Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Eigene Mailadresse wird missbraucht um Spam-Mails zu versenden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.04.2013, 19:21   #1
kirchberger
 
Eigene Mailadresse wird missbraucht um Spam-Mails zu versenden - Standard

Eigene Mailadresse wird missbraucht um Spam-Mails zu versenden



Erst mal einen schönen guten Abend in die Runde!

Ich habe seit heute (zumindest fällt es mir seit heute auf) das Folgende Problem: Offensichtlich werden von meiner Mailadresse Spam-Mails an irgendwelche Empfänger versendet. Bemerkt hab ich das ganze, als ich Fehlernachrichten im Posteingang hatte (der gmail Server hat "meine" Mail abgelehnt, da ein "illegal attachmet" entdeckt wurde.

Anbei eine exemplarische Fehlermeldung. Der einzige Unterschied zwischen den verschiedenen Fehlermeldungen ist die Empfänger-Mailadresse und der vorgegebene Name, unter welchem die Mails verschickt wird.

Ich habe in nachstehendem Code meine eigene Mailadresse auf meinemail@domain.at umbenannt und die Adresse des Empfängers auf empfänger@gmail.com umbenannt. Die endlose Zeichenansammlung am Ende der Fehlermeldung habe ich in der Mitte etwas verkürzt. Ich hoffe, das stört nicht.

Code:
ATTFilter
Hi. This is the qmail-send program at server153-han.de-nserver.de.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<empfänger@gmail.com>:
173.194.69.27 failed after I sent the message.
Remote host said: 552-5.7.0 Our system detected an illegal attachment on your message. Please
552-5.7.0 visit hxxp://support.google.com/mail/bin/answer.py?answer=6590 to
552 5.7.0 review our attachment guidelines. io11si5532163bkc.133 - gsmtp

--- Below this line is a copy of the message.

Return-Path: <meinemail@domain.at>
Received: (qmail 11952 invoked from network); 4 Apr 2013 19:00:09 +0200
Received: from xdslfs230.osnanet.de (HELO sven) (89.166.204.230)
  (smtp-auth username meinemail@domain.at, mechanism login)
  by server153-han.de-nserver.de (qpsmtpd/0.82) with (DES-CBC3-SHA encrypted) ESMTPSA; Thu, 04 Apr 2013 19:00:09 +0200
From: "Rechnungsstelle Naschplatz.de" <meinemail@domain.at>
To: "=?utf-8?q?R=C3=BCdiger Kern?=" <empfänger@gmail.com>
Subject: =?utf-8?q?R=C3=BCdiger Kern Mahnkosten Ihrer offenen Rechnung =C3=BCber 757,00 Euro?=
Date: Thu, 4 Apr 2013 16:59:55 GMT
MIME-Version: 1.0
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-Priority: 3
Content-Type: multipart/mixed; boundary="=-XC2F5D2C4D"
X-User-Auth: Auth by meinemail@domain.at through 89.166.204.230

--=-XC2F5D2C4D
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

<p><strong>Sehr geehrter Kunde R=C3=BCdiger Kern,<br />
  <br />
</strong>wir m&uuml;ssten leider festgestellen, dass die Rechnung Nr.: 7093=
87940  nicht beglichen wurde. <br />
  Wir belassen Ihnen trotzdem noch eine letzte M&ouml;glichkeit, Ihre Verpf=
lichtung zu erf&uuml;llen, indem Sie innerhalb von 3 Tagen die ausstehende =
Summe in H&ouml;he von <strong>757,00 Euro</strong> an uns &uuml;berweisen.=
<br />
  <br />
  <strong>Aktikel-Nummer: 709387940 R=C3=BCdiger Kern 757,00 Euro<br />
  <br />
  </strong>Im Fall einer nicht Zahlung m&uuml;ssen wir laut geltendem Recht=
 die offenen Forderungen beim Rechtsanwalt fordern. <br />
<br />
<strong>Allgemeine Gesch&auml;ftsbedingungen und Widerrufsrecht sind in der=
 beigef&uuml;gten Rechnung.<br />
<br />
</strong>Naschplatz.de GmbH <br />
  Telefon: (+49) 853 3737519<br />
  Umsatzsteuer-Nr.: DE483439204 Allendorf<br />
Gesch&auml;ftsleiter: Karl  Ziegler</p>

--=-XC2F5D2C4D
Content-Type: application/octet-stream; name="=?utf-8?q?Aktikel-Nummer: 709387940 R=C3=BCdiger Kern.zip?="
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="=?utf-8?q?Aktikel-Nummer: 709387940 R=C3=BCdiger Kern.zip?="

UEsDBBQAAgAIAOp4hEI8UU3AiYQBAHaEAQApAAAATWFobnVuZyBJaHJlciBSZWNobnVuZyB2
b20gMDQuMDQuMjAxMy56aXAAF0Dov1BLAwQUAAIACADJeIRC+rGXTcKDAQAAYgIAKQAAAE1h
aG51bmcgSWhyZXIgUmVjaG51bmcgdm9tIDA0LjA0LjIwMTMuY29t7L19eBTV9Tg+m90km2TD
rJJgeJOoQdEARhcwYQEXkw1BCW5Y2BAxASvgulKlMANYSdg4u5jJMEqrtNrKRynaamv7wVZe

(...)

GajIUX0O36u/nggIn5FGbOGhcI0YX+zLJBIjELm0RZUO8YyVDhktftb44qdi8ZV1lCqaPD0E
waRxEKTg578GQ8I4GEj0MBR7rw/F3869TiMYMcHfzL9+Ixj/M41gvG4jkKPPIv5dJXzPooEJ
HwDBPDb2/KfHf1U9/3lu3PlPCkT7945/2GnSV0sjROFvctBspqqeqdRo/5j9Fu2yazhjg2/3
Fwe03Gf8Xjx6K5QC0ahj2WDPNnKo5pniOhyCQZmAkIoGNmZpIhsNAfKrjYmQgZKtJ+fZaIZe
bCFnvPKvT58mQ2l1sjmuHbGRi0FVr0OfNJup/KFPQseOZckJOtX3ie7suvBxYD6ReOjdWVVY
xGdUEqnWRGnZWVg+zJYausICyk+dIfcVzrN6sUXWWX2OXGjjxZVE0HAmSqgFPQp3o8u03hZ1
EALZ+Hzp2xmq1PNv5Wip505i8bSL/GCbyAn5UhdGkN66c1Sp9BiZEpSHMaZCh9A6/4yOOH9J
4MMLihIJjQ6HnrwQOonlL84UC8x4zOgaKQZ+Wyjos/dzM6Ttd4bkf+4cK8/hBm43HyXV9hjt
i4lIxxwp+05iCvuWSETpvWz1ps4a3IFG1q4I1mRhGY9oWJw1rU7To0RpghSjJv56STixXImq
GJTanWuE0gH7WbrBAJkM+rW05zs9rj9M7OKmFWnJWl9nsJEZoU/4clz6EnZ6DjdBbB7qRHkG
/tMRocAslpqE0n75J2oocGa/WUJK8iyJINqtAKa8RGzukgSn2e6v1gmMGe2jXnwRNxVLIDlM
bbOl/CXhlpbWEa8x1Bjb0FKAJnzbgfoQUtHCignzUbhp7YRbRFp3ZjBTnyO2sD9pWhVVdzmW
rSaXJrbAtFPnHqEa40Tam6VpY1BonmpdMSEqls0V6abVE1IwMkMi391oFGmHmgKjatWoKbFc
Col6I0a9gURNCEeFaDo12o2xKIAo5UG1csVoZZFBmWLJU3Wy7UJNQ07J00E3bkVd1zDfPlaG
YdEa54B3hUE/SAG72adBMjaipRsS8KZCBxtbZ4/louqMellXZ7kqlvbDMl7XIpSaBWbA3kPz
XYQAmZs06TfQDa/AS3o8a2rUZWVCGxP5boifY

--- End of message stripped.
         

Wie in der Anleitung zum erstellen eines neuen Threads beschrieben hier noch die OTL.txt

Code:
ATTFilter
OTL logfile created on: 04.04.2013 19:05:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MP\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 60,92% Memory free
8,00 Gb Paging File | 6,15 Gb Available in Paging File | 76,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 251,37 Gb Total Space | 196,96 Gb Free Space | 78,36% Space Free | Partition Type: NTFS
Drive D: | 97,74 Gb Total Space | 7,78 Gb Free Space | 7,96% Space Free | Partition Type: NTFS
Drive E: | 573,62 Gb Total Space | 228,59 Gb Free Space | 39,85% Space Free | Partition Type: NTFS
Drive G: | 8,79 Gb Total Space | 3,51 Gb Free Space | 39,97% Space Free | Partition Type: NTFS
 
Computer Name: MP-PC | User Name: MP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.04 18:52:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.04.04 18:51:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MP\Desktop\OTL.exe
PRC - [2013.04.01 15:05:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.01 15:05:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.01 15:05:34 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.18 16:08:44 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013.02.13 20:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.02.13 20:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 14:13:34 | 000,320,448 | ---- | M] () -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe
PRC - [2012.08.31 16:22:04 | 001,133,176 | ---- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe
PRC - [2010.10.25 16:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.04 18:52:08 | 003,143,576 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.27 22:38:23 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\40ec6eb5a95de56636ea90f638d1eb2c\System.ServiceProcess.ni.dll
MOD - [2013.03.27 22:31:01 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll
MOD - [2013.03.27 21:14:55 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c627e9b7f10b01db43645284e601f255\PresentationFramework.ni.dll
MOD - [2013.03.27 21:14:38 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6e5a88684e45c45cddf654a902b9c789\PresentationCore.ni.dll
MOD - [2013.03.27 21:14:32 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5434074a2458956c9a421cf3a8aab676\System.Core.ni.dll
MOD - [2013.03.27 21:14:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll
MOD - [2013.03.27 21:14:28 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\54fef0787e00fc172cf386ba94bb7f10\WindowsBase.ni.dll
MOD - [2013.03.27 21:14:27 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7600fa0122191abced58b5e98303dfb3\System.Configuration.ni.dll
MOD - [2013.03.27 21:14:24 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll
MOD - [2013.03.27 21:14:17 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll
MOD - [2010.10.25 16:15:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.04 18:52:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 17:02:42 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\MP\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2013.04.01 15:05:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.01 15:05:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.18 15:29:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 14:13:34 | 000,320,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe -- (PCSUService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.01 15:05:58 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.01 15:05:58 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.01 15:05:58 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.01.31 10:19:52 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd)
DRV:64bit: - [2013.01.31 10:19:52 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.01.31 10:19:52 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.25 05:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.02.12 16:11:26 | 000,026,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rsdrvx64.sys -- (ElRawDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 D6 2F 9A B3 18 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&k=0
IE - HKCU\..\SearchScopes\{2E3A2A0C-E98E-4D5B-B29F-D96EA0B4DD58}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{533F4CBD-81F6-45B7-81E0-6D67B71C0778}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{65AC1028-D127-4F0B-B55D-6E574676DAF6}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{96EF2CA0-E8D3-441B-BD9E-3B2F7904DDB7}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{BB25B4C9-0495-4AB3-9852-B6B4DB45EE9C}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{D2D70930-2653-474E-B88B-12D473A8508D}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.03.14 14:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 18:52:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.14 14:12:08 | 000,000,000 | ---D | M]
 
[2013.03.02 21:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\Extensions
[2013.04.04 17:02:48 | 000,002,079 | ---- | M] () -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\xilo4dy8.default\searchplugins\{22882E5D-4AC0-4BDA-B282-7823AEC7C9CD}.xml
[2013.04.04 17:02:48 | 000,002,190 | ---- | M] () -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\xilo4dy8.default\searchplugins\{7C6F2454-2276-4E44-90A4-FD696113D73F}.xml
[2013.04.04 17:02:48 | 000,001,872 | ---- | M] () -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\xilo4dy8.default\searchplugins\{997F8368-2E41-4AAE-AFA2-6789CE4D1CA6}.xml
[2013.03.08 15:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.04 18:52:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.04.04 17:02:48 | 000,001,686 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.04 17:02:48 | 000,001,937 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.04 17:02:48 | 000,001,273 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.04 17:02:48 | 000,007,053 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.04 17:02:48 | 000,001,280 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.04 17:02:48 | 000,001,172 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\MP\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACSW15EN] C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{617EEA3B-F217-4B70-8FED-1E8F21A10807}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.25 00:30:27 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.04 18:51:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MP\Desktop\OTL.exe
[2013.04.04 18:36:42 | 005,047,266 | ---- | C] (Swearware) -- C:\Users\MP\Desktop\ComboFix.exe
[2013.04.04 17:17:58 | 000,000,000 | ---D | C] -- C:\Users\MP\Documents\PCSpeedUp
[2013.04.04 17:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExposurePlot
[2013.04.04 17:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExposurePlot
[2013.04.04 17:07:23 | 000,000,000 | ---D | C] -- C:\Users\MP\Desktop\exposureplot_115a
[2013.04.04 17:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
[2013.04.04 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2013.04.04 17:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.04.04 17:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.04.04 17:02:48 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\Opera
[2013.04.04 17:02:42 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\OCS
[2013.04.04 15:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.04 14:48:24 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\Simply Super Software
[2013.04.04 14:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.04.04 14:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.04.04 14:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.04.04 14:26:40 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\Malwarebytes
[2013.04.04 14:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.04 14:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.04 14:26:23 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.04 14:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.01 15:06:24 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.01 15:06:24 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.01 15:06:24 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.31 16:36:07 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Local\Diagnostics
[2013.03.31 12:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vehicle Simulator
[2013.03.31 12:45:04 | 033,069,678 | ---- | C] (Quality Simulations                                         ) -- C:\Users\MP\Desktop\vsf_demo.exe
[2013.03.29 18:41:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.03.28 10:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.27 21:23:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.03.27 21:23:35 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Local\Samsung
[2013.03.27 21:23:33 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\Samsung
[2013.03.27 21:23:29 | 000,000,000 | ---D | C] -- C:\Users\MP\Documents\samsung
[2013.03.27 21:20:44 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudserd.sys
[2013.03.27 21:20:44 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013.03.27 21:20:43 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013.03.27 21:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2013.03.27 21:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2013.03.27 21:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.03.27 21:18:15 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2013.03.27 21:17:37 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2013.03.27 21:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.03.27 21:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.03.27 21:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2013.03.27 21:10:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.21 21:39:11 | 000,000,000 | ---D | C] -- C:\Users\MP\Documents\ShipSim2008 UserData
[2013.03.21 21:39:11 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schiff-Simulator 2008
[2013.03.21 18:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.03.21 18:49:57 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.03.21 18:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ship Simulator 2008
[2013.03.21 04:02:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.03.21 04:01:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.03.18 16:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.18 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.03.18 16:08:42 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Local\Google
[2013.03.14 14:55:16 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\NVIDIA
[2013.03.14 14:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013.03.14 14:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2013.03.14 14:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5
[2013.03.14 14:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.03.11 22:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunatic
[2013.03.10 17:46:59 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Local\Gerald_Ihninger
[2013.03.10 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\MP\Desktop\Browser
[2013.03.08 22:54:25 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\Real
[2013.03.08 22:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013.03.08 15:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.06 22:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.03.06 22:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.03.05 22:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
[2013.03.05 22:39:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACD Systems
[2013.03.05 22:38:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.03.05 20:55:33 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\ACD Systems
[2013.03.05 20:55:33 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Local\ACD Systems
[2013.03.05 20:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems
[2013.03.05 20:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACD Systems
[2013.03.05 20:35:26 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Local\Downloaded Installations
[2011.04.02 01:47:24 | 687,994,304 | ---- | C] (Microsoft Corporation) -- C:\Users\MP\AppData\Roaming\14.0.4734.1000_ProfessionalPlus_volume_ship_x86_en-us_exe.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.04 18:51:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MP\Desktop\OTL.exe
[2013.04.04 18:50:35 | 000,000,000 | ---- | M] () -- C:\Users\MP\defogger_reenable
[2013.04.04 18:50:13 | 000,050,477 | ---- | M] () -- C:\Users\MP\Desktop\Defogger.exe
[2013.04.04 18:37:08 | 005,047,266 | ---- | M] (Swearware) -- C:\Users\MP\Desktop\ComboFix.exe
[2013.04.04 18:19:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.04 18:13:44 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\PC SpeedUp Service Deactivator.job
[2013.04.04 18:13:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.04 17:07:34 | 000,001,059 | ---- | M] () -- C:\Users\MP\Desktop\ExposurePlot.lnk
[2013.04.04 17:03:43 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\ExifViewer Installer.Zip
[2013.04.04 17:02:39 | 000,000,000 | ---- | M] () -- C:\Program Files\ExifViewer Installer.Zip
[2013.04.04 15:13:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.04 15:05:52 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 15:05:52 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 15:03:03 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.04 15:03:03 | 000,651,768 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.04 15:03:03 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.04 15:03:03 | 000,129,468 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.04 15:03:03 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.04 14:58:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.04 14:57:55 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.04 14:26:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.04 14:11:15 | 000,089,088 | ---- | M] () -- C:\Users\MP\mbr.exe
[2013.04.01 15:05:58 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.01 15:05:58 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.01 15:05:58 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.31 14:42:36 | 000,000,673 | ---- | M] () -- C:\Users\MP\Desktop\Vehicle Simulator.lnk
[2013.03.31 12:46:31 | 033,069,678 | ---- | M] (Quality Simulations                                         ) -- C:\Users\MP\Desktop\vsf_demo.exe
[2013.03.31 11:23:46 | 000,001,135 | ---- | M] () -- C:\Users\MP\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013.03.31 04:23:19 | 004,973,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.29 14:45:05 | 000,003,021 | ---- | M] () -- C:\Users\MP\Desktop\Microsoft Word 2010.lnk
[2013.03.29 14:44:53 | 000,003,041 | ---- | M] () -- C:\Users\MP\Desktop\Microsoft Publisher 2010.lnk
[2013.03.29 14:44:44 | 000,002,937 | ---- | M] () -- C:\Users\MP\Desktop\Microsoft PowerPoint 2010.lnk
[2013.03.29 14:44:31 | 000,003,029 | ---- | M] () -- C:\Users\MP\Desktop\Microsoft Outlook 2010.lnk
[2013.03.29 14:44:20 | 000,002,951 | ---- | M] () -- C:\Users\MP\Desktop\Microsoft Excel 2010.lnk
[2013.03.29 14:44:14 | 000,002,919 | ---- | M] () -- C:\Users\MP\Desktop\Microsoft Access 2010.lnk
[2013.03.27 21:23:27 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.03.27 21:18:28 | 000,002,030 | ---- | M] () -- C:\Users\MP\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013.03.27 21:18:28 | 000,002,020 | ---- | M] () -- C:\Users\MP\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013.03.21 21:41:06 | 026,271,857 | ---- | M] () -- C:\Users\MP\Desktop\D7100_EU(De)02.pdf
[2013.03.21 21:39:12 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\Ship Simulator 2008 Mission Editor.lnk
[2013.03.21 21:39:12 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\Ship Simulator 2008.lnk
[2013.03.18 16:09:56 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.14 14:12:10 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2013.03.11 22:27:16 | 000,001,807 | ---- | M] () -- C:\Users\MP\Desktop\Tunatic.lnk
[2013.03.06 22:26:10 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.2 64-Bit.lnk
[2013.03.05 22:39:59 | 000,002,845 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee 15.lnk
[2013.03.05 20:55:27 | 000,002,869 | ---- | M] () -- C:\Users\MP\Desktop\ACDSee 15.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.04 18:50:35 | 000,000,000 | ---- | C] () -- C:\Users\MP\defogger_reenable
[2013.04.04 18:50:12 | 000,050,477 | ---- | C] () -- C:\Users\MP\Desktop\Defogger.exe
[2013.04.04 17:07:34 | 000,001,059 | ---- | C] () -- C:\Users\MP\Desktop\ExposurePlot.lnk
[2013.04.04 17:04:32 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\PC SpeedUp Service Deactivator.job
[2013.04.04 17:03:43 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\ExifViewer Installer.Zip
[2013.04.04 17:02:39 | 000,000,000 | ---- | C] () -- C:\Program Files\ExifViewer Installer.Zip
[2013.04.04 14:26:27 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.04 14:11:08 | 000,089,088 | ---- | C] () -- C:\Users\MP\mbr.exe
[2013.03.31 14:42:36 | 000,000,673 | ---- | C] () -- C:\Users\MP\Desktop\Vehicle Simulator.lnk
[2013.03.29 14:45:05 | 000,003,021 | ---- | C] () -- C:\Users\MP\Desktop\Microsoft Word 2010.lnk
[2013.03.29 14:44:53 | 000,003,041 | ---- | C] () -- C:\Users\MP\Desktop\Microsoft Publisher 2010.lnk
[2013.03.29 14:44:44 | 000,002,937 | ---- | C] () -- C:\Users\MP\Desktop\Microsoft PowerPoint 2010.lnk
[2013.03.29 14:44:31 | 000,003,029 | ---- | C] () -- C:\Users\MP\Desktop\Microsoft Outlook 2010.lnk
[2013.03.29 14:44:20 | 000,002,951 | ---- | C] () -- C:\Users\MP\Desktop\Microsoft Excel 2010.lnk
[2013.03.29 14:44:14 | 000,002,919 | ---- | C] () -- C:\Users\MP\Desktop\Microsoft Access 2010.lnk
[2013.03.27 21:23:27 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.03.27 21:18:28 | 000,002,030 | ---- | C] () -- C:\Users\MP\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013.03.27 21:18:28 | 000,002,020 | ---- | C] () -- C:\Users\MP\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013.03.21 21:41:06 | 026,271,857 | ---- | C] () -- C:\Users\MP\Desktop\D7100_EU(De)02.pdf
[2013.03.21 21:39:12 | 000,000,773 | ---- | C] () -- C:\Users\Public\Desktop\Ship Simulator 2008 Mission Editor.lnk
[2013.03.21 18:34:34 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\Ship Simulator 2008.lnk
[2013.03.18 16:09:56 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.18 16:08:48 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.18 16:08:47 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.14 14:12:09 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2013.03.14 14:12:09 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2013.03.14 14:12:09 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2013.03.14 14:04:36 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013.03.11 22:27:16 | 000,001,807 | ---- | C] () -- C:\Users\MP\Desktop\Tunatic.lnk
[2013.03.06 22:26:10 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.2 64-bit.lnk
[2013.03.06 22:26:10 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.2 64-Bit.lnk
[2013.03.05 22:39:59 | 000,002,845 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee 15.lnk
[2013.03.05 20:55:27 | 000,002,869 | ---- | C] () -- C:\Users\MP\Desktop\ACDSee 15.lnk
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.05 20:55:33 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\ACD Systems
[2013.03.21 18:32:46 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Azureus
[2013.03.02 23:35:37 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Need for Speed World
[2013.04.04 17:02:42 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\OCS
[2013.04.04 17:02:48 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Opera
[2013.03.29 18:41:40 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Samsung
[2013.04.04 14:48:24 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Simply Super Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:EC2E1DEC
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:6DDED7D9
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
         
die EXTRAS.txt


Code:
ATTFilter
OTL Extras logfile created on: 04.04.2013 19:05:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MP\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 60,92% Memory free
8,00 Gb Paging File | 6,15 Gb Available in Paging File | 76,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 251,37 Gb Total Space | 196,96 Gb Free Space | 78,36% Space Free | Partition Type: NTFS
Drive D: | 97,74 Gb Total Space | 7,78 Gb Free Space | 7,96% Space Free | Partition Type: NTFS
Drive E: | 573,62 Gb Total Space | 228,59 Gb Free Space | 39,85% Space Free | Partition Type: NTFS
Drive G: | 8,79 Gb Total Space | 3,51 Gb Free Space | 39,97% Space Free | Partition Type: NTFS
 
Computer Name: MP-PC | User Name: MP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 15.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSeeQV15.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 15.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSeeQV15.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{339C0F29-0478-4AD3-BB51-970BA8AEB801}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AE8230A-5CF8-4A84-86EE-A508DAB25EE8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{62B8BCC2-46D5-455C-AB41-31FDFA258E99}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{75186CD0-928E-43C1-88F4-8BF10714EE1A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{87138C43-3819-4292-9119-E42FEFA2A8E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{9F1B8AB0-3873-454B-ABCA-CFADD3993E2C}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{C040AAA4-1C6E-4892-96DC-B7FF8420F0D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{DE7E3C27-1D39-4ACB-BD1B-CD869C6D9DC0}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"TCP Query User{42301EEA-A578-47A9-A20C-848CAE461C40}E:\spiele\vehicle simulator\vsf.exe" = protocol=6 | dir=in | app=e:\spiele\vehicle simulator\vsf.exe | 
"TCP Query User{455F1876-3FC1-4359-B1C3-8451167A38DC}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{DE5A2E9D-AE41-4BF5-9C12-205564A898AB}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{E3FB708B-FD2E-4316-ADEA-67AB892A2377}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{907AD147-C0E3-4BE5-9950-FD42EB721063}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{D5892120-BDB0-4D46-B7E1-49E77B030225}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{DB19BBEE-9967-4EEA-994F-5C13DC2C35F7}E:\spiele\vehicle simulator\vsf.exe" = protocol=17 | dir=in | app=e:\spiele\vehicle simulator\vsf.exe | 
"UDP Query User{E5162EB7-0924-4DD8-B6B3-51B4270F9CC5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{993DAF7C-A5F8-42EA-81D4-DAE3C9D2D1F7}_is1" = Remo Recover
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A573D759-F894-448D-A420-3A9C31879F88}_is1" = Remo Recover 4.0
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B71CCF77-38A2-4805-9759-A6F7D2C52F3A}" = Adobe Photoshop Lightroom 4.2 64-bit
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PCSU-SL_is1" = PC Speed Up - Vollständige Deinstallation
"Recuva" = Recuva
"SearchAnonymizer" = SearchAnonymizer
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B580C89C-F7F8-4A78-BAF0-5560C6E9E76D}" = ACDSee 15
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ExposurePlot_is1" = ExposurePlot 1.1.5a
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Ship Simulator 2008 Horns and Whistles Add-on V1.3_is1" = Ship Simulator 2008 Horns and Whistles Add-on V1.3
"Ship Simulator 2008 Solent Radio Sounds_is1" = Ship Simulator 2008 Solent Radio Sounds
"Shipsim2008" = Ship Simulator 2008
"Trojan Remover_is1" = Trojan Remover 6.8.5
"Tunatic" = Tunatic
"Vehicle Simulator_is1" = Vehicle Simulator
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.03.2013 14:59:04 | Computer Name = MP-PC | Source = Windows Backup | ID = 4103
Description = Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort
 "L:\" nicht abgeschlossen. Fehler: "The backup location cannot be found or is not
 valid. Review your backup settings and check the backup location. (0x81000006)"
 
Error - 27.03.2013 15:23:06 | Computer Name = MP-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
 - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code
 = 0x800700d8  
 
Error - 27.03.2013 15:23:07 | Computer Name = MP-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
 - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code
 = 0x800700d8  
 
Error - 31.03.2013 06:06:03 | Computer Name = MP-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Vs.exe, Version: 7.0.0.1, Zeitstempel:
 0x45f41410  Name des fehlerhaften Moduls: sapi.dll, Version: 5.3.13120.0, Zeitstempel:
 0x4ce7b9a3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003a460  ID des fehlerhaften Prozesses:
 0xd70  Startzeit der fehlerhaften Anwendung: 0x01ce2df699156520  Pfad der fehlerhaften
 Anwendung: E:\Spiele\Virtual Sailor\Vs.exe  Pfad des fehlerhaften Moduls: C:\Windows\System32\Speech\Common\sapi.dll
Berichtskennung:
 981df000-99ea-11e2-9554-002185f92100
 
Error - 31.03.2013 06:06:34 | Computer Name = MP-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Vs.exe, Version: 7.0.0.1, Zeitstempel:
 0x45f41410  Name des fehlerhaften Moduls: sapi.dll, Version: 5.3.13120.0, Zeitstempel:
 0x4ce7b9a3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003a460  ID des fehlerhaften Prozesses:
 0xae0  Startzeit der fehlerhaften Anwendung: 0x01ce2df75da595e0  Pfad der fehlerhaften
 Anwendung: E:\Spiele\Virtual Sailor\Vs.exe  Pfad des fehlerhaften Moduls: C:\Windows\System32\Speech\Common\sapi.dll
Berichtskennung:
 aa540c00-99ea-11e2-9554-002185f92100
 
Error - 31.03.2013 10:33:03 | Computer Name = MP-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 664    Startzeit: 01ce2e0b2928e920    Endzeit: 40    Anwendungspfad: 
C:\Windows\Explorer.EXE    Berichts-ID: e24780e1-9a0f-11e2-89d7-002185f92100  
 
Error - 31.03.2013 13:00:02 | Computer Name = MP-PC | Source = Windows Backup | ID = 4103
Description = Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort
 "L:\" nicht abgeschlossen. Fehler: "The backup location cannot be found or is not
 valid. Review your backup settings and check the backup location. (0x81000006)"
 
Error - 31.03.2013 16:45:50 | Computer Name = MP-PC | Source = Application Hang | ID = 1002
Description = Programm vsf.exe, Version 2.4.2.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b1c    Startzeit: 
01ce2e50ae864eb0    Endzeit: 60    Anwendungspfad: E:\Spiele\Vehicle Simulator\vsf.exe    Berichts-ID:
 f6efa111-9a43-11e2-8cc1-002185f92100  
 
Error - 04.04.2013 11:10:22 | Computer Name = MP-PC | Source = Application Hang | ID = 1002
Description = Programm ExposurePlot.exe, Version 1.1.5.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1088    Startzeit:
 01ce314629687b60    Endzeit: 21    Anwendungspfad: C:\Program Files (x86)\ExposurePlot\ExposurePlot.exe

Berichts-ID:
 c3b390b1-9d39-11e2-970a-002185f92100  
 
Error - 04.04.2013 11:11:21 | Computer Name = MP-PC | Source = Application Hang | ID = 1002
Description = Programm ExposurePlot.exe, Version 1.1.5.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1068    Startzeit:
 01ce314688982860    Endzeit: 8    Anwendungspfad: C:\Program Files (x86)\ExposurePlot\ExposurePlot.exe

Berichts-ID:
 e73bf091-9d39-11e2-970a-002185f92100  
 
[ System Events ]
Error - 31.03.2013 10:33:09 | Computer Name = MP-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 31.03.2013 10:33:11 | Computer Name = MP-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 31.03.2013 10:33:13 | Computer Name = MP-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 31.03.2013 10:33:15 | Computer Name = MP-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 31.03.2013 10:41:20 | Computer Name = MP-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?03.?2013 um 16:39:40 unerwartet heruntergefahren.
 
Error - 31.03.2013 16:17:25 | Computer Name = MP-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?03.?2013 um 22:16:06 unerwartet heruntergefahren.
 
Error - 31.03.2013 16:19:57 | Computer Name = MP-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?03.?2013 um 22:18:14 unerwartet heruntergefahren.
 
Error - 31.03.2013 17:06:16 | Computer Name = MP-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?03.?2013 um 22:52:47 unerwartet heruntergefahren.
 
Error - 31.03.2013 17:12:10 | Computer Name = MP-PC | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.2 mit 
dem Computer mit der  Netzwerkhardwareadresse 00-1F-3C-4B-9E-54 ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
Error - 04.04.2013 08:12:11 | Computer Name = MP-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\MP\AppData\Local\Temp\mbr.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
 
< End of report >
         

und noch die Gmer.txt

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-04 19:55:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000333AS rev.SD25 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\MP\AppData\Local\Temp\pxldypoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000076ce1465 2 bytes [CE, 76]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000076ce14bb 2 bytes [CE, 76]
.text   ...                                                                                                                                       * 2
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5      0000000077baf991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15     0000000077baf99b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5                   0000000077bafa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15                  0000000077bafa17 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5                 0000000077bafb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15                0000000077bafb2f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5           0000000077bafbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15          0000000077bafbdf 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5               0000000077bafc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15              0000000077bafc0f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5        0000000077bafc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15       0000000077bafc27 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5          0000000077bafc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15         0000000077bafc3f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5        0000000077bafc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15       0000000077bafc6f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5         0000000077bafce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15        0000000077bafcef 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5        0000000077bafcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15       0000000077bafd07 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                  0000000077bafd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                 0000000077bafd53 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5               0000000077bafdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15              0000000077bafdb7 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5       0000000077bafe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15      0000000077bafe4b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5             0000000077baff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15            0000000077baff93 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                0000000077bb0099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15               0000000077bb00a3 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5              0000000077bb0781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15             0000000077bb078b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5                 0000000077bb0ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15                0000000077bb1007 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5                0000000077bb105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15               0000000077bb1067 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5          0000000077bb10a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15         0000000077bb10af 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                0000000077bb111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15               0000000077bb1127 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5   0000000077bb1321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15  0000000077bb132b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\kernel32.dll!CreateProcessW               0000000075fe103d 5 bytes JMP 0000000100010030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\kernel32.dll!CreateProcessA               0000000075fe1072 5 bytes JMP 0000000100010070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW               00000000770e119f 5 bytes JMP 0000000100020030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW                 00000000770e11cf 5 bytes JMP 0000000100020070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps                   0000000076794de0 5 bytes JMP 00000001001203b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SelectObject                    0000000076794f70 5 bytes JMP 00000001001205f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetBkMode                       00000000767951a2 5 bytes JMP 00000001001208f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetTextColor                    000000007679522d 5 bytes JMP 0000000100120a30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!DeleteObject                    0000000076795689 5 bytes JMP 00000001001201b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!DeleteDC                        00000000767958b3 5 bytes JMP 0000000100120170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetCurrentObject                0000000076796bad 5 bytes JMP 0000000100120370
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SaveDC                          0000000076796e05 5 bytes JMP 0000000100120570
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!RestoreDC                       0000000076796ead 5 bytes JMP 0000000100120530
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode               0000000076797180 5 bytes JMP 00000001001206b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!StretchDIBits                   0000000076797435 5 bytes JMP 0000000100120770
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!CreateDCA                       0000000076797bcc 5 bytes JMP 00000001001200b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!IntersectClipRect               0000000076797dc4 5 bytes JMP 00000001001203f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextAlign                    0000000076797fd5 5 bytes JMP 0000000100120d70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW                 00000000767982b2 5 bytes JMP 0000000100120e30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetTextAlign                    0000000076798401 5 bytes JMP 00000001001209f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn                000000007679879f 5 bytes JMP 00000001001202f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SelectClipRgn                   0000000076798916 5 bytes JMP 00000001001205b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!ExtTextOutW                     0000000076798b7a 5 bytes JMP 0000000100120970
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!MoveToEx                        0000000076798ee6 5 bytes JMP 0000000100120470
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetFontData                     0000000076799875 5 bytes JMP 0000000100120c70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextFaceW                    0000000076799936 5 bytes JMP 0000000100120d30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!Rectangle                       000000007679a53a 5 bytes JMP 00000001001209b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetClipBox                      000000007679af9f 5 bytes JMP 0000000100120330
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!LineTo                          000000007679b9e5 5 bytes JMP 0000000100120430
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetICMMode                      000000007679bd55 5 bytes JMP 0000000100120db0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!CreateICW                       000000007679c040 5 bytes JMP 0000000100120130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W           000000007679c107 5 bytes JMP 0000000100120670
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetWorldTransform               000000007679c269 5 bytes JMP 00000001001206f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA                 000000007679d1f1 5 bytes JMP 0000000100120df0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A           000000007679d349 5 bytes JMP 0000000100120630
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!ExtTextOutA                     000000007679dce4 5 bytes JMP 0000000100120930
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!CreateDCW                       000000007679e743 5 bytes JMP 00000001001200f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!ExtEscape                       00000000767a03b7 5 bytes JMP 00000001001202b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!Escape                          00000000767a1bda 5 bytes JMP 0000000100120270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextFaceA                    00000000767a1e89 5 bytes JMP 0000000100120cf0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode                 00000000767a4843 5 bytes JMP 0000000100120b30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetMiterLimit                   00000000767a5690 5 bytes JMP 0000000100120b70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!EndPage                         00000000767a6bde 5 bytes JMP 0000000100120230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!ResetDCW                        00000000767ae2db 5 bytes JMP 0000000100120ab0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW                00000000767b940d 5 bytes JMP 0000000100120cb0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW     00000000767bc621 5 bytes JMP 0000000100120bb0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!AddFontResourceW                00000000767bd2b2 5 bytes JMP 0000000100120bf0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW             00000000767bd919 5 bytes JMP 0000000100120c30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!AbortDoc                        00000000767c3adc 5 bytes JMP 0000000100120030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!EndDoc                          00000000767c3f29 5 bytes JMP 00000001001201f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!StartPage                       00000000767c401a 5 bytes JMP 0000000100120730
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!StartDocW                       00000000767c4c51 5 bytes JMP 00000001001207f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!BeginPath                       00000000767c53fd 5 bytes JMP 0000000100120830
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SelectClipPath                  00000000767c5454 5 bytes JMP 0000000100120af0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!CloseFigure                     00000000767c54af 5 bytes JMP 0000000100120070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!EndPath                         00000000767c5506 5 bytes JMP 0000000100120a70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!StrokePath                      00000000767c573f 5 bytes JMP 00000001001207b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!FillPath                        00000000767c57d2 5 bytes JMP 0000000100120870
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!PolylineTo                      00000000767c5c44 5 bytes JMP 00000001001204f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!PolyBezierTo                    00000000767c5cd5 5 bytes JMP 00000001001204b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!PolyDraw                        00000000767c5d87 5 bytes JMP 00000001001208b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!MapWindowPoints                0000000076998c40 5 bytes JMP 0000000100130570
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW       0000000076999ebd 5 bytes JMP 00000001001302b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA       00000000769a0afa 5 bytes JMP 00000001001302f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClientRect                  00000000769a0c62 7 bytes JMP 00000001001305b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetParent                      00000000769a0f68 7 bytes JMP 00000001001306f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!IsWindowVisible                00000000769a112d 7 bytes JMP 00000001001306b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!PostMessageW                   00000000769a12a5 5 bytes JMP 00000001001305f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!ScreenToClient                 00000000769a227d 7 bytes JMP 0000000100130670
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!MonitorFromWindow              00000000769a3150 7 bytes JMP 0000000100130630
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!SetCursor                      00000000769a41f6 5 bytes JMP 0000000100130530
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA        00000000769a68ef 5 bytes JMP 0000000100130270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW        00000000769a77fa 5 bytes JMP 0000000100130230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetTopWindow                   00000000769a7887 7 bytes JMP 0000000100130730
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable     00000000769a8676 5 bytes JMP 00000001001300f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber     00000000769a8696 5 bytes JMP 0000000100130330
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!CloseClipboard                 00000000769a8e8d 5 bytes JMP 00000001001300b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!OpenClipboard                  00000000769a8ecb 5 bytes JMP 0000000100130070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain           00000000769ac17b 5 bytes JMP 0000000100130430
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats           00000000769ac449 5 bytes JMP 00000001001301b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow         00000000769ac468 5 bytes JMP 00000001001303f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!CountClipboardFormats          00000000769ac486 5 bytes JMP 00000001001301f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!SetClipboardViewer             00000000769ac4b6 5 bytes JMP 00000001001304b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout         00000000769ad6c0 5 bytes JMP 00000001001304f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClipboardOwner              00000000769ae360 5 bytes JMP 0000000100130370
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!SetClipboardData               00000000769d8e57 5 bytes JMP 0000000100130170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!SetCursorPos                   00000000769d9cfd 5 bytes JMP 0000000100130770
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClipboardData               00000000769d9f1d 5 bytes JMP 0000000100130030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!EmptyClipboard                 00000000769f7cb9 5 bytes JMP 0000000100130130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClipboardViewer             00000000769f8111 5 bytes JMP 0000000100130470
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat     00000000769f832f 5 bytes JMP 00000001001303b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer             0000000075289606 5 bytes JMP 00000001001400f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle         0000000075290581 5 bytes JMP 0000000100140130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext         0000000075290bb9 5 bytes JMP 0000000100140270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken             0000000075290c2e 5 bytes JMP 00000001001401b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA       0000000075290f2e 5 bytes JMP 0000000100140070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA   0000000075291096 5 bytes JMP 00000001001400b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!EncryptMessage                000000007529124e 5 bytes JMP 00000001001401f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!DecryptMessage                000000007529129d 5 bytes JMP 0000000100140230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA     0000000075291527 5 bytes JMP 0000000100140030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA    0000000075291590 5 bytes JMP 0000000100140170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\ole32.dll!OleSetClipboard                 0000000076260045 5 bytes JMP 0000000100150030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard           00000000762636b2 5 bytes JMP 0000000100150070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\ole32.dll!OleGetClipboard                 000000007628fdcd 5 bytes JMP 00000001001500b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000076ce1465 2 bytes [CE, 76]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000076ce14bb 2 bytes [CE, 76]
.text   ...                                                                                                                                       * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [1184:1224]                                                                                               000007fefb5d341c
Thread  C:\Windows\system32\svchost.exe [1184:1232]                                                                                               000007fefb5d3a2c
Thread  C:\Windows\system32\svchost.exe [1184:1236]                                                                                               000007fefb5d3768
Thread  C:\Windows\system32\svchost.exe [1184:1240]                                                                                               000007fefb5d5c20
Thread  C:\Windows\system32\svchost.exe [1184:2052]                                                                                               000007fef62fbd88
Thread  C:\Windows\system32\svchost.exe [1184:1956]                                                                                               000007fefb5d3900
Thread  C:\Windows\system32\svchost.exe [1184:2784]                                                                                               000007fef6225124
Thread  C:\Windows\system32\svchost.exe [1184:3996]                                                                                               000007fef26b5170
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [1056:3732]                                                                            000007fefc3a2a7c
Thread  C:\Windows\System32\svchost.exe [1820:2952]                                                                                               000007fef5949688
Thread  C:\Windows\system32\svchost.exe [1604:3040]                                                                                               000007fefe42a808

---- EOF - GMER 2.1 ----
         

Alt 05.04.2013, 11:36   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Eigene Mailadresse wird missbraucht um Spam-Mails zu versenden - Standard

Eigene Mailadresse wird missbraucht um Spam-Mails zu versenden



Hallo und

Zitat:
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{617EEA3B-F217-4B70-8FED-1E8F21A10807}: DhcpNameServer = 10.0.0.138 10.0.0.138

Warum bitte eine Ultimate Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?


Code:
ATTFilter
Return-Path: <meinemail@domain.at>
Received: (qmail 11952 invoked from network); 4 Apr 2013 19:00:09 +0200
Received: from xdslfs230.osnanet.de (HELO sven) (89.166.204.230)
  (smtp-auth username meinemail@domain.at, mechanism login)
  by server153-han.de-nserver.de (qpsmtpd/0.82) with (DES-CBC3-SHA encrypted) ESMTPSA; Thu, 04 Apr 2013 19:00:09 +0200
From: "Rechnungsstelle Naschplatz.de" <meinemail@domain.at>
To: "=?utf-8?q?R=C3=BCdiger Kern?=" <empfänger@gmail.com>
         

Ich bin mir nicht ganz sicher, ob einfach nur deine Adresse als Absender missbraucht wurde (das nennt man Adressfälschung) oder ob jmd sich Zugang zu deinem Postfach verschafft hat. Wie auch immer, sicherheitshalber ist das Passwort deines Postfaches zu ändern oder hast du das schon gemacht?



Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Antwort

Themen zu Eigene Mailadresse wird missbraucht um Spam-Mails zu versenden
adobe reader xi, antivir, avira, bho, browser, cursor, email, error, euro, excel, failed, firefox, flash player, hängen, install.exe, kunde, logfile, ntdll.dll, ntopenkeyex, object, popup, problem, programm, recuva, scan, security, server, software, strong, super, svchost.exe, system, windows, zahlung



Ähnliche Themen: Eigene Mailadresse wird missbraucht um Spam-Mails zu versenden


  1. Yahoo Accounte versenden Spam Mails
    Log-Analyse und Auswertung - 09.10.2015 (6)
  2. Outlook 2007 möchte mehrere Mails versenden obwohl keine Mails im Ausgangsordner existieren
    Alles rund um Windows - 05.08.2015 (25)
  3. AOL Mail: Spam-Mails in meinem Namen (andere Mailadresse) an komplettes Adressbuch
    Log-Analyse und Auswertung - 11.04.2015 (19)
  4. Spam wird scheinbar von einer eigenen Mailadresse versendet
    Überwachung, Datenschutz und Spam - 15.06.2014 (2)
  5. Windows 7: PC wird zum Verand von Massen-E-Mails (SPAM) missbraucht, Port 25 gesperrt
    Log-Analyse und Auswertung - 07.12.2013 (5)
  6. Domain wird als Spam missbraucht
    Überwachung, Datenschutz und Spam - 08.10.2013 (5)
  7. Emailadresse verschickt Spam und wird bei NORMALEN Mails von anderen Email Accounts geblockt!
    Plagegeister aller Art und deren Bekämpfung - 05.08.2013 (15)
  8. Eigene E-Mail Adresse verschickt Spam Mails
    Log-Analyse und Auswertung - 22.03.2013 (21)
  9. Spam-Mails von eigener E-Mailadresse
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (11)
  10. Telekom-Brief: Port 25 gesperrt, da PC zum Verand von Massen-E-Mails (SPAM) missbraucht würde
    Log-Analyse und Auswertung - 22.01.2012 (11)
  11. Eigene Web.de-Email verschickt SPAM-Mails an gesamtes Adressbuch // MAC
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (1)
  12. mails versenden mit meiner adresse als absender?
    Überwachung, Datenschutz und Spam - 26.09.2010 (1)
  13. Eigene Email Adresse verschickt Spam Mails!
    Plagegeister aller Art und deren Bekämpfung - 24.01.2010 (26)
  14. unter meiner eigenen Mailadresse Mails von mir bekommen
    Plagegeister aller Art und deren Bekämpfung - 03.01.2008 (2)
  15. Anonym E-Mails versenden mit frei wählbaren Absendern
    Mülltonne - 27.02.2007 (1)
  16. Kann keine E-Mails versenden
    Alles rund um Windows - 03.09.2003 (2)
  17. Kein Versenden von Mails unter ZoneAlarmPro
    Antiviren-, Firewall- und andere Schutzprogramme - 14.08.2003 (2)

Zum Thema Eigene Mailadresse wird missbraucht um Spam-Mails zu versenden - Erst mal einen schönen guten Abend in die Runde! Ich habe seit heute (zumindest fällt es mir seit heute auf) das Folgende Problem: Offensichtlich werden von meiner Mailadresse Spam-Mails an - Eigene Mailadresse wird missbraucht um Spam-Mails zu versenden...
Archiv
Du betrachtest: Eigene Mailadresse wird missbraucht um Spam-Mails zu versenden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.