehackt
    Log-Analyse und Auswertung - 07.09.2014 (5)
  6. Email-Konto gehackt?
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (2)
  7. Email-Konto gehackt?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (1)
  8. Kreditkarte des Paypal-Chefs gehackt
    Nachrichten - 11.02.2014 (0)
  9. E-Mail Konto gehackt
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (11)
  10. E-mail Konto gehackt
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (17)
  11. Paypal Konto gehackt trojh gen
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (1)
  12. Abhebung vom Paypal Konto, Trojaner?
    Log-Analyse und Auswertung - 18.04.2012 (11)
  13. Yahoo- & PayPal-Account gehackt - Trojaner?
    Log-Analyse und Auswertung - 30.01.2012 (4)
  14. Wurde mein MSN Konto gehackt?
    Alles rund um Windows - 28.01.2011 (1)
  15. eBay und Sparkassen Konto gehackt
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (9)
  16. paypal konto gehackt?
    Überwachung, Datenschutz und Spam - 26.06.2010 (1)
  17. Paypal Account gehackt! Keylogger auf dem Rechner?
    Log-Analyse und Auswertung - 07.07.2009 (0)

Zum Thema PayPal Konto gehackt! - Hi, hab folgendes Problem,war grad meine E-Mails checken und hab ne Nachricht von Pay-Pal bekommen,das ein Lastschrift Abbuchung stattgefunden hat ! War ein Online Key Spiele Händler! Habe schonmal die - PayPal Konto gehackt!...
Archiv
Du betrachtest: PayPal Konto gehackt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.