Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: MyDirtyHobby Mailvirus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.04.2013, 09:09   #1
LissmannMUC
 
MyDirtyHobby Mailvirus - Standard

MyDirtyHobby Mailvirus



Hallo zusammen,

habe auch (wie wahrscheinlich so viele) eine MyDirtyHobby Mail mit Virus bekommen und dummerweise geöffnet.

habe schon im passenden Thread nachgelesen und die Schritte 1 & 2 ausgeführt!

Hier die Log der GMER.txt

Würde mich wahnsinnig freuen wenn mir jemand mit Rat und Tat zur Seite stehen würde und mir helfen könnte. Bedanke mich schon mal vorab für die Antworten und hilfen!!!!!

Danke LissmannMUC

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-11 09:59:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: mxysc2of.exe; Driver: C:\Users\Dani\AppData\Local\Temp\fgtdypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077891465 2 bytes [89, 77]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000778914bb 2 bytes [89, 77]
.text  ...                                                                                                                                              * 2
.text  C:\windows\SysWOW64\PnkBstrA.exe[1228] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                          0000000073551a22 2 bytes [55, 73]
.text  C:\windows\SysWOW64\PnkBstrA.exe[1228] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                          0000000073551ad0 2 bytes [55, 73]
.text  C:\windows\SysWOW64\PnkBstrA.exe[1228] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                          0000000073551b08 2 bytes [55, 73]
.text  C:\windows\SysWOW64\PnkBstrA.exe[1228] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                          0000000073551bba 2 bytes [55, 73]
.text  C:\windows\SysWOW64\PnkBstrA.exe[1228] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                          0000000073551bda 2 bytes [55, 73]
.text  C:\windows\SysWOW64\PnkBstrA.exe[1228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                   0000000077891465 2 bytes [89, 77]
.text  C:\windows\SysWOW64\PnkBstrA.exe[1228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  00000000778914bb 2 bytes [89, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Smartbar\Application\QuickShare.exe[2284] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69                    0000000077891465 2 bytes [89, 77]
.text  C:\Users\Dani\AppData\Local\Smartbar\Application\QuickShare.exe[2284] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155                   00000000778914bb 2 bytes [89, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2464] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000077891465 2 bytes [89, 77]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2464] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000778914bb 2 bytes [89, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000077ccf991 7 bytes {MOV EDX, 0x427e28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000077ccfbd5 7 bytes {MOV EDX, 0x427e68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000077ccfc05 7 bytes {MOV EDX, 0x427da8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000077ccfc1d 7 bytes {MOV EDX, 0x427d28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000077ccfc35 7 bytes {MOV EDX, 0x427f28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000077ccfc65 7 bytes {MOV EDX, 0x427f68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000077ccfce5 7 bytes {MOV EDX, 0x427ee8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000077ccfcfd 7 bytes {MOV EDX, 0x427ea8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000077ccfd49 7 bytes {MOV EDX, 0x427c68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000077ccfe41 7 bytes {MOV EDX, 0x427ca8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000077cd0099 7 bytes {MOV EDX, 0x427c28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000077cd10a5 7 bytes {MOV EDX, 0x427de8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000077cd111d 7 bytes {MOV EDX, 0x427d68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000077cd1321 7 bytes {MOV EDX, 0x427ce8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000077891465 2 bytes [89, 77]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000778914bb 2 bytes [89, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000077ccf991 7 bytes {MOV EDX, 0x382a28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000077ccfbd5 7 bytes {MOV EDX, 0x382a68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000077ccfc05 7 bytes {MOV EDX, 0x3829a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000077ccfc1d 7 bytes {MOV EDX, 0x382928; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000077ccfc35 7 bytes {MOV EDX, 0x382b28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000077ccfc65 7 bytes {MOV EDX, 0x382b68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000077ccfce5 7 bytes {MOV EDX, 0x382ae8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000077ccfcfd 7 bytes {MOV EDX, 0x382aa8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000077ccfd49 7 bytes {MOV EDX, 0x382868; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000077ccfe41 7 bytes {MOV EDX, 0x3828a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000077cd0099 7 bytes {MOV EDX, 0x382828; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000077cd10a5 7 bytes {MOV EDX, 0x3829e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000077cd111d 7 bytes {MOV EDX, 0x382968; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000077cd1321 7 bytes {MOV EDX, 0x3828e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000077891465 2 bytes [89, 77]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000778914bb 2 bytes [89, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000077ccf991 7 bytes {MOV EDX, 0x18be28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000077ccfbd5 7 bytes {MOV EDX, 0x18be68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000077ccfc05 7 bytes {MOV EDX, 0x18bda8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000077ccfc1d 7 bytes {MOV EDX, 0x18bd28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000077ccfc35 7 bytes {MOV EDX, 0x18bf28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000077ccfc65 7 bytes {MOV EDX, 0x18bf68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000077ccfce5 7 bytes {MOV EDX, 0x18bee8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000077ccfcfd 7 bytes {MOV EDX, 0x18bea8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000077ccfd49 7 bytes {MOV EDX, 0x18bc68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000077ccfe41 7 bytes {MOV EDX, 0x18bca8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000077cd0099 7 bytes {MOV EDX, 0x18bc28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000077cd10a5 7 bytes {MOV EDX, 0x18bde8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000077cd111d 7 bytes {MOV EDX, 0x18bd68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000077cd1321 7 bytes {MOV EDX, 0x18bce8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000077891465 2 bytes [89, 77]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3184] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000778914bb 2 bytes [89, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000077ccf991 7 bytes {MOV EDX, 0x628e28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000077ccfbd5 7 bytes {MOV EDX, 0x628e68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000077ccfc05 2 bytes [BA, A8]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 8                           0000000077ccfc08 4 bytes {LEA ESP, [RDX+0x0]; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000077ccfc1d 2 bytes [BA, 28]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 8                    0000000077ccfc20 4 bytes {LEA ESP, [RDX+0x0]; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000077ccfc35 7 bytes {MOV EDX, 0x628f28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000077ccfc65 7 bytes {MOV EDX, 0x628f68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000077ccfce5 7 bytes {MOV EDX, 0x628ee8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000077ccfcfd 7 bytes {MOV EDX, 0x628ea8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000077ccfd49 7 bytes {MOV EDX, 0x628c68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000077ccfe41 7 bytes {MOV EDX, 0x628ca8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000077cd0099 7 bytes {MOV EDX, 0x628c28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000077cd10a5 2 bytes [BA, E8]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 8                      0000000077cd10a8 4 bytes {LEA ESP, [RDX+0x0]; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000077cd111d 2 bytes [BA, 68]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 8                            0000000077cd1120 4 bytes {LEA ESP, [RDX+0x0]; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000077cd1321 7 bytes {MOV EDX, 0x628ce8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000077891465 2 bytes [89, 77]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[1236] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000778914bb 2 bytes [89, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000077891465 2 bytes [89, 77]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000778914bb 2 bytes [89, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000077ccf991 7 bytes {MOV EDX, 0xdbc628; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000077ccfbd5 7 bytes {MOV EDX, 0xdbc668; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000077ccfc05 7 bytes {MOV EDX, 0xdbc5a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000077ccfc1d 7 bytes {MOV EDX, 0xdbc528; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000077ccfc35 7 bytes {MOV EDX, 0xdbc728; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000077ccfc65 7 bytes {MOV EDX, 0xdbc768; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000077ccfce5 7 bytes {MOV EDX, 0xdbc6e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000077ccfcfd 7 bytes {MOV EDX, 0xdbc6a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000077ccfd49 7 bytes {MOV EDX, 0xdbc468; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000077ccfe41 7 bytes {MOV EDX, 0xdbc4a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000077cd0099 7 bytes {MOV EDX, 0xdbc428; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000077cd10a5 7 bytes {MOV EDX, 0xdbc5e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000077cd111d 7 bytes {MOV EDX, 0xdbc568; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000077cd1321 7 bytes {MOV EDX, 0xdbc4e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000077891465 2 bytes [89, 77]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000778914bb 2 bytes [89, 77]
.text  ...                                                                                                                                              * 2

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 11.04.2013, 10:06   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MyDirtyHobby Mailvirus - Standard

MyDirtyHobby Mailvirus



Hallo und

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 11.04.2013, 19:58   #3
LissmannMUC
 
MyDirtyHobby Mailvirus - Standard

MyDirtyHobby Mailvirus



Hallo cosinus,

erstmal DANKE für deine schnelle Antwort!!!! Ich habe nach der unten angefügten Anleitung gehandelt.

http://www.trojaner-board.de/133520-...y-de-gmbh.html

hier noch, wie in obiger Anleitung beschrieben, die logs.

sollte ich noch irgendwelche scans durchführen und hier posten????? Bin auf diesem Gebiet ziemlich unerfahren. Ich hoffe man sieht es mir nach????

1. das ist die GMER nach dem neustart

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-11 20:35:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: mxysc2of.exe; Driver: C:\Users\Dani\AppData\Local\Temp\fgtdypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000765d1465 2 bytes [5D, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000765d14bb 2 bytes [5D, 76]
.text  ...                                                                                                                                              * 2
.text  C:\windows\SysWOW64\PnkBstrA.exe[1276] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                          0000000073551a22 2 bytes [55, 73]
.text  C:\windows\SysWOW64\PnkBstrA.exe[1276] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                          0000000073551ad0 2 bytes [55, 73]
.text  C:\windows\SysWOW64\PnkBstrA.exe[1276] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                          0000000073551b08 2 bytes [55, 73]
.text  C:\windows\SysWOW64\PnkBstrA.exe[1276] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                          0000000073551bba 2 bytes [55, 73]
.text  C:\windows\SysWOW64\PnkBstrA.exe[1276] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                          0000000073551bda 2 bytes [55, 73]
.text  C:\windows\SysWOW64\PnkBstrA.exe[1276] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                   00000000765d1465 2 bytes [5D, 76]
.text  C:\windows\SysWOW64\PnkBstrA.exe[1276] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  00000000765d14bb 2 bytes [5D, 76]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Smartbar\Application\QuickShare.exe[828] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69                     00000000765d1465 2 bytes [5D, 76]
.text  C:\Users\Dani\AppData\Local\Smartbar\Application\QuickShare.exe[828] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155                    00000000765d14bb 2 bytes [5D, 76]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3744] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   00000000765d1465 2 bytes [5D, 76]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3744] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000765d14bb 2 bytes [5D, 76]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                   0000000077a8f991 7 bytes {MOV EDX, 0x696a28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                        0000000077a8fbd5 7 bytes {MOV EDX, 0x696a68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                            0000000077a8fc05 7 bytes {MOV EDX, 0x6969a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                     0000000077a8fc1d 7 bytes {MOV EDX, 0x696928; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                       0000000077a8fc35 7 bytes {MOV EDX, 0x696b28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                     0000000077a8fc65 7 bytes {MOV EDX, 0x696b68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                      0000000077a8fce5 7 bytes {MOV EDX, 0x696ae8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                     0000000077a8fcfd 7 bytes {MOV EDX, 0x696aa8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                               0000000077a8fd49 7 bytes {MOV EDX, 0x696868; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                    0000000077a8fe41 7 bytes {MOV EDX, 0x6968a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                             0000000077a90099 7 bytes {MOV EDX, 0x696828; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                       0000000077a910a5 7 bytes {MOV EDX, 0x6969e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                             0000000077a9111d 7 bytes {MOV EDX, 0x696968; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                0000000077a91321 7 bytes {MOV EDX, 0x6968e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    00000000765d1465 2 bytes [5D, 76]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000765d14bb 2 bytes [5D, 76]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000077a8f991 7 bytes {MOV EDX, 0x32a628; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000077a8fbd5 7 bytes {MOV EDX, 0x32a668; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000077a8fc05 7 bytes {MOV EDX, 0x32a5a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000077a8fc1d 7 bytes {MOV EDX, 0x32a528; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000077a8fc35 7 bytes {MOV EDX, 0x32a728; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000077a8fc65 7 bytes {MOV EDX, 0x32a768; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000077a8fce5 7 bytes {MOV EDX, 0x32a6e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000077a8fcfd 7 bytes {MOV EDX, 0x32a6a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000077a8fd49 7 bytes {MOV EDX, 0x32a468; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000077a8fe41 7 bytes {MOV EDX, 0x32a4a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000077a90099 7 bytes {MOV EDX, 0x32a428; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000077a910a5 7 bytes {MOV EDX, 0x32a5e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000077a9111d 7 bytes {MOV EDX, 0x32a568; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000077a91321 7 bytes {MOV EDX, 0x32a4e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   00000000765d1465 2 bytes [5D, 76]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3396] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000765d14bb 2 bytes [5D, 76]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000077a8f991 7 bytes {MOV EDX, 0xae5a28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000077a8fbd5 7 bytes {MOV EDX, 0xae5a68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000077a8fc05 7 bytes {MOV EDX, 0xae59a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000077a8fc1d 7 bytes {MOV EDX, 0xae5928; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000077a8fc35 7 bytes {MOV EDX, 0xae5b28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000077a8fc65 7 bytes {MOV EDX, 0xae5b68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000077a8fce5 7 bytes {MOV EDX, 0xae5ae8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000077a8fcfd 7 bytes {MOV EDX, 0xae5aa8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000077a8fd49 7 bytes {MOV EDX, 0xae5868; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000077a8fe41 7 bytes {MOV EDX, 0xae58a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000077a90099 7 bytes {MOV EDX, 0xae5828; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000077a910a5 7 bytes {MOV EDX, 0xae59e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000077a9111d 7 bytes {MOV EDX, 0xae5968; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000077a91321 7 bytes {MOV EDX, 0xae58e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   00000000765d1465 2 bytes [5D, 76]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[3588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000765d14bb 2 bytes [5D, 76]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000077a8f991 7 bytes {MOV EDX, 0xc10228; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000077a8fbd5 7 bytes {MOV EDX, 0xc10268; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000077a8fc05 7 bytes {MOV EDX, 0xc101a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000077a8fc1d 7 bytes {MOV EDX, 0xc10128; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000077a8fc35 7 bytes {MOV EDX, 0xc10328; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000077a8fc65 7 bytes {MOV EDX, 0xc10368; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000077a8fce5 7 bytes {MOV EDX, 0xc102e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000077a8fcfd 7 bytes {MOV EDX, 0xc102a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000077a8fd49 7 bytes {MOV EDX, 0xc10068; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000077a8fe41 7 bytes {MOV EDX, 0xc100a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000077a90099 7 bytes {MOV EDX, 0xc10028; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000077a910a5 7 bytes {MOV EDX, 0xc101e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000077a9111d 7 bytes {MOV EDX, 0xc10168; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000077a91321 7 bytes {MOV EDX, 0xc100e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   00000000765d1465 2 bytes [5D, 76]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000765d14bb 2 bytes [5D, 76]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4296] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   00000000765d1465 2 bytes [5D, 76]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4296] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000765d14bb 2 bytes [5D, 76]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000077a8f991 7 bytes {MOV EDX, 0xa18628; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000077a8fbd5 7 bytes {MOV EDX, 0xa18668; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000077a8fc05 7 bytes {MOV EDX, 0xa185a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000077a8fc1d 7 bytes {MOV EDX, 0xa18528; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000077a8fc35 7 bytes {MOV EDX, 0xa18728; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000077a8fc65 7 bytes {MOV EDX, 0xa18768; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000077a8fce5 7 bytes {MOV EDX, 0xa186e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000077a8fcfd 7 bytes {MOV EDX, 0xa186a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000077a8fd49 7 bytes {MOV EDX, 0xa18468; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000077a8fe41 7 bytes {MOV EDX, 0xa184a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000077a90099 7 bytes {MOV EDX, 0xa18428; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000077a910a5 7 bytes {MOV EDX, 0xa185e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000077a9111d 7 bytes {MOV EDX, 0xa18568; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000077a91321 7 bytes {MOV EDX, 0xa184e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   00000000765d1465 2 bytes [5D, 76]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[4604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000765d14bb 2 bytes [5D, 76]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000077a8f991 7 bytes {MOV EDX, 0x3ae628; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000077a8fbd5 7 bytes {MOV EDX, 0x3ae668; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000077a8fc05 7 bytes {MOV EDX, 0x3ae5a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000077a8fc1d 7 bytes {MOV EDX, 0x3ae528; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000077a8fc35 7 bytes {MOV EDX, 0x3ae728; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000077a8fc65 7 bytes {MOV EDX, 0x3ae768; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000077a8fce5 7 bytes {MOV EDX, 0x3ae6e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000077a8fcfd 7 bytes {MOV EDX, 0x3ae6a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000077a8fd49 7 bytes {MOV EDX, 0x3ae468; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000077a8fe41 7 bytes {MOV EDX, 0x3ae4a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000077a90099 7 bytes {MOV EDX, 0x3ae428; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000077a910a5 7 bytes {MOV EDX, 0x3ae5e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000077a9111d 7 bytes {MOV EDX, 0x3ae568; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000077a91321 7 bytes {MOV EDX, 0x3ae4e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   00000000765d1465 2 bytes [5D, 76]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000765d14bb 2 bytes [5D, 76]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000077a8f991 7 bytes {MOV EDX, 0x3a9a28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000077a8fbd5 7 bytes {MOV EDX, 0x3a9a68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000077a8fc05 7 bytes {MOV EDX, 0x3a99a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000077a8fc1d 7 bytes {MOV EDX, 0x3a9928; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000077a8fc35 7 bytes {MOV EDX, 0x3a9b28; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000077a8fc65 7 bytes {MOV EDX, 0x3a9b68; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000077a8fce5 7 bytes {MOV EDX, 0x3a9ae8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000077a8fcfd 7 bytes {MOV EDX, 0x3a9aa8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000077a8fd49 7 bytes {MOV EDX, 0x3a9868; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000077a8fe41 7 bytes {MOV EDX, 0x3a98a8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000077a90099 7 bytes {MOV EDX, 0x3a9828; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000077a910a5 7 bytes {MOV EDX, 0x3a99e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000077a9111d 7 bytes {MOV EDX, 0x3a9968; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000077a91321 7 bytes {MOV EDX, 0x3a98e8; JMP RDX}
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   00000000765d1465 2 bytes [5D, 76]
.text  C:\Users\Dani\AppData\Local\Google\Chrome\Application\chrome.exe[5152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000765d14bb 2 bytes [5D, 76]
.text  ...                                                                                                                                              * 2

---- EOF - GMER 2.1 ----
         
2. hier die otl
Code:
ATTFilter
OTL logfile created on: 4/11/2013 4:42:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dani\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.79 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 50.23% Memory free
7.59 Gb Paging File | 5.59 Gb Available in Paging File | 73.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 173.39 Gb Total Space | 111.41 Gb Free Space | 64.26% Space Free | Partition Type: NTFS
Drive D: | 115.60 Gb Total Space | 37.51 Gb Free Space | 32.45% Space Free | Partition Type: NTFS
 
Computer Name: MSI | User Name: Dani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/11 16:32:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dani\Desktop\OTL.exe
PRC - [2013/03/13 18:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/02/28 00:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/02/19 05:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/12 11:43:56 | 000,248,208 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2013/02/12 11:43:56 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013/02/06 20:26:56 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/02/05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013/01/09 17:00:58 | 000,013,824 | ---- | M] (Smartbar) -- C:\Users\Dani\AppData\Local\Smartbar\Application\QuickShare.exe
PRC - [2012/12/11 23:48:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/25 11:50:50 | 000,270,672 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/08/05 22:28:20 | 002,072,576 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
PRC - [2009/07/10 00:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe
PRC - [2006/09/28 12:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/22 00:50:33 | 000,390,096 | ---- | M] () -- C:\Users\Dani\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
MOD - [2013/03/22 00:50:31 | 004,050,896 | ---- | M] () -- C:\Users\Dani\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013/03/22 00:49:41 | 000,598,480 | ---- | M] () -- C:\Users\Dani\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll
MOD - [2013/03/22 00:49:40 | 000,124,368 | ---- | M] () -- C:\Users\Dani\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll
MOD - [2013/03/22 00:49:38 | 001,606,096 | ---- | M] () -- C:\Users\Dani\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2013/02/14 10:56:30 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013/02/14 10:56:03 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/02 10:51:54 | 000,911,432 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2013/02/02 10:51:51 | 008,013,664 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2013/02/02 10:51:50 | 000,139,264 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013/01/09 21:01:58 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013/01/09 20:43:21 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/09 20:43:19 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/09 20:43:18 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/09 20:42:14 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 20:42:07 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\958c2f1db4810a818845f216cbd08d24\System.Xml.ni.dll
MOD - [2013/01/09 20:42:01 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 20:41:36 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 17:00:58 | 000,023,040 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013/01/09 17:00:56 | 001,575,424 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013/01/09 17:00:56 | 000,037,376 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2013/01/09 17:00:54 | 000,007,680 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2013/01/09 16:56:30 | 000,650,240 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013/01/09 16:56:26 | 000,040,960 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013/01/09 16:56:24 | 000,044,032 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013/01/09 16:56:24 | 000,028,672 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
MOD - [2013/01/09 16:56:22 | 000,050,688 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013/01/09 16:56:20 | 000,073,216 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2013/01/09 16:56:16 | 000,062,976 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013/01/09 16:56:16 | 000,018,944 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013/01/09 16:56:16 | 000,013,312 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2013/01/09 16:56:16 | 000,006,144 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2013/01/09 16:56:14 | 000,012,800 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2013/01/09 16:56:14 | 000,007,168 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013/01/09 16:56:12 | 000,074,752 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013/01/09 16:56:12 | 000,012,288 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013/01/09 16:56:12 | 000,009,728 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013/01/09 16:56:12 | 000,007,168 | ---- | M] () -- C:\Users\Dani\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2013/01/09 14:25:01 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010/11/13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:50 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/05 03:57:39 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009/08/23 19:58:06 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/04/04 10:05:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/13 07:10:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/28 00:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 05:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/02/12 11:43:56 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/11 23:48:08 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/29 18:28:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/25 11:50:50 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2011/06/29 12:53:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/07/10 00:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2006/09/28 12:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys -- (MGHwCtrl)
DRV:64bit: - [2013/02/27 00:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/02/14 04:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/08 05:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 05:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 05:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 05:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 05:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 23:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/08 06:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011/12/08 06:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2011/12/08 06:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011/12/08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/12/08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/12/08 06:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/12/08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/12/02 08:46:18 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/06/29 12:53:32 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/29 12:53:32 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/26 11:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2011/03/26 11:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2011/03/26 11:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2011/03/26 11:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/21 09:15:54 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 23:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010/02/08 22:10:02 | 000,855,328 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/12/17 14:07:16 | 000,053,248 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fspad_xp64.sys -- (fspad_xp64)
DRV:64bit: - [2009/12/17 14:07:16 | 000,053,248 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fspad_wlh64.sys -- (fspad_wlh64)
DRV:64bit: - [2009/12/04 11:50:22 | 000,087,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EUCR6SK.sys -- (EUCR)
DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/16 13:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 23:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2007/11/15 21:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)
DRV:64bit: - [2007/03/07 13:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DCDE71E6-356A-4699-B0D8-1EDEC197733A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKLM\..\SearchScopes\{E32EFCEA-84FA-4ED0-A65F-30D836E57DEE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=3435b49e0000000000006c626d1bb07f
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=3435b49e0000000000006c626d1bb07f
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {D128C4FC-31CE-44E1-B2C3-F45EC45893C3}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=3435b49e0000000000006c626d1bb07f
IE - HKCU\..\SearchScopes\{1215ADBA-EFE8-415E-804E-45D506250A1A}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{20363AED-3BDE-4D22-9A28-F9854863DEF4}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{879F1D54-4777-444D-8421-39D9523CB991}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKCU\..\SearchScopes\{BF6C6338-1E6A-48D4-AD5C-01AF007AB138}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VSAT&o=16625&src=kw&q={searchTerms}&locale=&apn_ptnrs=2K&apn_dtid=YYYYYYYYDE&apn_uid=ad0100a7-e2e3-41e5-84a0-a466beb971ce&apn_sauid=EE11956E-193A-4A15-BCB0-C9FFF968A3F7&
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6R8swsYxEq&i=26
IE - HKCU\..\SearchScopes\{D128C4FC-31CE-44E1-B2C3-F45EC45893C3}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.2: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20120101,16981,0,24,0"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledAddons: SQLiteManager%40mrinalkant.blogspot.com:0.7.7
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: treestyletab%40piro.sakura.ne.jp:0.14.2012122901
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dani\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dani\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dani\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/11 21:24:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013/02/02 10:51:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/04 10:05:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/23 00:30:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/10 23:00:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2012/02/04 08:45:32 | 000,000,000 | ---D | M]
 
[2012/01/03 00:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\Extensions
[2011/06/22 22:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/16 12:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013/04/11 09:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\bcbpfnea.default\extensions
[2013/02/25 12:43:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\bcbpfnea.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/12/10 21:26:48 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\bcbpfnea.default\extensions\ffxtlbr@incredibar.com
[2013/02/15 10:24:18 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\bcbpfnea.default\extensions\helperbar@helperbar.com
[2012/11/29 16:47:10 | 000,197,580 | ---- | M] () (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\bcbpfnea.default\extensions\ftdownloader@ftdownloader.com.xpi
[2012/12/13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\bcbpfnea.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2011/11/25 09:14:01 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\bcbpfnea.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
[2013/01/02 23:17:52 | 000,282,113 | ---- | M] () (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\bcbpfnea.default\extensions\treestyletab@piro.sakura.ne.jp.xpi
[2013/03/05 00:04:30 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\bcbpfnea.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/02/15 10:32:27 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\bcbpfnea.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/30 22:34:13 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\bcbpfnea.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/04/11 09:36:27 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\bcbpfnea.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/12/10 21:51:28 | 000,002,444 | ---- | M] () -- C:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\bcbpfnea.default\searchplugins\babylon1.xml
[2013/02/18 13:16:52 | 000,001,294 | ---- | M] () -- C:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\bcbpfnea.default\searchplugins\delta.xml
[2012/12/17 09:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/17 09:56:11 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{351f2d71-b514-3354-5d48-c344c9e2c0cc}
[2012/12/17 09:56:11 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/12/17 09:56:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/05/11 21:24:05 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/04/04 10:05:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/04 10:05:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/02/18 13:16:29 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/04/04 10:05:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/04 10:05:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/21 10:20:53 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2013/04/04 10:05:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/07 11:53:36 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/01/02 15:29:28 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2013/04/04 10:05:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/04/04 10:05:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dani\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dani\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dani\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\npbrowserext.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: TV = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: YouTube = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Google-Suche = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Pixlr-o-matic = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\
CHR - Extension: Assassin's Creed Revelations = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkfepmkmmmkfefiijaoledbhobjcfea\1.2_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Google Play = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
CHR - Extension: FVD Video Downloader = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.0.3_0\
CHR - Extension: Top Eleven = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn\2.0.0.4_0\
CHR - Extension: amazon = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmhgogeadkcmcncckhhdjhcgocdjgcg\1.10_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Mehr Leistung und Videoformate f\\u00FCr dein HTML5 \\u003Cvideo\\u003E = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011/09/27 08:48:38 | 000,000,872 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1                   activate.adobe.com
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\Home Cinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Dani\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F85EB96-8EF2-44DC-9B97-3E6251A86787}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{380aa8ab-a0b8-11e0-8aa3-406186bc2fd0}\Shell - "" = AutoRun
O33 - MountPoints2\{380aa8ab-a0b8-11e0-8aa3-406186bc2fd0}\Shell\AutoRun\command - "" = G:\HPLauncher.exe
O33 - MountPoints2\{4be5a217-0f85-11e1-8ebb-406186bc2fd0}\Shell - "" = AutoRun
O33 - MountPoints2\{4be5a217-0f85-11e1-8ebb-406186bc2fd0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4be5a22f-0f85-11e1-8ebb-406186bc2fd0}\Shell - "" = AutoRun
O33 - MountPoints2\{4be5a22f-0f85-11e1-8ebb-406186bc2fd0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c00b1983-60ab-11e1-bf3c-406186bc2fd0}\Shell - "" = AutoRun
O33 - MountPoints2\{c00b1983-60ab-11e1-bf3c-406186bc2fd0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{cc451fdc-d99a-11e0-a35e-406186bc2fd0}\Shell - "" = AutoRun
O33 - MountPoints2\{cc451fdc-d99a-11e0-a35e-406186bc2fd0}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/11 16:32:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dani\Desktop\OTL.exe
[2013/04/05 18:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/04/01 23:46:59 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/03/31 16:44:24 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoAudio
[2013/03/31 16:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/03/31 16:33:45 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/03/31 16:31:33 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcSoft Magic-i Visual Effects 2
[2013/03/29 18:03:47 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/29 18:03:47 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/03/29 18:03:47 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/03/29 18:03:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/29 18:03:46 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/03/29 18:03:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/03/29 18:03:46 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/03/29 18:03:46 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/03/29 18:03:46 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/03/29 18:03:46 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/29 18:03:45 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/03/29 18:03:44 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/03/29 18:03:44 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/29 18:03:44 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/03/29 18:03:44 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/03/29 18:03:44 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/03/29 18:03:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/03/29 18:03:44 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/03/29 18:03:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/03/29 18:03:44 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/03/29 18:03:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/03/29 18:03:43 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/03/29 18:03:43 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/03/29 18:03:43 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/03/29 18:03:43 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/29 18:03:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/03/29 18:03:42 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/29 18:03:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/03/29 18:03:42 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/03/29 18:03:42 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/03/29 18:03:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/03/29 18:03:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/03/29 18:03:42 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/03/29 18:03:41 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/03/29 18:03:41 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/03/29 18:03:41 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/03/29 18:03:41 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/03/29 18:03:41 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/03/29 18:03:41 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/03/29 18:03:41 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/29 18:03:41 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/03/29 18:03:41 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/03/29 18:03:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/03/29 18:03:41 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/03/29 18:03:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/03/29 18:03:40 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/29 18:03:40 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/03/29 18:03:40 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/29 18:03:40 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/03/29 18:03:40 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/03/29 18:03:40 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/03/29 18:03:40 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/29 18:03:40 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/03/29 18:03:39 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/29 18:03:39 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/03/29 18:03:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/03/29 18:03:39 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/03/29 18:03:38 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/03/29 18:03:38 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/03/29 18:03:38 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/03/29 18:03:38 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/03/29 18:03:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/03/29 18:03:37 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/03/29 18:03:37 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/03/29 18:03:37 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/03/29 18:03:37 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/03/29 18:03:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/03/29 18:03:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/03/25 22:39:46 | 004,546,560 | ---- | C] (Google Inc.) -- C:\windows\SysWow64\GPhotos.scr
[2013/03/24 10:34:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/03/22 23:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/21 14:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/21 14:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/17 20:54:16 | 000,000,000 | ---D | C] -- C:\Users\Dani\Documents\TomTom
[2013/03/17 20:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2013/03/17 20:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2
[2013/03/17 20:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2013/03/15 21:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/14 12:22:24 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\7road
[2013/03/14 09:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/08/02 14:18:45 | 001,235,968 | ---- | C] (Sun Microsystems) -- C:\Users\Dani\AppData\Roaming\rundll32.exe
[2 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/11 16:33:34 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4272837320-2993236260-2669685721-1001UA.job
[2013/04/11 16:32:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dani\Desktop\OTL.exe
[2013/04/11 16:32:00 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/11 16:31:44 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/04/11 16:31:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/04/11 10:08:17 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/11 10:08:17 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/11 10:01:49 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/11 09:44:20 | 000,377,856 | ---- | M] () -- C:\Users\Dani\Desktop\mxysc2of.exe
[2013/04/11 09:39:41 | 000,000,000 | ---- | M] () -- C:\Users\Dani\defogger_reenable
[2013/04/11 09:34:33 | 000,473,871 | ---- | M] () -- C:\Users\Dani\Desktop\Kart 001.pdf
[2013/04/06 22:06:10 | 001,613,340 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/04/06 22:06:10 | 000,697,082 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/04/06 22:06:10 | 000,652,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/04/06 22:06:10 | 000,148,346 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/04/06 22:06:10 | 000,121,292 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/04/05 18:01:20 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/04/05 17:59:45 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4272837320-2993236260-2669685721-1001Core.job
[2013/04/03 16:38:19 | 000,001,063 | ---- | M] () -- C:\Users\Dani\Desktop\Tag&Rename.lnk
[2013/04/01 07:44:40 | 000,010,564 | ---- | M] () -- C:\Users\Dani\Documents\cc_20130401_074435.reg
[2013/03/29 18:03:47 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/29 18:03:47 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/03/29 18:03:47 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/03/29 18:03:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/29 18:03:46 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/03/29 18:03:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/03/29 18:03:46 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/03/29 18:03:46 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/03/29 18:03:46 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/03/29 18:03:46 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/29 18:03:45 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/03/29 18:03:44 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/03/29 18:03:44 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/29 18:03:44 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/03/29 18:03:44 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/03/29 18:03:44 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/03/29 18:03:44 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/03/29 18:03:44 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/03/29 18:03:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/03/29 18:03:44 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/03/29 18:03:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/03/29 18:03:43 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/03/29 18:03:43 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/03/29 18:03:43 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/03/29 18:03:43 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/29 18:03:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/03/29 18:03:42 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/29 18:03:42 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/03/29 18:03:42 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/03/29 18:03:42 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/03/29 18:03:42 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/03/29 18:03:42 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/03/29 18:03:42 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/03/29 18:03:42 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/03/29 18:03:41 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/03/29 18:03:41 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/03/29 18:03:41 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/03/29 18:03:41 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/03/29 18:03:41 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/03/29 18:03:41 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/03/29 18:03:41 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/29 18:03:41 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/03/29 18:03:41 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/03/29 18:03:41 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/03/29 18:03:41 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/03/29 18:03:41 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/03/29 18:03:41 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/03/29 18:03:40 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/29 18:03:40 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/03/29 18:03:40 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/29 18:03:40 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/03/29 18:03:40 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/03/29 18:03:40 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/03/29 18:03:40 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/29 18:03:40 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/03/29 18:03:39 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/29 18:03:39 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/03/29 18:03:39 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/03/29 18:03:39 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/03/29 18:03:38 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/03/29 18:03:38 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/03/29 18:03:38 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/03/29 18:03:38 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/03/29 18:03:38 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/03/29 18:03:37 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/03/29 18:03:37 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/03/29 18:03:37 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/03/29 18:03:37 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/03/29 18:03:37 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/03/29 18:03:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/03/25 22:39:46 | 004,546,560 | ---- | M] (Google Inc.) -- C:\windows\SysWow64\GPhotos.scr
[2013/03/22 23:59:19 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/17 21:07:50 | 000,000,644 | ---- | M] () -- C:\Users\Dani\AppData\Roaming\wklnhst.dat
[2013/03/13 13:27:47 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/13 07:10:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/03/13 07:10:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/11 09:44:19 | 000,377,856 | ---- | C] () -- C:\Users\Dani\Desktop\mxysc2of.exe
[2013/04/11 09:39:41 | 000,000,000 | ---- | C] () -- C:\Users\Dani\defogger_reenable
[2013/04/11 09:34:31 | 000,473,871 | ---- | C] () -- C:\Users\Dani\Desktop\Kart 001.pdf
[2013/04/03 16:38:19 | 000,001,063 | ---- | C] () -- C:\Users\Dani\Desktop\Tag&Rename.lnk
[2013/04/01 07:44:38 | 000,010,564 | ---- | C] () -- C:\Users\Dani\Documents\cc_20130401_074435.reg
[2013/03/29 18:14:57 | 000,001,435 | ---- | C] () -- C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/03/29 18:03:42 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/03/29 18:03:41 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/03/22 23:59:19 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/06 10:22:34 | 000,000,843 | ---- | C] () -- C:\Users\Dani\.recently-used.xbel
[2012/12/11 09:20:07 | 000,281,120 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/12/11 09:19:38 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012/07/05 13:34:51 | 000,000,051 | ---- | C] () -- C:\ProgramData\gblvavogluykqnl
[2012/05/10 23:51:53 | 000,243,200 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2012/03/14 02:30:52 | 000,000,600 | ---- | C] () -- C:\Users\Dani\AppData\Local\PUTTY.RND
[2012/01/31 19:15:42 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2012/01/31 19:15:42 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012/01/31 19:15:42 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012/01/31 19:15:42 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2012/01/10 22:29:54 | 013,904,384 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/01/04 18:00:07 | 000,000,042 | ---- | C] () -- C:\windows\ABC_mru.ini
[2012/01/04 01:07:15 | 000,003,584 | ---- | C] () -- C:\Users\Dani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/07 11:42:18 | 000,000,275 | ---- | C] () -- C:\Users\Dani\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/12/05 20:53:36 | 000,338,432 | ---- | C] () -- C:\windows\SysWow64\sqlite36_engine.dll
[2011/09/28 08:56:28 | 000,039,553 | ---- | C] () -- C:\windows\SysWow64\.exe
[2011/09/28 08:19:58 | 000,000,193 | ---- | C] () -- C:\windows\mysqlaif.INI
[2011/09/28 08:19:19 | 000,073,216 | ---- | C] () -- C:\windows\cadkasdeinst01.exe
[2011/09/13 14:46:41 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2011/09/13 14:46:40 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011/09/13 14:46:39 | 000,074,752 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2011/09/08 12:43:04 | 000,000,047 | ---- | C] () -- C:\windows\NeroDigital.ini
[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2011/07/31 14:01:51 | 000,017,408 | ---- | C] () -- C:\Users\Dani\AppData\Local\WebpageIcons.db
[2011/07/28 00:08:51 | 000,000,644 | ---- | C] () -- C:\Users\Dani\AppData\Roaming\wklnhst.dat
[2011/07/26 13:09:30 | 001,591,234 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/07/17 08:49:23 | 000,000,000 | ---- | C] () -- C:\Users\Dani\AppData\Local\{12892823-F3E1-48B8-AF15-3211D178F1D9}
[2011/06/27 21:42:40 | 000,000,260 | ---- | C] () -- C:\Users\Dani\AppData\Roaming\Default.PLS
[2011/06/22 22:26:26 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/06/21 13:16:39 | 000,112,128 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2011/06/16 23:20:41 | 000,000,910 | ---- | C] () -- C:\windows\wiso.ini
[2011/06/13 23:05:44 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll
[2011/06/11 20:18:52 | 000,000,403 | ---- | C] () -- C:\windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
__________________

Alt 11.04.2013, 20:02   #4
LissmannMUC
 
MyDirtyHobby Mailvirus - Standard

MyDirtyHobby Mailvirus



3. die extra
Code:
ATTFilter
OTL Extras logfile created on: 4/11/2013 4:42:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dani\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.79 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 50.23% Memory free
7.59 Gb Paging File | 5.59 Gb Available in Paging File | 73.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 173.39 Gb Total Space | 111.41 Gb Free Space | 64.26% Space Free | Partition Type: NTFS
Drive D: | 115.60 Gb Total Space | 37.51 Gb Free Space | 32.45% Space Free | Partition Type: NTFS
 
Computer Name: MSI | User Name: Dani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = jsfile] -- Reg Error: Value error. File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = jsfile] -- Reg Error: Value error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.EHK7U42XYOTC4DWTDF7G3JMHSI] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BE37A7D-6040-45E1-9FDC-ED66DDA3F8B8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2130AA2B-CBC7-4981-90ED-71283B53D370}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{24056AF0-6575-4FB2-AB5B-6C0791715069}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{30686533-05EB-49B2-A496-2B5AC9C2A833}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3ED0422F-BC73-4C43-ABBC-5850AFD3DDE7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{47D50784-D16F-414A-B6E1-E9EFC7C4C281}" = lport=139 | protocol=6 | dir=in | app=system | 
"{503D6E02-8BDC-413A-B8B5-9FB1F538213B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{611E83AE-AF22-4AFE-B4D9-12DDC31387F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{758A122F-81F4-4A6B-9BEB-87A7B9C64EBD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{76C8A38F-4951-4BAF-B2ED-AD0F8328BB3C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{78BFDA73-49B4-4306-956F-A87F55DE9595}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8C28F3EB-4EB4-4B01-A0B8-9B4E19A1AFF9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{953530CD-AE2D-4411-9351-C40E49504994}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A323DF64-42F6-4F02-AC69-FB961FA115B7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A570CBAE-44B1-4FAE-9AE6-A7D4ADBC4DF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF05C3B6-E732-4A6A-95DF-1297764FB7C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D7F35580-23B3-4D05-A21E-33A3DA51F6B8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E220D537-1197-4EDB-874F-C7491372AC09}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E64DEC74-1220-4ED1-AC79-9EB9BE267052}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EF2FE0D6-676D-4ACC-9ACB-0F943224843F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F25A2BB8-D081-4F8E-B7CF-F3DED4C0E52C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F38A7345-F58D-463E-BB3B-D0FCA7EF6447}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F63F3452-517D-4CDC-80E0-9962CAC0FA10}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F83CC2CC-E8A5-4316-ADA6-31D4CD44B3B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FAE75461-FFD8-477A-ABC9-A009222E7862}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{151E3E0D-17F9-433F-B300-2B2D8D2D3910}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{193956E8-DDFF-4C3D-B570-322301DCD46B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F79F89F-19A9-4DBC-BC91-1C322AE15F1E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{22569AC7-D740-4B25-A36D-A64B6EA8B30D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{36B6B132-F045-4C37-9B36-A93125E332A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{52241314-822B-4334-B6C5-1C7ABFB6A2D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B05BC3C-82E2-4406-B024-6829B58819A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6433FBE0-50D1-4CE5-8298-73B1EB6B2020}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{6560E90B-588E-4012-B79C-37265EBCEEC4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6CA688A8-F879-4F82-A816-68B7F174183E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C0EF35F-6DFC-48D2-87B9-65474BE78BAC}" = protocol=6 | dir=out | app=system | 
"{7DC9BA0A-991F-4C0A-95CE-A99BD173E0E9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8369C7FB-4C3F-4654-A087-769035094BE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9ED87D2C-C7F3-48AA-9407-8845FB7DAE23}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A003C7B0-1121-4475-B541-DAC532A89FF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A46ADB82-89D2-4AC2-B66A-EF521003F72C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A8EE3B68-FE92-4299-ABA1-F9FA033EE377}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{ADE2B510-874A-4178-9227-0526D5ACF5BA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B40351B1-FF5E-4F2A-8F5E-D8A973A7761D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B7DCF764-7AE9-46DE-9A3B-8D700525FE82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B7F57B70-F87A-46AF-BD89-031C16D9CBF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E9B18313-113C-4C77-99B6-77A5AD509EAD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0F228EB-4C4B-45B2-BC44-8069D75BD41E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F1A8D5C2-D511-4E7A-9FD4-A229A4043C9D}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{F200A1ED-D7C4-435D-AF65-84AE4405BBB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5D319B9-7E9A-4308-AFD9-488EFF81A998}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{5D1A25E0-4ABE-4C30-93F5-AB12F5E7915F}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{7F977482-28EB-48CA-BAC4-A6FAC1B0B333}C:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\java.exe | 
"TCP Query User{853FA3E4-9FF6-4A52-9E97-802C19560FA2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{D6785521-F3D8-4D31-B192-EEBBCBA0667C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{E732FC5B-A31D-4BBB-B586-D8C69DC5F79A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{110DFFFE-C796-4B1D-9B6E-7618DB355AC1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{140D2B9E-1D3F-4902-805C-415E7B8A92B0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{19DA84A7-CBA5-443D-8252-4E843DEF5970}C:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\java.exe | 
"UDP Query User{6CADA606-EFA6-4463-B48F-F18D81383809}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{9E65072F-23AD-4BE5-A68E-C68AB1E0AF4C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FD80311-508F-42C3-A004-4CC8D08231F5}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7F973C87231D745EBF31E772CC38BB9B185D3819" = Windows Driver Package - ENE (EUCR) USB  (12/04/2009 5.89.0.64)
"AVG" = AVG 2013
"CCleaner" = CCleaner
"doPDF 7 printer_is1" = doPDF 7.3 printer
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.0.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C32F829-A1BD-4B4C-848D-B34A4CCDA70F}" = MAGIX Screenshare
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24762012-C6C8-4AAD-A02D-71A009FA1683}" = Adobe Flash Player 10 ActiveX
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{345A6A80-C745-457E-B8E8-81FC568E2B35}" = MAGIX Speed burnR (MSI)
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55532499-5676-4DAE-9A57-AEB907A0A1DD}" = QuickShare
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.0
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3324BBB-3A83-40CE-AA8C-759D849B7EA1}" = ArcSoft Print Creations
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A840FFFB-3A80-4C24-AB34-BE9F56BEB4CE}" = msi Software Install
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C960FB07-BBAA-4D26-BE81-D119A15A6E84}" = MAGIX Video deluxe MX Plus Download-Version
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 EasyLogin" = 1&1 EasyLogin
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ExpressZip" = Express Zip
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"FileZilla Client" = FileZilla Client 3.2.7.1
"FLV Player" = FLV Player 2.0 (build 25)
"Free FLV Converter_is1" = Free FLV Converter V 7.3.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.5.0
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus Download-Version
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySQL Admin-Interface 1" = MySQL Admin-Interface 1
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Tag&Rename_is1" = Tag&Rename 3.6.6
"Trusted Software Assistant_is1" = File Type Assistant
"UP_screensaver_dug" = UP_screensaver_dug
"VLC media player" = VLC media player 1.1.10
"WavePad" = WavePad Audiobearbeitungs-Software
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Xvid_is1" = Xvid MPEG-4 Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FLV Player" = FLV Player
"FoxTab FLV Player" = FoxTab FLV Player
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/20/2013 6:44:29 PM | Computer Name = MSI | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 3/20/2013 6:45:20 PM | Computer Name = MSI | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 3/22/2013 6:19:40 PM | Computer Name = MSI | Source = Avira AntiVir | ID = 4122
Description = 
 
Error - 3/22/2013 6:21:16 PM | Computer Name = MSI | Source = Avira AntiVir | ID = 4122
Description = 
 
Error - 3/23/2013 5:33:22 AM | Computer Name = MSI | Source = Avira AntiVir | ID = 4122
Description = 
 
Error - 3/23/2013 4:27:40 PM | Computer Name = MSI | Source = Avira AntiVir | ID = 4122
Description = 
 
Error - 3/24/2013 4:12:08 AM | Computer Name = MSI | Source = Avira AntiVir | ID = 4122
Description = 
 
Error - 3/24/2013 4:14:42 PM | Computer Name = MSI | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x45c  Startzeit der fehlerhaften Anwendung: 0x01ce286744f3004e
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 75cde6a9-94bf-11e2-87ae-406186bc2fd0
 
Error - 3/24/2013 5:02:55 PM | Computer Name = MSI | Source = Windows Backup | ID = 4104
Description = 
 
Error - 3/26/2013 4:49:26 PM | Computer Name = MSI | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x1280  Startzeit der fehlerhaften Anwendung: 0x01ce28cc4033c4d6
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: a5239aec-9656-11e2-87ae-406186bc2fd0
 
[ Media Center Events ]
Error - 12/30/2012 2:24:51 AM | Computer Name = MSI | Source = MCUpdate | ID = 0
Description = 07:24:50 - Fehler beim Herstellen der Internetverbindung.  07:24:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/30/2012 2:25:07 AM | Computer Name = MSI | Source = MCUpdate | ID = 0
Description = 07:24:56 - Fehler beim Herstellen der Internetverbindung.  07:24:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/30/2012 3:25:11 AM | Computer Name = MSI | Source = MCUpdate | ID = 0
Description = 08:25:11 - Fehler beim Herstellen der Internetverbindung.  08:25:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/30/2012 3:25:18 AM | Computer Name = MSI | Source = MCUpdate | ID = 0
Description = 08:25:16 - Fehler beim Herstellen der Internetverbindung.  08:25:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/30/2012 7:10:47 PM | Computer Name = MSI | Source = MCUpdate | ID = 0
Description = 00:10:47 - Fehler beim Herstellen der Internetverbindung.  00:10:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/30/2012 7:10:58 PM | Computer Name = MSI | Source = MCUpdate | ID = 0
Description = 00:10:52 - Fehler beim Herstellen der Internetverbindung.  00:10:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 6/23/2012 1:36:47 AM | Computer Name = MSI | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist von folgendem
 Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 7/5/2012 2:36:13 AM | Computer Name = MSI | Source = Microsoft-Windows-Kernel-Power | ID = 86
Description = Das System wurde aufgrund eines kritischen thermischen Ereignisses
 heruntergefahren.                Zeit für das Herunterfahren = 2012-07-05T06:36:13.688010800Z

              ACPI-Thermozone = ACPI\ThermalZone\THRM                _CRT = 373K
 
Error - 7/5/2012 6:42:52 AM | Computer Name = MSI | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 7/5/2012 6:42:52 AM | Computer Name = MSI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 7/5/2012 8:14:06 AM | Computer Name = MSI | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 7/5/2012 8:14:07 AM | Computer Name = MSI | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 7/5/2012 8:14:08 AM | Computer Name = MSI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 7/5/2012 8:14:28 AM | Computer Name = MSI | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%-536753636.
 
Error - 7/5/2012 8:16:16 AM | Computer Name = MSI | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 7/11/2012 7:21:28 PM | Computer Name = MSI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
 
< End of report >
         
Danke schon mal für die Hilfe!!!!!!!!!!!!!!!!!

Alt 12.04.2013, 13:12   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MyDirtyHobby Mailvirus - Standard

MyDirtyHobby Mailvirus



Die Logs wollte ich noch nit sehen, ich fragte nach Logs von deinem Virenscanner sofern er denn mal Funde hatte

Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
Erklärung bitte dafür?
Wie aktiviert man Adobe-Software wenn du den Aktivierungsserver über die Hosts-Datei sperrst?

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu MyDirtyHobby Mailvirus
antworten, ausgeführt, freue, hallo zusammen, hilfen, log, mail, mailvirus, ntdll.dll, schritte, seite, smartbar, stehe, thread, virus, wahnsinnig, wahrscheinlich, worte, zusammen



Ähnliche Themen: MyDirtyHobby Mailvirus


  1. mydirtyhobby rechnung zip datei
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (14)
  2. MyDirtyHobby.de Spam: Abrechnung Mydirtyhobby.de GmbH
    Diskussionsforum - 07.05.2013 (64)
  3. MyDirtyHobby Rechnung Zip-Datei geöffnet
    Plagegeister aller Art und deren Bekämpfung - 28.04.2013 (12)
  4. Mydirtyhobby.de Trojaner TR Fujjoor.B im Anhang
    Log-Analyse und Auswertung - 25.04.2013 (3)
  5. mydirtyhobby.com Rechnung
    Log-Analyse und Auswertung - 19.04.2013 (15)
  6. virus mydirtyhobby wie auf meinem laptop entfernen?
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (3)
  7. MyDirtyHobby.deLtd
    Log-Analyse und Auswertung - 19.04.2013 (3)
  8. Mail MyDirtyHobby.de
    Log-Analyse und Auswertung - 19.04.2013 (3)
  9. Rechnung von mydirtyhobby
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (2)
  10. MyDirtyHobby - Frage
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (4)
  11. Trojaner.: MyDirtyHobby.de Spam: Abrechnung Mydirtyhobby.de GmbH
    Plagegeister aller Art und deren Bekämpfung - 15.04.2013 (6)
  12. 2x | Mydirtyhobby Trojaner TRFukjoor.B im Mailanhang
    Mülltonne - 15.04.2013 (1)
  13. MyDirtyHobby.de Rechnung.zip geöffnet
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (15)
  14. MyDirtyHobby - Mahnung
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (14)
  15. Mydirtyhobby.de Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (13)
  16. mydirtyhobby.de
    Alles rund um Windows - 12.04.2013 (2)
  17. Mydirtyhobby.de...?
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (1)

Zum Thema MyDirtyHobby Mailvirus - Hallo zusammen, habe auch (wie wahrscheinlich so viele) eine MyDirtyHobby Mail mit Virus bekommen und dummerweise geöffnet. habe schon im passenden Thread nachgelesen und die Schritte 1 & 2 ausgeführt! - MyDirtyHobby Mailvirus...
Archiv
Du betrachtest: MyDirtyHobby Mailvirus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.